Mercurial > sat_docs
annotate xmpp/xep-0356.xml @ 138:274af514a5cf
flatpak: reworked packages + made a building script:
a new `build_manifest.py` script can now be used to generate flatpak manifests for every frontend of SàT.
The manifest can be used both for development versions and stable ones.
Templates files (in the form `_tmp_<app-id>.json`) are used to set building instructions.
A common runtime specific to SàT has been abandoned following a discussion on the official mailing list.
A small wrapper is now used to launch backend automatically if it's not found.
Desktop and app metadata have been added for Cagou.
Jp and Primitivus don't have appdata and desktop files yet.
author | Goffi <goffi@goffi.org> |
---|---|
date | Sat, 22 Jun 2019 15:59:07 +0200 |
parents | 4c5bd7ddaaca |
children |
rev | line source |
---|---|
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 <?xml version='1.0' encoding='UTF-8'?> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 <!DOCTYPE xep SYSTEM 'xep.dtd' [ |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 <!ENTITY % ents SYSTEM 'xep.ent'> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 %ents; |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 ]> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 <?xml-stylesheet type='text/xsl' href='xep.xsl'?> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 <xep> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 <header> |
41
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
9 <title>Privileged Entity</title> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
10 <abstract>This specification provides a way for XMPP entities to have a privileged access to some other entities data</abstract> |
41
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
11 &LEGALNOTICE; |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
12 <number>0356</number> |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
13 <status>Experimental</status> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 <type>Standards Track</type> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 <sig>Standards</sig> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 <approver>Council</approver> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 <dependencies> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 <spec>XMPP Core</spec> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 </dependencies> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 <supersedes/> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 <supersededby/> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 <shortname>NOT_YET_ASSIGNED</shortname> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 <author> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 <firstname>Jérôme</firstname> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 <surname>Poisson</surname> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 <email>goffi@goffi.org</email> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 <jid>goffi@jabber.fr</jid> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 </author> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 <revision> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
30 <version>0.2</version> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
31 <date>2015-03-23</date> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
32 <initials>jp</initials> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
33 <remark> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
34 <p>Several updates according to feedbacks + review:</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
35 <ul> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
36 <li>added links to PEP and namespace delegation XEPs</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
37 <li>removed MUST for default values in configuration</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
38 <li><forwarded/> element is now a child of a <privilege/> element</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
39 <li><perm/> "namespace" attribute has been renamed to "access"</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
40 <li>"headline" type restriction for "message" privilege has been removed</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
41 <li>"message" permission violation now result in a "forbidden" message error</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
42 <li>for "presence" permission, only &PRESENCE; stanza with no type or with a "unavailable" type are sent to privileged entity</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
43 <li>added specifitation for "presence" if a managed entity is unavailable and if a privileged entity is available after first &PRESENCE; stanzas have been received</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
44 <li>added Business Rules section</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
45 <li>Updated namespace to reflect incompatible changes</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
46 </ul> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
47 </remark> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
48 </revision> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
49 <revision> |
41
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
50 <version>0.1</version> |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
51 <date>2015-01-27</date> |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
52 <initials>XEP Editor (mam)</initials> |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
53 <remark><p>Initial published version approved by the XMPP Council.</p></remark> |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
54 </revision> |
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
55 <revision> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
56 <version>0.0.4</version> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
57 <date>2014-12-18</date> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
58 <initials>jp</initials> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
59 <remark><ul> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
60 <li>Big simplification and restriction following council's veto and standard@ discussions</li> |
35
e4ed0682d7b6
XEP: fixed a typo in privileged entity
Goffi <goffi@goffi.org>
parents:
34
diff
changeset
|
61 <li>Configuration is now done only on server own configuration</li> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
