[Standards] Questions regarding XEP-0363: HTTP File Upload
vaibhavsinghacads at gmail.com
Thu Sep 8 06:38:19 UTC 2016
Thank you for the clarification Daniel.
On Wed, Sep 7, 2016 at 5:04 PM, Daniel Gultsch <daniel at gultsch.de> wrote:
> you can implement upload access control in two ways. First of all the PUT
> URL can differ from the GET URL. Thus the PUT Url can be kept secret. You
> can put 'tokens' into the filepath of the URL itself. For example
> https://server.tld/somegeneretadsecret/foo.png. On top of that you can
> make those URLs write once. This is what most current implementations of
> HTTP Upload do.
> 2016-09-07 12:05 GMT+02:00 vaibhav singh <vaibhavsinghacads at gmail.com>:
>> Hi all,
>> I was reading up on XEP-0363: HTTP File Upload and am not able to make
>> sense of some things referenced in the XEP.
>> 1.) Is the PUT URL being sent to the Receiver the final PUT URL to be
>> used for uploading the file, or can it be modified by the Receiver, which
>> can then construct the final GET URL, the URL where the file is located?
>> This question crept up because I could not see any way of using file
>> upload services like Google Drive or Dropbox, essentially services which
>> require some kind of access control.
>> 2.) If the PUT URL cannot be modified by the Receiver, what do you
>> suggest can be done to use services with access control? With whom should
>> the burden of access control lie in this case?
>> 3) If the XEP can be used only for non-access controlled HTTP servers,
>> how is it any different from say, using XEP-215 (External Service Disovery)
>> and getting access to the HTTP servers that way?
>> 4) I saw somewhere that Conversations client has already implemented the
>> XEP. Are they using non-access controlled HTTP or WebDAV servers to upload
>> the files?
>> I really feel that the XEP could be expanded to include services which
>> require access control, but am not sure how to proceed with it. any help
>> would be really appreciated.
>> Vaibhav Singh
>> Standards mailing list
>> Info: https://mail.jabber.org/mailman/listinfo/standards
>> Unsubscribe: Standards-unsubscribe at xmpp.org
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards