[Standards] publish+configure again

Ralph Meijer jabber.org at ralphm.ik.nu
Fri Mar 30 11:23:27 UTC 2007


On Fri, 2007-03-30 at 13:06 +0200, Maciek Niedzielski wrote:
> Time to write something in this thread, I guess.
> 
> I don't want to be against PEP automagic features, but sometimes too
> much magic can hurt.
> 
> People who want publish+configure say that this protects from publishing
> private information to too big audience. But it doesn't really help! As
> Ralph said some time ago, configuration is done per node, not per item.
> So it's pretty naive to think that that publish+configure can make the
> item 100% safe. You can switch node to whitelist mode and publish your
> secret item, but a moment later node can be switched to
> open/presence/etc and your secret information will leak. Why would
> another client change this? Because - for example - it may want to
> ensure on start up that node's configuration is the same as last time.

I was just going to bring this up again. 

For the use case "Private Storage" you typically want to store the items
published persistently (hence "storage"), not just the last one, as
things like bookmarks would come in multiple items.

For the use case that Pedro mentioned elsewhere in this thread, where he
wants to have different audiences depending on what resource published,
it seems to me that this requires item based access control, too.

Fine grained access control seems very much out of scope for a
specification that aims to provide a simple protocol for publishing
stuff tied to your identity.

-- 
Groetjes,

ralphm




More information about the Standards mailing list