[Standards-JIG] JEP-163 (SPPS) comments
kevin at kismith.co.uk
Sun Jan 29 19:10:55 UTC 2006
On 28 Jan 2006, at 05:33, Joe Hildebrand wrote:
> Section 5.2,
> <blockquote />
> For all three of these, I think the "MUST allow" should be "SHOULD
> allow", to account for other potential access controls that the
> server may know. One example might be ethical boundaries enforced
> by a policy engine.
Can you give an example? I'm keen on spps staying as simple and well
defined as possible and only allowing doubt where absolutely necessary.
> Can a user subscribe to his/her own information? (assume yes, but
> it's not automatic like rosters)
One should be able to I would think.
> Is there a way to get notified of new nodes, perhaps by calling the
> bare jid a collection node, and subscribing with subscription type
Why is this interesting? Entity caps could be used to signal new
features I think, meaning the creation of nodes shouldn't need to be
> As for security considerations, the attack modes seem to be based
> on from address spoofing, which we've got handled. It might be
> worth pointing out that ACL's SHOULD be recalculated whenever an
> applicable roster item is modified, to ensure coherency.
I'm not sure what you mean, is this the same as saying ACLs must be
verified for every push? If so, I agree.
> Other than these minor, the more I think about this, the more I
> like it. It radically simplifies some of the pub/sub apps I've
I like it :)
Psi Jabber client maintainer (http://psi-im.org/)
Postgraduate Research Student, Computer Science, University Of Exeter
More information about the Standards