[Standards] pubsub whitelists

Peter Saint-Andre stpeter at stpeter.im
Wed Aug 22 23:32:35 UTC 2007

Peter Saint-Andre wrote:
> Peter Millard originally thought of a pubsub whitelist as the list of
> entities that are subscribed to a node. However, as Joe Hildebrand and
> Matt Yacobucci just pointed out to me, that introduces a security hole
> quite similar to <presence type='subscribed'/> -- that is, the node
> owner can now add you to the subscriber list without your permission
> (introducing all sorts of wonderful spam possibilities). Joe and Matt
> pointed out that the whitelist is more properly a list of entities that
> are allowed to subscribe (or retrieve items) if they want to, not as the
> list of subscribers. This could be managed via node configuration (e.g.,
> a "pubsub#whitelist" node configuration option of type jid-multi). It
> seems important to fix this before we publish version 1.10 of XEP-0060
> so I will work on that here soon.

Looking at this further, I conclude that we need a new affiliation to
handle this properly. I mean, we could do this via node configuration,
but that is functionally equivalent to an affiliation. It is similar to
the "member" affiliation in MUC, in that the JID is a "member of the
club" of entities that can subscribe (like joining a room) or retrieve
items (like getting room history). So I think we can call the pubsub
affiliation "member" too.

It's not clear to me how existing pubsub implementations can be handling
the whitelist access model, since it is so underspecified in the spec
right now. But I will work to clean this up in the next few days.


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070822/9b48c360/attachment.bin>

More information about the Standards mailing list