[Standards] MIX Invitations and PARS (XEP-0379)

Georg Lukas georg at op-co.de
Tue Jan 24 11:08:17 UTC 2017


while pondering about Easy Group Chats[0], I realized that there is some
similarity between the MIX invitation token (§5.1.17 [1]) and PARS
(XEP-0379 [2]), but also some differences that I would like to
streamline and better understand.

Both expose an authentication token, which is forwarded to another user,
allowing that user to gain access.

MIX invitation:

		<inviter>hag66 at shakespeare.lit</inviter>
		<invitee>cat at shakespeare.lit</invitee>
		<channel>coven at mix.shakespeare.lit</channel>

PARS (as part of a presence subscription):

	<presence to='romeo at montague.net' type='subscribe'>
		<preauth xmlns='urn:xmpp:pars:0' token='1tMFqYDdKhfe2pwp' />

In the MIX spec, the token seems to be bound to the inviter's and
invitee's JIDs (you need to pass both when requesting it), so I could
imagine an implementation that encodes both JIDs into the token and
later verifies that the user attempting to join is actually the token's
invitee. This is not explicitly stated in the XEP, so I wonder if this
is a conscious design decision or not.

Depending on whether you want to bind an invitation token to a given
inviter and/or a given invitee, I propose to remove the 'inviter' and
'invitee' elements from the <invitation> XML, and possibly even to
replace the 'token' with a PARS element.

Personally, I'd like to be able to issue tokens to people who's JID I
don't know in advance, e.g. on a web page. For this, I'd like to at
least recycle the preauth query parameter for the xmpp: URI, i.e.:

	xmpp:somemix at mixdomain.mixrocks.xmpp?mix&preauth=ABCDEF

Which would then be encoded into the <preauth/> or <token/> XML when
joining the channel.



[0] https://wiki.xmpp.org/web/Easy_Group_Chats
[1] http://xmpp.org/extensions/xep-0369.html#usecase-user-invite
[2] http://xmpp.org/extensions/xep-0379.html
|| http://op-co.de ++  GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N  ++
|| gpg: 0x962FD2DE ||  o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+  ||
|| Ge0rG: euIRCnet ||  X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y?   ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170124/b9134183/attachment.sig>

More information about the Standards mailing list