62 <li>No more client mode</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
63 <li>Permissions are adverised using &MESSAGE;</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
64 <li>The only &IQ; privilege still available is jabber:iq:roster</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
65 </ul> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
66 </remark> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
67 </revision> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
68 <revision> |
31 | 69 <version>0.0.3</version> |
70 <date>2014-11-13</date> | |
71 <initials>jp</initials> | |
72 <remark><ul> | |
73 <li>giving permission to manage this XEP namespace is forbidden</li> | |
74 <li>Added configuration section; with well-defined command node</li> | |
75 <li>better specification of persistent permissions</li> | |
76 <li>fixed erroneous example (server returns bookmarks)</li> | |
77 <li>added special permissions</li> | |
78 <li>better specification of &QUERY; element</li> | |
79 </ul> | |
80 </remark> | |
81 </revision> | |
82 <revision> | |
17 | 83 <version>0.0.2</version> |
84 <date>2014-09-17</date> | |
85 <initials>jp</initials> | |
86 <remark><ul> | |
87 <li>changed for privileged entity</li> | |
88 <li>fixes after feedbacks on standard mailing list</li> | |
89 <li>completed missing required parts</li> | |
90 </ul> | |
91 </remark> | |
92 </revision> | |
93 <revision> | |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 <version>0.0.1</version> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 <date>2014-05-09</date> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 <initials>jp</initials> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 <remark><p>First draft.</p></remark> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 </revision> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 </header> |
31 | 100 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 <section1 topic='Introduction' anchor='intro'> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
102 <p>XMPP components are used for long through &xep0114;, but are quite limited: they have a restricted access to other entities data, similar to what a client can do. This is sufficient for components like gateways, but very limiting for more complex components like a PubSub service. The goal of this XEP is to allow a component or any entity to have a "privileged" status, and access some other entity data with the same privileges than the entity itself, that means manage an entity roster on its behalf, send &MESSAGE; or receive &PRESENCE; stanzas in the name of the server.</p> |
32 | 103 <p>Privileged entities have numerous advantages, including:</p> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 <ul> |
17 | 105 <li>a step forward in decentralization: it is possible for an entity to do tasks which were before reserved to server itself. For example, a privileged pubsub component can offer access model based on publisher's roster</li> |
106 <li>better integration of components: a gateway can add items to an entity roster itself</li> | |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
107 <li>possibility to overpass a server limitation (typically: incomplete &xep0163; implementation)</li> |
17 | 108 <li>quick development cycle: developers can implement the components they need without waiting for a new server release</li> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 <li>server agnostic</li> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 </ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
111 <p>Privileged entity has been created with the main goal to create an external, server agnostic, PEP service. It is restricted to only a couple of features, see <link url='#acks'>Acknowledgements section</link> for more details.</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
112 <p>This XEP is complementary to &xep0355; (and works in a similar way), although they can be used together or separately. To build something like an external PEP service, it is necessary to use both XEPs.</p> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 </section1> |
31 | 114 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 <section1 topic='Requirements' anchor='reqs'> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
116 <p>A privileged entity must be able to do what a PEP service can do and to access roster, so it must be able to (according to configuration):</p> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 <ul> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
118 <li>get and modify the roster of any entity managed by the server</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
119 <li>send a &MESSAGE; stanza on behalf of the server</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
120 <li>access &PRESENCE; informations for entities in a managed entity's roster (and for managed entity itself)</li> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 </ul> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
122 <p>The privilege mechanism MUST be totally transparent for the managed entities.</p> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 </section1> |
31 | 124 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 <section1 topic='Glossary' anchor='glossary'> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 <ul> |
32 | 127 <li><strong>Privileged entity</strong> — the entity which has a privileged status.</li> |
128 <li><strong>Managed entity</strong> — the entity that is managed by a privileged entity.</li> | |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 </ul> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 </section1> |
31 | 131 |
41
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
132 <section1 topic='Accessing Roster' anchor='access_roster'> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
134 <section2 topic='Server Allows Roster Access' anchor='server_roster'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
135 <p>Roster access is granted in the server configuration. Roster access can have 4 types:</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
136 <ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
137 <li><strong>none</strong> — the entity is not allowed to access managed entity roster at all. This is usually the default value.</li> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
