[Standards-JIG] pubsub access models

Peter Saint-Andre stpeter at jabber.org
Thu Dec 29 00:05:40 UTC 2005


I am in the middle of re-factoring JEP-0060 in order to address feedback 
received over the last 9+ months. This is a major overhaul, and I expect 
that much discussion will be necessary to hammer out some of the 
details. More on that soon.

Right now I'm defining the access models. Currently we have three access 
models, specified via the pubsub#subscription_model configuration option 
(in order of openness):

1. "open" -- anyone may subscribe to the node (no approval by owner 
required)

2. "authorize" -- all node subscriptions must be approved by the node owner

3. "whitelist" -- no node subscriptions allowed, you can be added to the 
subscriber list only if the node owner explicitly adds you

In order to address the needs of simplified personal publish-subscribe 
(SPPS), we are talking about expanding the list to be (in order of 
openness):

1. "open" -- anyone may subscribe to the node (no approval by owner 
required)

2. "presence" -- anyone with a presence subscription of "both" or "from" 
may subscribe to the node (no approval by owner required)

3. "roster" -- anyone in the specified roster group(s) may subscribe to 
the node (no approval by owner required)

4. "authorize" -- all node subscriptions must be approved by the node owner

5. "whitelist" -- no node subscriptions allowed, you can be added to the 
subscriber list only if the node owner explicitly adds you

We are also talking about expanding the concept to be not the 
subscription model but the access model, since we will use the same 
model to determine whether a user is allowed to retrieve items from the 
node. So:

1. "open" -- anyone may subscribe to the node (no approval by owner 
required) and anyone may retrieve items from the node

2. "presence" -- anyone with a presence subscription of "both" or "from" 
may subscribe to the node (no approval by owner required) and retrieve 
items from the node (even without being subscribed)

3. "roster" -- anyone in the specified roster group(s) may subscribe to 
the node (no approval by owner required) and retrieve items from the 
node (even without being subscribed)

4. "authorize" -- all node subscriptions must be approved by the node 
owner and only subscribed entities may retrieve items from the node

5. "whitelist" -- no node subscriptions allowed, you can be added to the 
subscriber list only if the node owner explicitly adds you and only 
subscribed entities may retrieve items from the node

Does that seem right?

Also, which access model should be the default? Right now in my 
provisional text I have "open" as the default. That seems consistent 
with JEP-0060 as it stands today.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20051228/fe822ded/attachment.bin>


More information about the Standards mailing list