[Standards-JIG] JEP-163 (SPPS) comments

Kevin Smith kevin at kismith.co.uk
Sun Jan 29 19:10:55 UTC 2006


On 28 Jan 2006, at 05:33, Joe Hildebrand wrote:
> Section 5.2,
> <blockquote />
>
> For all three of these, I think the "MUST allow" should be "SHOULD  
> allow", to account for other potential access controls that the  
> server may know.  One example might be ethical boundaries enforced  
> by a policy engine.
Can you give an example? I'm keen on spps staying as simple and well  
defined as possible and only allowing doubt where absolutely necessary.

> Can a user subscribe to his/her own information?  (assume yes, but  
> it's not automatic like rosters)
One should be able to I would think.

> Is there a way to get notified of new nodes, perhaps by calling the  
> bare jid a collection node, and subscribing with subscription type  
> nodes?
Why is this interesting? Entity caps could be used to signal new  
features I think, meaning the creation of nodes shouldn't need to be  
signalled.

> As for security considerations, the attack modes seem to be based  
> on from address spoofing, which we've got handled.  It might be  
> worth pointing out that ACL's SHOULD be recalculated whenever an  
> applicable roster item is modified, to ensure coherency.
I'm not sure what you mean, is this the same as saying ACLs must be  
verified for every push? If so, I agree.

> Other than these minor, the more I think about this, the more I  
> like it.  It radically simplifies some of the pub/sub apps I've  
> written.
I like it :)

/K

-- 
Kevin Smith
Psi Jabber client maintainer (http://psi-im.org/)
Postgraduate Research Student, Computer Science, University Of Exeter





More information about the Standards mailing list