138 <li><strong>get</strong> — the entity is allowed to send &IQ; stanzas of type <em>'get'</em> for the namespace 'jabber:iq:roster'.</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
139 <li><strong>set</strong> — the entity is allowed to send &IQ; stanzas of type <em>'set'</em> for namespace 'jabber:iq:roster'.</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
140 <li><strong>both</strong> — the entity is allowed to send &IQ; stanzas of type <em>'get'</em> and <em>'set'</em> for namespace 'jabber:iq:roster'.</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
141 </ul> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 </section2> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
144 <section2 topic='Server Advertises Entity Of Allowed Permission' anchor='advertise_roster'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
145 <p>Once a privileged entity is authenticated and stream is started, the server send it a &MESSAGE; stanza with a <privilege/> elements which MUST have the namespace 'urn:xmpp:privilege:1'. This element contains <perm/> elements which MUST contain a 'access' attribute of the value "roster" and a 'type' attribute which must correspond to the type configured as specified in <link url='#server_roster'>"Server Allows Roster Access" section</link></p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
146 <example caption='Server Advertises Roster Privilege'><![CDATA[ |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
147 <message from='capulet.net' to='pubub.capulet.lit' id='12345'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
148 <privilege xmlns='urn:xmpp:privilege:1'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
149 <perm access='roster' type='both'/> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
150 </privilege> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
151 </message> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
152 ]]></example> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
153 <p>Here <em>pubsub.capulet.lit</em> is allowed to do <em>get</em> and <em>set</em> operations on all entities managed by capulet.lit</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
154 </section2> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
155 |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
156 <section2 topic='Privileged Entity Manage Roster' anchor='priv_manage_roster'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
157 <p>Doing a <em>get</em> or <em>set</em> operation on the roster of a managed entity is done in the usual way (as described in &rfc6121; section 2), except that the 'to' attribute is set to the attribute of the managed entity. The server MUST check that the privileged entity has right to <em>get</em> or <em>set</em> the roster of managed entity, and MUST return a &forbidden; error if it is not the case:</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
158 <example caption='Privileged Entity Get Managed Entity Roster'><![CDATA[ |
17 | 159 <iq id='roster1' |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
160 from='pubsub.capulet.lit' |
17 | 161 to='juliet@example.com' |
162 type='get' | |
163 id='roster1'> | |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 <query xmlns='jabber:iq:roster'/> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 </iq> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 ]]></example> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 |
32 | 168 <p>The server then answers normally, as it would have done to the managed entity:</p> |
169 <example caption='Server Answers To Privileged Entity'><![CDATA[ | |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
170 <iq id='roster1' |
31 | 171 from='juliet@example.com' |
17 | 172 to='pubsub.capulet.net' |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 type='result'> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 <query xmlns='jabber:iq:roster' ver='ver7'> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 <item jid='nurse@example.com'/> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
176 <item jid='romeo@example.net'/> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 </query> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 </iq> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 ]]></example> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
180 |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 </section2> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 </section1> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
184 <section1 topic='Message Permission' anchor='message'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
185 <section2 topic='Authorizing Messages' anchor='auth_mess'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
186 <p>In some cases, it can be desirable to send notifications (e.g. PEP service), so the privileged entity must be able to send &MESSAGE; stanzas. This is allowed in server configuration in the same way as for roster permission. The permission type can have the following values:</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
187 <ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
188 <li><strong>none</strong> — the entity is not allowed to send &MESSAGE; stanza in the name of the server. This is usually the default value.</li> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
189 <li><strong>outgoing</strong> — the entity is allowed to send &MESSAGE; stanzas in the name of the server, according to following restrictions.</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
190 </ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
191 <p>A privileged entity can then send message on the behalf either of the server or of a bare JID of an entity managed by the server (i.e. a bare jid with the same domain as the server), using &xep0297;. The <forwarded/> element MUST be a child of a <privilege/> element with a namespace of <em>'urn:xmpp:privilege:1'</em>, with the following restriction:</p> |
31 | 192 <ol> |
32 | 193 <li>forwarded &MESSAGE; 'from' attribute MUST be a bare JID from the server, no resource is allowed</li> |
31 | 194 </ol> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
195 <p>If this rule is violated, the server MUST return a &MESSAGE; error with condition <forbidden/>, as in &rfc6120; section 8.3.3.4.</p> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
196 </section2> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
197 |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
