[Standards] Questions regarding XEP-0363: HTTP File Upload

vaibhav singh vaibhavsinghacads at gmail.com
Thu Sep 8 06:38:19 UTC 2016


Thank you for the clarification Daniel.

On Wed, Sep 7, 2016 at 5:04 PM, Daniel Gultsch <daniel at gultsch.de> wrote:

> Hi,
>
> you can implement upload access control in two ways. First of all the PUT
> URL can differ from the GET URL. Thus the PUT Url can be kept secret. You
> can put 'tokens' into the filepath of the URL itself. For example
> https://server.tld/somegeneretadsecret/foo.png. On top of that you can
> make those URLs write once. This is what most current implementations of
> HTTP Upload do.
>
> cheers
> Daniel
>
> 2016-09-07 12:05 GMT+02:00 vaibhav singh <vaibhavsinghacads at gmail.com>:
>
>> Hi all,
>>
>> I was reading up on  XEP-0363: HTTP File Upload and am not able to make
>> sense of some things referenced in the XEP.
>>
>> 1.) Is the PUT URL being sent to the Receiver the final PUT URL to be
>> used for uploading the file, or can it be modified by the Receiver, which
>> can then construct the final GET URL, the URL where the file is located?
>> This question crept up because I could not see any way of using file
>> upload services like Google Drive or Dropbox, essentially services which
>> require some kind of access control.
>>
>> 2.) If the PUT URL cannot be modified by the Receiver, what do you
>> suggest can be done to use services with access control? With whom should
>> the burden of access control lie in this case?
>>
>> 3) If the XEP can be used only for non-access controlled HTTP servers,
>> how is it any different from say, using XEP-215 (External Service Disovery)
>> and getting access to the HTTP servers that way?
>>
>> 4) I saw somewhere that Conversations client has already implemented the
>> XEP. Are they using non-access controlled HTTP or WebDAV servers to upload
>> the files?
>>
>> I really feel that the XEP could be expanded to include services which
>> require access control, but am not sure how to proceed with it. any help
>> would be really appreciated.
>>
>> --
>>
>> Regards,
>> Vaibhav Singh
>>
>> _______________________________________________
>> Standards mailing list
>> Info: https://mail.jabber.org/mailman/listinfo/standards
>> Unsubscribe: Standards-unsubscribe at xmpp.org
>> _______________________________________________
>>
>>
>
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
>


-- 

Regards,
Vaibhav Singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160908/50b4d7b3/attachment.html>


More information about the Standards mailing list