[Standards] PAM Source Selection

Kevin Smith kevin.smith at isode.com
Wed Sep 7 09:22:02 UTC 2016


On 7 Sep 2016, at 10:20, Georg Lukas <georg at op-co.de> wrote:
> 
> * Kevin Smith <kevin.smith at isode.com> [2016-09-07 11:19]:
>> It’s not clear to me that another stanza is necessary, and that this
>> can’t come out of normal caps handling by the server. It’s probably
>> not the end of the world to have one, but I think I would be inclined
>> to start investigating things in terms of the traditional caps
>> mechanism, and then upgrade to a new stanza when we find it’s needed.
>> I’m relatively low-F on this (maybe 4ish).
> 
> I think the biggest problem with adding this to caps is privacy. You
> don't want your MIX whitelist/blacklist to leak to third parties, and it
> will be a significant amout of work on the server to rewrite all caps
> and presence stanzas from a client to filter that out.

This is right (crossing wires between the MUC and here).

I think I would rather that the basic stuff happened immediately on caps presence, and that additional filtering beyond purely capabilities came in a second stanza, so that in the usual case you're not adding yet another request/response to the login (which I know doesn't need to be a roundtrip).

/K


More information about the Standards mailing list