198 <section2 topic='Advertising Permission' anchor='advertise_mess'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
199 <p>Server advertises "message" permission in the same way as for "roster" permission, except that 'access' attribute has the value of "message", and the 'type' attribute as a value of 'outgoing':</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
200 <example caption='Server Advertises Roster And Message Privileges'><![CDATA[ |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
201 <message from='capulet.net' to='pubub.capulet.lit' id='54321'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
202 <privilege xmlns='urn:xmpp:privilege:1'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
203 <perm access='roster' type='both'/> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
204 <perm access='message' type='outgoing'/> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
205 </privilege> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
206 </message> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
207 ]]></example> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
208 </section2> |
31 | 209 |
41
21d0d0ab7aa0
xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents:
36
diff
changeset
|
210 <section2 topic='Sending Messages' anchor='sending_mess'> |
31 | 211 <p>Now that <em>pubsub.capulet.lit</em> is allowed, it can send messages using <forwarded/> elements.</p> |
212 <example caption='privileged entity send a notificaction message'><![CDATA[ | |
213 <message from='pubsub.capulet.lit' to='capulet.lit' id='notif1'> | |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
214 <privilege xmlns='urn:xmpp:privilege:1'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
215 <forwarded xmlns='urn:xmpp:forward:0'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
216 <message from='juliet@capulet.lit' |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
217 id='foo' |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
218 to='romeo@montague.lit/orchard' |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
219 xmlns='jabber:client'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
220 <event xmlns='http://jabber.org/protocol/pubsub#event'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
221 <items node='http://jabber.org/protocol/tune'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
222 <item> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
223 <tune xmlns='http://jabber.org/protocol/tune'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
224 <artist>Gerald Finzi</artist> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
225 <length>255</length> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
226 <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
227 <title>Introduction (Allegro vigoroso)</title> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
228 <track>1</track> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
229 </tune> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
230 </item> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
231 </items> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
232 </event> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
233 <delay xmlns='urn:xmpp:delay' stamp='2014-11-25T14:34:32Z'/> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
234 </message> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
235 </forwarded> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
236 </privilege> |
31 | 237 </message> |
238 ]]></example> | |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
239 <p>The server sees that forwarded message 'from' attribute (<em>juliet@capulet.lit</em>) is a bare JID of the server, and that outgoing message permission was granted; it can now send the notification:</p> |
32 | 240 <example caption='server sends the notification as if it was originating from him'><![CDATA[ |
31 | 241 <message from='juliet@capulet.lit' |
242 id='bar' | |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
243 to='romeo@montague.lit/orchard'> |
31 | 244 <event xmlns='http://jabber.org/protocol/pubsub#event'> |
245 <items node='http://jabber.org/protocol/tune'> | |
246 <item> | |
247 <tune xmlns='http://jabber.org/protocol/tune'> | |
248 <artist>Gerald Finzi</artist> | |
249 <length>255</length> | |
250 <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source> | |
251 <title>Introduction (Allegro vigoroso)</title> | |
252 <track>1</track> | |
253 </tune> | |
254 </item> | |
255 </items> | |
256 </event> | |
257 <delay xmlns='urn:xmpp:delay' stamp='2014-11-25T14:34:32Z'/> | |
258 </message> | |
259 ]]></example> | |
260 </section2> | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
261 </section1> |
31 | 262 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
263 <section1 topic='Presence Permission' anchor='presence'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
264 <section2 topic='Managed Entity Presence' anchor='managed_ent_presence'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
265 <p>It can be often desirable for a privileged entity to have presence information of the managed entities (e.g. to know when to send them notificiations). As privileges must be transparent for the managed entity, this presence has to be sent by the server without modifying managed entity roster.</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
266 <p>This is allowed in server configuration in the same way as for <em>roster</em> and <em>message</em> permissions. The "presence" type can have the following values:</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
267 <ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
268 <li><strong>none</strong> — the entity is not allowed to access &PRESENCE; informations at all. This is usually the default value.</li> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
269 <li><strong>managed_entity</strong> — the entity is allowed to receive managed entity presence (see below).</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
270 <li><strong>roster</strong> — the entity is allowed to receive presence informations of managed entity contacts, see <link url='#roster_presence'>Roster Presence section</link>.</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
271 </ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
272 <p>If the privilege is granted, the server MUST use a directed presence from the full jid of the managed entity, to the privileged entity, as specified in &rfc6121; section 4.6, on the behalf of managed entity each time its presence information change.</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
