[Standards] Proto-XEP: Pre-Authenticated Roster Subscription

Kevin Smith kevin.smith at isode.com
Wed May 10 20:50:38 UTC 2017


On 10 May 2017, at 21:45, Daniel Gultsch <daniel at gultsch.de> wrote:
> 2017-05-10 22:08 GMT+02:00 Sam Whited <sam at samwhited.com>:
> All this being said, I could sway either way at this point, and as an
> actual client developer you probably have a better perspective on what
> makes the most sense for the client ecosystem, so I defer to your
> knowledge on what's best here.
> 
> I actually was trying to make this easier for the server developers. I was assuming that managing multiple tokens in a database is more complicated than doing some quick calculations on one.
> 
> One more argument for being able to generate new tokens based on a secret in a PEP node is, that once I have that secret cached (because it was sent to me at the beginning of the session) I can create tokens at any time without needing a server connection right then. I can very easily come up with a lot of scenarios in which I want to show a QR code to someone when I don't have a connection to the server (session is hibernating) or only a very lagging one. Or in other words I would like to avoid a spinning wheel 'generating QR code / requesting token' before being able to invite someone.

The thing that I’m very clear should be server-side is the acceptance logic of the sub. I like the idea of the client just requesting tokens, but I can see the merit in something that can be generated offline - although I’m not sure that doing this necessitates use of PEP.

/K


More information about the Standards mailing list