[Standards] XEP-0258 and XEP-0060

Ashley Ward ashley.ward at surevine.com
Thu Nov 17 19:55:09 UTC 2011


On 17/11/2011 18:53, "Ralph Meijer" <ralphm at ik.nu> wrote:

>On Thu, 2011-11-17 at 10:38 +0000, Ashley Ward wrote:
>> I am currently looking into the possibility of extending the use of
>> security labels to pub sub, and was wondering if anyone else has any
>> thoughts on this, or whether anyone has already started looking at
>> this.
>
>In general, I think this would be mostly identical to the Multi-User
>Chat use case in section 5.2.

That's pretty much exactly what I was thinking!

>
>> I have only just started looking at this, but have identified a couple
>> of features:
>>       * The ability to assign a security label to a pub sub <item>
>>         element when publishing
>
>A service sending out notifications that are accompanied by security
>labels is pretty straightforward: they are simply messages, so you can
>put the <securitylabel/> element as a sibling of the <event/> element,
>just like normal chat messages or group-chat messages.
>
>Sending this along with the publish request is somewhat more involved.
>Publish requests are <iq/> stanzas, which can have only one child
>element. So, I think you would need to put the <securitylabel/> somewhat
>lower in the element tree. For example, as a subelement of the
><publish/> element.

Yeah. I think it would make most sense for the label to be contained
within the <item> element, and I believe XEP-0060 already allows the
<item> element to contain a sequence of any xml elements, so implementing
this in XEP-0258 shouldn't require any change to XEP-0060.

So the structure I'm thinking of would be something like:

<iq>
  <pubsub>
    <publish>
      <item>
        <entry>
          Š
        </entry>
        <securitylabel>
          Š
        </securitylabel>
      </item>
    </publish>
  </pubsub>
</iq>

This would also allow multiple items published at the same time to have
different security labels.

>
>In any case, you would need cooperation of the publish-subscribe service
>to have it send that along with the notification, and trust that service
>to do the right thing on behalf of the publisher and the node's
>configuration. I.e. discover the clearance levels of subscribers and
>only send stuff to subscribers that have proper clearance.

That would be up to the server implementation to enforce the security
clearances over and above the basic message labels, much the same as it
already has to for room labels.

>
>> The ability for a node owner to set a default security label for a
>> node
>
>This would probably be very similar to the examples of MUC room
>configuration.

Exactly the same I think - both muc rooms and pub sub nodes are configured
with the forms, so it's really up to the server implementation to decide
how they are configured, how it handles default labels, allowable labels,
etc (just the same as it is with muc config).

There would also be some corner cases to think about, especially around
discovery of nodes - e.g. should a user who isn't entitled to access a
node know that it exists, and if not then what happens if they try to
create a node with a conflicting id (as an error reveals information about
the node's existence). Perhaps this sort of detail should be up to the
server implementation?

--

Ash





More information about the Standards mailing list