[Standards] XEP-0321 (Remote Roster Management): we need something with less restrictions
goffi at goffi.org
Wed Nov 13 18:12:59 UTC 2013
To implement experimental features (
http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub ) for
my XMPP client ( http://sat.goffi.org ), I have started my own pubsub
server as an external composant, based on Ralph Meijer's Idavoll (
http://repos.goffi.org/sat_pubsub/ and http://idavoll.ik.nu/ ).
My serveur need to access the full roster of a entity to implement
XEP-0060's roster access, that's why I have asked to import the remote
roster management XEP, which was unofficial and has now the number
But I have two issues with this XEP:
- the remote entity ask the permission to the user to manage its
roster, which is annoying
- the roster given by the server is restricted to it's own hostname (§
4.2 "The server MUST then answer with User's roster including there only
the items that belongs to the entity's hostname"), which make this XEP
useless in my case, I need the full roster.
I understand these restrictions for an external entity which is
independant from the server.
But, if we have a component which is tightly linked with the server
(with a password, according to XEP-0114), and so it's well known by the
server administrator, I thinks these restrictions are useless. In the
other hand, having the ability for a trusted component to access the
full roster would bring the possibility to have powerfull external
components, independant of server: for example my pubsub component would
work with all servers, making it easier to switch server, or to try
experimental implementation in our favorite language.
So, is it possible to remove these restrictions from the XEP ? Or at
least to have an unsecure mode, and a secure mode with full access to
More information about the Standards