[Standards-JIG] proto-JEP: Roster Item Exchange
thoutbeckers at splendo.com
Thu Sep 16 21:44:47 UTC 2004
On Thu, 16 Sep 2004 12:59:58 -0500 (CDT), JEP Editor <editor at jabber.org>
> The JEP Editor has received a proposal for a new JEP.
> Title: Roster Item Exchange
> Abstract: This JEP defines a protocol for exchanging roster items,
> including the ability to suggest whether the item is to be added,
> deleted, or modified.
> URL: http://www.jabber.org/jeps/inbox/xroster.html
> In accordance with JEP-0001, the Jabber Council will decide within 7
> days whether to accept this proposal as an official JEP.
Okay, let's look at this a bit mostly from the roster-subsync prespecrive
Roster-subsync requires one can do more "actions", namely the different
subscription states ("both, none, to, from") and removal ("remove"). These
also happen to be all the different values allowed for the "subscription"
property in <item/>. However the JEP for some reason wishes to stay clear
of.. well.. at least part of subscriptions.
Still if you just use that, you can also drop "action" property, which is
near next to useless anyway. How is a sending entity supposed to know who
is or is not in my roster, thus how does it know wether to suggest "add"
or "modify"? What should a client do when it's gets a "modify" request for
a deleted item?
When it comes to security, in roster-subsync the sending enity can only
manipulate it's *own* data. In xroster any item in your roster can be
manipulated. I understand that this is because rosterx must has more
use-cases than roster-subsync (particullary Shared Groups), still this
should not be overlooked. I think in security considerations the concept
of granting trust only for a certain domain should be introduced as a
As for the "per" group trust. What does this mean? Can you delete anyone
in that group from the roster? Or just throw them out of that group? For
example what happens if I have a contact that wasn't in any group before,
then gets "suggested" to be added or modfified to a group (for which I
give the entity permisson to modify that group), and then removed?
More information about the Standards