273 <p>Only presences with no 'type' attribute or with a 'type' attribute with the value "unavailable" are transmitted to the privileged entity, the server MUST NOT transmit &PRESENCE; stanza of any other type.</p> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
274 </section2> |
31 | 275 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
276 <section2 topic='Advertising Permission' anchor='advertise_managed_presence'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
277 <p>Server advertises "presence" permission in the same way as for "roster" or "message" permissions, except that 'access' attribute has the value of "presence", and the 'type' attribute has a value of "managed_entity"</p> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
278 </section2> |
31 | 279 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
280 <section2 topic="Server Send presence informations" anchor='server_send_presence'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
281 <p>Once the "presence" permission is granted, the server send presence informations:</p> |
32 | 282 <example caption='server receives new presence from Juliet'><![CDATA[ |
31 | 283 <presence from='juliet@capulet.lit/balcony' |
284 id='presence1' | |
285 xml:lang='en'> | |
286 <show>chat</show> | |
287 <status>Staying on the balcony</status> | |
288 </presence> | |
289 ]]></example> | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
290 |
32 | 291 <example caption='server redirects presence to privileged entity'><![CDATA[ |
31 | 292 <presence from='juliet@capulet.lit/balcony' |
293 to='pubsub.capulet.lit' | |
294 id='presence1' | |
295 xml:lang='en'> | |
296 <show>chat</show> | |
297 <status>Staying on the balcony</status> | |
298 </presence> | |
299 ]]></example> | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
300 |
31 | 301 </section2> |
302 | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
303 <section2 topic='Roster Presence' anchor='roster_presence'> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
304 <p>In addition to "<link url='#managed_ent_presence'>managed entity presence</link>", a privileged entity may need to know when a contact in managed entity roster is online (for example, it's necessary for a PEP service because of the presence default access model).</p> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
305 <p>As for other permissions, the access is granted in server's configuration, but there is an additional restriction: the privileged entity MUST have read permission on roster namespace (i.e. 'type' attribute in allowed <perm> of access <em>roster</em> MUST have a value of either <strong>get</strong> or <strong>both</strong>).</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
306 <p>If the privilege is granted, the server MUST send to the privileged entity every presence information with no 'type' attribute or with a 'type' with a value of 'unavailable' that the privileged entity is receiving or would receive if it were available. It do it in the same way as for <link url='#managed_ent_presence'>managing entity</link> by using directed &PRESENCE; from the full jid of the entity from which presence information has changed, to the privileged entity. If the managed entity is unavailable but the privileged entity is available, the server MUST send &PRESENCE; stanza to the later anyway.</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
307 <p>Having "roster" type for "presence" permission imply that you have also implicitly "managed_entity" type.</p><p>The server MUST reject the permission if the privileged entity doesn't have read permission on roster namespace.</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
308 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
309 <p>Note: this permission should be given carefully, as it gives access to presence of potentially a lot of entities to the privileged entity (see <link url='#security'>security considerations</link>).</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
310 </section2> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
311 |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
312 <section2 topic='Advertising Permission' anchor='advertise_roster_presence'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
313 <p>Server advertises roster "presence" permission in the same way as for other permissions, except that the 'access' attribute has the value of "presence", and the 'type' attribute has a value of "roster"</p> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
314 <example caption='Server Advertises Roster, Message, Managed Entity Presence and Roster Presence Privileges'><![CDATA[ |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
315 <message from='capulet.net' to='pubub.capulet.lit' id='54321'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
316 <privilege xmlns='urn:xmpp:privilege:1'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
317 <perm access='roster' type='both'/> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
318 <perm access='message'/> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
319 <perm access='presence' type='roster'/> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
320 </privilege> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
321 </message> |
31 | 322 ]]></example> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
323 <p>Note the presence of <em>roster</em> permission request.</p> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
324 </section2> |
31 | 325 |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
326 <section2 topic="Privileged Entity Receive Roster Presences" anchor='priv_rec_roster_presence'> |
32 | 327 <example caption="server receives new presence from Romeo, which is in Juliet's roster"><![CDATA[ |
31 | 328 <presence from='romeo@montaigu.lit/orchard'/> |
329 ]]></example> | |
32 | 330 <example caption='server sends the presence as usually, but also to the privileged entity'><![CDATA[ |
31 | 331 <presence from='romeo@montaigu.lit/orchard' |
332 to='juliet@capulet.lit'/> | |
333 <presence from='romeo@montaigu.lit/orchard' | |
334 to='pubsub.capulet.lit'/> | |
335 ]]></example> | |
336 </section2> | |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
337 </section1> |
31 | 338 |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
