[Standards] XEP-0060: Pubsub - Questions and proposals
stpeter at stpeter.im
Sat Dec 17 18:33:53 UTC 2016
On 12/17/16 3:08 AM, Goffi wrote:
> Le jeudi 15 décembre 2016, 08:51:35 CET Jaussoin Timothée a écrit :
>> I'm currently doing a more complete implementation of Pubsub in Movim
>> (affiliations and access-models management) and I have a couple of
>> 5.4 Discover Node Metadata : I'd like to know if it's also possible to
>> expose pubsub#access_model here. I'd like to display in the UI of Movim
>> this information ("This node is private", "This node is open to
>> everyone"…). Will it bring security problems?
> The owner can get this information using configuration (§8.2), and I'm not
> sure if it's a good idea to expose it to everybody (the subscribers or lambda
> entities don't need to know the access model, and they can just try to
Yeah, I was thinking about it some more, and I agree that there's no
great reason to expose this information. For instance, if an attacker
learns that the access model is "presence", then it knows which kind of
attack it needs to perform (perhaps some trickery to get onto the
person's roster) in order to gain access.
>> 6.5.7 Requesting the Most Recent Items : "When max_items is used,
>> implementations SHOULD return the N most recent (as opposed to the N
>> oldest) items."
>> Here I'd like to know if the items are ordered by their creation date or
>> their last update date.
> The N most recent (as opposed to the N oldest) seems clear to me : the older
> are the ones created first, so it's by creation date.
>> This difference is important to me because I'd like to know if I can
>> rely on this order to display the posts of Movim (which are logically
>> ordered by their creation date for now). If a user is making a small
>> edit months after the publication it will move the post in front of all
>> the others. This question could also apply to XEP-0059: Result Set
> For MAM/RSM it's specified in MAM (The archive results MUST be sorted in
> chronological order §4.2) which is creation date too. But this could be
> changed by a query, I have asked the question at 2016 Fosdem's meeting, and it
> was stated that a XEP can change this order if needed.
It would be good to have consistency across these various specs. Note
that creation time is not the same as last-update time, though...
More information about the Standards