[Standards] [IOT] Blocking messages from unsubscribed users

Steffen Larsen zooldk at gmail.com
Tue Oct 13 06:59:42 UTC 2015

Hi Joachim,

Yes I see potential threats in the IoT environments if no filters can be applied such as privacy lists or others. 
But for normal chat client this is also quite nice to avoid simple “spam” (although they mostly have to guess the user and resource). But sending to bare JID can also do annoying things if it sends to all the users resources or what ever the server implementation does.

The implementation and deployment I have done is typically that only subscribers and users them selves (resources) can “write” each other. And that admin can write to all users.
I have used privacy lists and it works great for me - I am not using a UI for reflecting that - but setting this up initially.

So for me it is quite static and one-off. 


> On 13 Oct 2015, at 08:10, Joachim Lindborg <joachim.lindborg at sust.se> wrote:
> In the case of IoT i use it a lot devices only look at subscription requests from unsubscribe do users. And I also have component that takes care of devices blocking all messages from non subscribed 
> Don't know if I need a xep for it or if its implementation specific for IoT 
> I would like to be able to turn it on as default for myself receiving only subscription requests just as I have setup Skype
> måndag 12 oktober 2015 skrev Steffen Larsen <zooldk at gmail.com <mailto:zooldk at gmail.com>>:
> Hi Matthew,
> Good call. The scenario I have used blocked commands was in a setup where I actually needed configuration instead (setup once).
> So for me and the scenarios I have, the ad-hoc command config would be great!.
> The only problem I see, is that every server would vary a lot.. and have different policies.
> /Steffen
> > On 12 Oct 2015, at 23:28, Matthew Wild <mwild1 at gmail.com <javascript:;>> wrote:
> >
> > It seems a few people are requesting this. I'd like to understand the use-cases.
> >
> > For example, if this is something you want to be the default
> > behaviour, isn't it better as a deployment configuration? No protocol
> > needed.
> >
> > A per-user configuration would also be possible using ad-hoc commands.
> > Again, no extra XEPs needed.
> >
> > Just throwing things out there, I'd like to understand exactly what people want.
> >
> > Regards,
> > Matthew
> -- 
> Regards
> Joachim Lindborg
> CTO, systems architect
> Sustainable Innovation  SUST.se <http://sust.se/>
> Barnhusgatan 3 111 23 Stockholm
> Email: Joachim.lindborg at sust.se <mailto:Joachim.lindborg at sust.se>
> linkedin: http://www.linkedin.com/in/joachimlindborg <http://www.linkedin.com/in/joachimlindborg>
> Tel +46 706-442270
> _______________________________________________
> IOT mailing list
> IOT at xmpp.org
> http://mail.jabber.org/mailman/listinfo/iot

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20151013/2188a74e/attachment.html>

More information about the Standards mailing list