339 <section1 topic='Business Rules' anchor='rules'> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
340 <ol> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
341 <li>For "presence" access, if a privileged entity is connected after first &PRESENCE; stanzas have been received, the server MUST send it all the &PRESENCE; stanzas with no 'type' attribute it would have had if it was connected first (in other words: all the presences informations for connected entities it has access to).</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
342 <li>For "presence" access, if a privileged entity is supposed to received several time the same &PRESENCE; stanza, the server SHOULD send it only once. For example: if <em>pubsub.capulet.lit</em> has a "presence" access with a "roster" type for <em>capulet.lit</em>, and <em>juliet@capulet.lit</em> and <em>nurse@capulet.it</em> both have <em>romeo@montague.lit</em> in their roster. When romeo is available, <em>pubsub.capulet.lit</em> shoud have its &PRESENCE; stanza only once (instead of 2 times).</li> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
343 </ol> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
344 </section1> |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
345 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
346 <section1 topic='Security Considerations' anchor='security'> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
347 <ol> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
348 <li>Privileged entitiy has access to sensitive data, and can act as the server itself, permissions should be granted carefuly, only if you absolutely trust the entity.</li> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
349 <li><link url='#roster_presence'>Roster presence</link> is particulary sensitive, because presence informations of whole rosters are shared.</li> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
350 <li>Generaly, the server MUST NOT allow the privileged entity to do anything that the managed entity could not do.</li> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
351 </ol> |
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
352 </section1> |
31 | 353 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
354 <section1 topic='IANA Considerations' anchor='iana'> |
17 | 355 <p>This document requires no interaction with &IANA;.</p> |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
356 </section1> |
31 | 357 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
358 <section1 topic='XMPP Registrar Considerations' anchor='registrar'> |
17 | 359 <section2 topic='Protocol Namespaces' anchor='ns'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
360 <p>The ®ISTRAR; includes 'urn:xmpp:privilege:1' in its registry of protocol namespaces (see &NAMESPACES;).</p> |
17 | 361 <ul> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
362 <li>urn:xmpp:privilege:1</li> |
17 | 363 </ul> |
364 </section2> | |
365 <section2 topic='Protocol Versioning' anchor='registrar-versioning'> | |
366 &NSVER; | |
367 </section2> | |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
368 </section1> |
31 | 369 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
370 <section1 topic='XML Schema' anchor='schema'> |
17 | 371 <code><![CDATA[ |
372 <?xml version='1.0' encoding='UTF-8'?> | |
373 | |
374 <xs:schema | |
375 xmlns:xs='http://www.w3.org/2001/XMLSchema' | |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
376 targetNamespace='urn:xmpp:privilege:1' |
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
377 xmlns='urn:xmpp:privilege:1' |
17 | 378 elementFormDefault='qualified'> |
379 | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
380 <xs:element name='privilege'> |
17 | 381 <xs:complexType> |
382 <xs:element name='perm' | |
383 maxOccurs='unbounded'> | |
384 <xs:complexType> | |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
385 <xs:attribute name='access' use='required' type='xs:string'/> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
386 <xs:simpleType base='xs:NMTOKEN'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
387 <xs:enumeration value='roster'/> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
388 <xs:enumeration value='message'/> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
389 <xs:enumeration value='presence'/> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
390 </xs:simpleType> |
17 | 391 <xs:attribute name='type' use='required'> |
392 <xs:simpleType base='xs:NMTOKEN'> | |
393 <xs:enumeration value='none'/> | |
394 <xs:enumeration value='get'/> | |
395 <xs:enumeration value='set'/> | |
396 <xs:enumeration value='both'/> | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
397 <xs:enumeration value='outgoing'/> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
398 <xs:enumeration value='managed_entity'/> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
399 <xs:enumeration value='roster'/> |
17 | 400 </xs:simpleType> |
401 </xs:attribute> | |
402 </xs:complexType> | |
403 </xs:element> | |
404 </xs:complexType> | |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
405 </xs:element> |
17 | 406 |
407 </xs:schema> | |
408 ]]></code> | |
409 </section1> | |
31 | 410 |
17 | 411 <section1 topic='Acknowledgements' anchor='acks'> |
43
4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents:
41
diff
changeset
|
412 <p>Thanks to Sergey Dobrov, Dave Cridland, Steven Lloyd Watkin, Lance Stout, Johannes Hund, Kurt Zeilenga and Kevin Smith for their feedbacks. Thanks to Adrien Cossa for his typos/style corrections.</p> |
34
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
413 <p>Privileged entity was initialy written to be a generic identity based access control (IBAC) which allows an entity to access sensitive data. After <link url='http://mail.jabber.org/pipermail/standards/2014-December/029378.html'>a discussion on standard mailing list</link>, it has been decided to restrict the current XEP to immediate needs to build an external PEP service, and to implement separately an Attribute Based Access Control (ABAC) which is more modern, generic and flexible. This XEP is still interesting for being easy to implement and doing the job.</p> |
db9316a75306
XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents:
33
diff
changeset
|
414 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
415 </section1> |
31 | 416 |
0
677de998f9d9
XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
417 </xep> |