[Standards] publish+configure again

Mridul mridul at sun.com
Fri Mar 30 18:21:10 UTC 2007


Hi,

   userA at domain/res1 published item1 on node1 and configured as private 
(explict need).
   userA at domain/res2 published item2 on node1 and configured as public 
(does not care, but using pub_conf anyway since that is the 'common code').
item1 & item2 are visible - I think we are going to have leaks more 
often with pub+con and not without it : more unintelligent overwriting 
of config's is going to happen.

Regards,
Mridul

Pedro Melo wrote:
> Hi,
> 
> On Mar 30, 2007, at 12:06 PM, Maciek Niedzielski wrote:
> 
>> People who want publish+configure say that this protects from publishing
>> private information to too big audience. But it doesn't really help! As
> 
> Of course it does. with p+c I have the assurance that the item being 
> published will be broadcasted with the settings that I'm sending in the 
> same payload.
> 
> What happens after that I don't really care, because the next time I 
> need to publish, the configuration will be sent again.
> 
> If PEP implementors feel that this "reconfiguring" is to much work or 
> heavy on the server side, then what about if we just say that 
> configurations sent with p+c are transient and only apply to that item ? 
> would it make it better?
> 
>> Ralph said some time ago, configuration is done per node, not per item.
> 
> Yes, and p+c changes that.
> 
>> So it's pretty naive to think that that publish+configure can make the
>> item 100% safe. You can switch node to whitelist mode and publish your
>> secret item, but a moment later node can be switched to
> 
> Doesn't matter: I'm concerned is that my item gets broadcasted to the 
> proper people, not that the node stays properly configured, given that I 
> never trust the node configuration.
> 
>> open/presence/etc and your secret information will leak. Why would
>> another client change this? Because - for example - it may want to
>> ensure on start up that node's configuration is the same as last time.
> 
> this is not about start up configuration. it's about clients not 
> trusting the current configuration at the moment of publishing.
> 
>>                                " BTW: We could use PEP for this ;) "
> 
> Love the sig :)
> 
> Best regards,
> --Pedro Melo
> Blog: http://www.simplicidade.org/notes/
> Jabber ID: melo at simplicidade.org
> Use Jabber!
> 
> 




More information about the Standards mailing list