[Standards-JIG] JEP-50 AdHocCommands - Couple of doubts
stpeter at jabber.org
Mon Nov 7 23:52:11 UTC 2005
Gaston Dombiak wrote:
> Hey all,
> After reading JEP 50 I have a couple of questions that I think that JEP is
> not describing.
> 1. Which features should be included in disco#info result when disco was
> sent to node 'http://jabber.org/protocol/commands'?
At a minimum, only 'http://jabber.org/protocol/commands', no?
> 2. Should feature 'jabber:x:data' be always included even for commands that
> don't require data form usage (i.e. do not have multiple stages)?
Probably not. But I don't think it would be a problem to include that if
it is easier to implement.
> 3. I think that disco#items should not include items (i.e. commands) that
> the requested will not be able to invoke. Is this the expected behavior?
Yes, that seems right.
> 4. When a command is not available for a requester the disco#info should
> return a 403 "Forbidden" error. If we are not including the command in the
> disco#items result then shouldn't we return a 404 "Item not found" instead
> of a Forbidden? Forbidden is giving the hint that the command does exist.
What is the threat model? Either way, the requester cannot execute the
command. Can the requester launch some sort of dictionary attack if it
can differentiate between forbidden and not found?
> 5. Is it mandatory (i.e MUST) to include the specific error condition next
> to the general error condition?
Could you provide an example?
> 6. <actions> element has a "type" attribute as required in the XML schema
> but the examples use an attribute named "execute". Which one is the correct?
The 'execute' attribute is correct -- I'll fix the schema.
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards