[Standards] XEP-0321 (Remote Roster Management): we need something with less restrictions

Goffi goffi at goffi.org
Wed Nov 13 18:12:59 UTC 2013


G'day,

To implement experimental features ( 
http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub ) for 
my XMPP client ( http://sat.goffi.org ), I have started my own pubsub 
server as an external composant, based on Ralph Meijer's Idavoll ( 
http://repos.goffi.org/sat_pubsub/ and http://idavoll.ik.nu/ ).

My serveur need to access the full roster of a entity to implement 
XEP-0060's roster access, that's why I have asked to import the remote 
roster management XEP, which was unofficial and has now the number 
XEP-0321.

But I have two issues with this XEP:

- the remote entity ask the permission to the user to manage its 
roster, which is annoying

- the roster given by the server is restricted to it's own hostname (§ 
4.2 "The server MUST then answer with User's roster including there only 
the items that belongs to the entity's hostname"), which make this XEP 
useless in my case, I need the full roster.

I understand these restrictions for an external entity which is 
independant from the server.
But, if we have a component which is tightly linked with the server 
(with a password, according to XEP-0114), and so it's well known by the 
server administrator, I thinks these restrictions are useless. In the 
other hand, having the ability for a trusted component to access the 
full roster would bring the possibility to have powerfull external 
components, independant of server: for example my pubsub component would 
work with all servers, making it easier to switch server, or to try 
experimental implementation in our favorite language.

So, is it possible to remove these restrictions from the XEP ? Or at 
least to have an unsecure mode, and a secure mode with full access to 
roster ?

Cheers
Goffi




More information about the Standards mailing list