[Standards] XEP-0321 (Remote Roster Management): we need something with less restrictions

Matthew Wild mwild1 at gmail.com
Wed Nov 13 18:35:45 UTC 2013

On 13 November 2013 18:12, Goffi <goffi at goffi.org> wrote:
> So, is it possible to remove these restrictions from the XEP ? Or at least
> to have an unsecure mode, and a secure mode with full access to roster ?

This is related to something we discussed at the summit recently -
privileged components.

I have half an implementation already, which allows components to
handle stanzas to the user's bare JID that the server would otherwise
handle (or reject). For example it's possible to handle standard vcard
queries in a component now.

The point I got to was figuring out how the component should reply,
since the stanza needs to look like it came from the user.

I'll also note here that Prosody at least already supports components
faking JIDs (ejabberd does too) when enabled by the admin. Prosody is
probably also happy with such components requesting the user's roster,
as well as other tasks. However this is definitely *not* in any
standard. I'd like to standardise this (in some form), and it seems
there are a number of people interested in it too.

So we need to solve:

  - Sending stanzas from the user
  - Sending stanzas to the user's account, and getting replies

Someone put together a protoXEP :) (I already have enough XEP work on
my plate for the moment)


More information about the Standards mailing list