[Standards] RFC 3921bis Managing Presence Subscriptions based on full JIDs serious issue
stpeter at stpeter.im
Wed Feb 6 23:45:45 UTC 2008
Tomasz Sterna wrote:
> Dnia 2008-02-01, Pt o godzinie 00:17 +0100, Tomasz Sterna pisze:
>> I found e serious issue with FC 3921bis Managing Presence Subscriptions.
> Shall I take no answers to my post as:
> - nobody is really interested in the issue ?
> - I already am on all list members KILLFILEs ?
- people are really really really busy? ;-)
>> I think we need to resolve this before RFC 3921bis goes "live".
>> Let's disallow full JID based subscriptions or fully document it.
>> Either way is OK with me, but the current, unclear situation is a no
> Actually, I take it back...
> I do care what we do and it's not the first option.
The recommendation to allow only bare JID subscriptions currently is
there for clients. There is no recommendation that the server must
disallow full JID subscriptions, check the 'to' address, etc.
> I do run some services on server resources.
> For example, a public server based (not bot or component), web presence
> tracker and indicator on: 'chrome.pl/webstatus'
> You need to add 'chrome.pl/webstatus' to send your presence updates, to
> the service and you may then use http://www.chrome.pl/status/JID url to
> show your presence status on the web.
> I also add 'chrome.pl/echo' to all my users rosters on user creation.
> It resembles them the Skype echo service contact, and they all love it -
> they have a way of testing theirs newly created jabber account right
> away, without searching for real people.
Yes we used to run a service like that on jabber.org. :)
> So I actually need full JID based subscriptions.
The problem is that we can't tell what an entity is just by looking at
its JID. Just because a JID is node at host/resource does not mean it is a
full JID (i.e., a connected resource of a registered account). Just
because a JID is node at host does not mean it is a bare JID (i.e., a
registered account). This is why we have service discovery. :)
So in general I think it makes sense to counsel client developers that
adding full JIDs is a bad idea, but you can't assume that a JID of the
form node at host/resource or host/resource is a full JID.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards