[Standards] Password protected rooms

Dave Cridland dave at cridland.net
Thu Feb 12 11:11:32 UTC 2009

On Wed Feb 11 15:08:41 2009, Matthew Wild wrote:
> On Wed, Feb 11, 2009 at 3:01 PM, Jonathan Schleifer
> <js-xmpp-standards at webkeks.org> wrote:
> > Just a reason NOT to require a PW for the owner: Some admin might  
> have
> > changed it and now the owner can't join the room anymore or  
> change it back.
> >
> That same admin could simply remove the owner from the owner list  
> and be done :)
Actually, as far as I can tell, nothing mandates that an owner cannot  
change the password without joining the room, since room  
configuration doesn't require you to have joined the room either.  
Since changing the password therefore doesn't require the old  
password, I wonder if the requirement to have the password makes much  
sense, on reflection.

> This single issue aside however, I do think that the total lack of  
> any
> way to track which services a JID is affiliated with is scary. This
> affects transports/gateways, MUCs, etc. Are roster subscriptions  
> even
> cancelled on account removal?
Well, they should be, assuming the server is aware of the removal -  
however, the server might well not be - if a user is simply removed  
from, say, the LDAP directory it's using, there's no way a server is  
likely to know.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Standards mailing list