[Standards] Proto-XEP: Pre-Authenticated Roster Subscription
sam at samwhited.com
Wed May 10 18:11:32 UTC 2017
On Wed, May 10, 2017 at 12:41 PM, Jonas Wielicki <jonas at wielicki.name> wrote:
> Secondly, since Client 2 needs to know of the protocol in any case, can we
> maybe elide the server of Client 2 from the equation? Then the usability of
> tokens doesn’t depend on the server of Client 2 but only on the client.
> That would work by simply embedding something into the <presence
> type="subscribe"/> or combining a <presence type="subscribed"/> (intentional
> 'd') with an <iq/> with the token to the server of the Client 1.
The server from client 2 always has to send the presence request (or
decide not too; this sort of thing is always server policy), but yes,
it doesn't need to know about the token if client 2 knows client 1's
JID already (although I very much think it should not have to extract
it from the token; the token format should be completely opaque to the
client in my mind). If possible I think the server should also have
the token be completely opaque, but that means also transmitting
Client 1's JID out of band somehow, at which point you might as well
make a normal presence request and you don't need a token at all.
More information about the Standards