[Standards] Meta-Contacts: implementation notes
melo at simplicidade.org
Thu Apr 3 12:06:26 UTC 2008
On Apr 3, 2008, at 12:32 PM, Remko Tronçon wrote:
>> If I give too much relevance to the user nickname or other
>> information in
>> control of the contact, then I think we are opening up a lot of
>> avenues of
>> attack. Just showing the avatar is problem enough.
> I agree, automatic naming of contacts is quite dangerous. Still, users
> ask us for that feature quite regularly. I wonder what we could do for
> them. Maybe some semi-automatic way of updating the nickname where the
> user has to explicitly request a nickname update could work, although
> I'm not sure if it's worth the extra menu item (if you can see the
> nickname in 'more info', you could ).
What about a "suggested" name feature?
I'm not against the idea of suggesting a name for a new contact,
based on contact information (like nickname, vcard, or user-profile).
I'm just saying that we should at least mention to client developers
the risk of too much trust on remote information, regarding spoofing
> But anyway, that's a separate issue. If we agree that it's bad
> practice to hide the real roster name from the user, I guess
> meta-contacts based on roster name is an easy enough solution.
Whatever the users chooses to the name of the roster item, be it
something that he typed himself, or something suggested based on the
contact information, I think the meta-contact xep should use the
local roster item name attribute.
One further point about the current meta-contacts XEP: the amount of
data flowing back and forth when we change a meta-contact becomes
very large fast. If we keep on this route, and with PEP, it might be
worth to have a different node per meta-contact.
XMPP ID: melo at simplicidade.org
More information about the Standards