[Standards] XEP-0267: Server Rosters

Peter Saint-Andre stpeter at stpeter.im
Sat Aug 1 02:23:59 UTC 2009

Hash: SHA1

On 7/18/09 10:29 AM, Matthew Wild wrote:
> On Sat, Jul 18, 2009 at 3:10 PM, Tomasz Sterna<tomek at xiaoka.com> wrote:
>> Could authors of XEP-0267: Server Rosters explain what is the rationale
>> of the MUST:
>> "Upon receiving such a presence subscription request, the XMPP server
>> software running at the peer MUST prompt the server administrator(s) to
>> approve the request, rather than automatically approving it."
>> jabberd2 server implements "server presences" for more than a year now
>> and automatically approves subscribes and answers probes to anyone
>> interested.

Perhaps this is more a matter of local service policy than something
that needs to be mandated in the spec.

>> I see no reason for the administrator approval of these presences.
>> Nor did I have any complaint from jabberd2 users (server administrators)
>> that their server exposes the server presence to anyone.
> I agree. However the XEPs that may be based on XEP-0257 give more
> meaning to someone being on your roster than just sharing presence
> with them. I don't know whether this is a particularly good thing, as
> we are overloading something which does already have an established
> meaning.

The jabberd2 idea is more like directed presence, I think.

In XEP-0268 (Incident Reporting) we were trying to use the idea of a
"server roster" as a way of bootstrapping trust (i.e., define the list
of peers from which a server would process indident reports). However,
just as in normal rosters+presence for users, here also the roster might
be conceptually separate from presence sharing.

>> What is the meaning of denying this subscription?
>> Interested party knows anyway whether the server is "online" just
>> because it is processing XMPP packets.
> As above, I think the acception of the request is more the admin
> acknowledging the requester as a trusted entity than simply choosing
> to share presence with them.

That was the idea, yes.


- --
Peter Saint-Andre

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Standards mailing list