sat_docs: xmpp/xep-proto-privileged-component.xml annotate

annotate xmpp/xep-proto-privileged-component.xml @ 31:91d56a6e4b0d

xep: privileged entity update: - giving permission to manage this XEP namespace is forbidden - Added configuration section; with well-defined command node - better specification of persistent permissions - fixed erroneous example (server returns bookmarks) - added special permissions - better specification of <query/> element

author	Goffi <goffi@goffi.org>
date	Thu, 13 Nov 2014 14:12:19 +0100
parents	c6824592e3ef
children	a3f262d5b594

rev	line source
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	1 <?xml version='1.0' encoding='UTF-8'?>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	2 <!DOCTYPE xep SYSTEM 'xep.dtd' [
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	3 <!ENTITY % ents SYSTEM 'xep.ent'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	4 %ents;
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	5 ]>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	6 <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	7 <xep>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	8 <header>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	9 <title>privileged entity</title>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	10 <abstract>This specification provides a way for XMPP entities to have a privileged access to other entities data</abstract>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	11 <legal>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	12 <copyright>This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF).</copyright>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	13 <permissions>Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.</permissions>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	14 <warranty>## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##</warranty>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	15 <liability>In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.</liability>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	16 <conformance>This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <<link url='http://xmpp.org/extensions/ipr-policy.shtml'>http://xmpp.org/extensions/ipr-policy.shtml</link>> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).</conformance>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	17 </legal>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	18 <number>xxxx</number>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	19 <status>ProtoXEP</status>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	20 <type>Standards Track</type>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	21 <sig>Standards</sig>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	22 <approver>Council</approver>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	23 <dependencies>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	24 <spec>XMPP Core</spec>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	25 <spec>XEP-0114</spec>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	26 <spec>XEP-0004</spec>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	27 </dependencies>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	28 <supersedes/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	29 <supersededby/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	30 <shortname>NOT_YET_ASSIGNED</shortname>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	31 <author>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	32 <firstname>Jérôme</firstname>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	33 <surname>Poisson</surname>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	34 <email>goffi@goffi.org</email>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	35 <jid>goffi@jabber.fr</jid>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	36 </author>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	37 <revision>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	38 <version>0.0.3</version>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	39 <date>2014-11-13</date>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	40 <initials>jp</initials>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	41 <remark><ul>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	42 <li>giving permission to manage this XEP namespace is forbidden</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	43 <li>Added configuration section; with well-defined command node</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	44 <li>better specification of persistent permissions</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	45 <li>fixed erroneous example (server returns bookmarks)</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	46 <li>added special permissions</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	47 <li>better specification of &QUERY; element</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	48 </ul>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	49 </remark>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	50 </revision>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	51 <revision>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	52 <version>0.0.2</version>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	53 <date>2014-09-17</date>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	54 <initials>jp</initials>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	55 <remark><ul>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	56 <li>changed for privileged entity</li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	57 <li>fixes after feedbacks on standard mailing list</li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	58 <li>completed missing required parts</li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	59 </ul>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	60 </remark>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	61 </revision>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	62 <revision>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	63 <version>0.0.1</version>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	64 <date>2014-05-09</date>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	65 <initials>jp</initials>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	66 <remark><p>First draft.</p></remark>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	67 </revision>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	68 </header>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	69
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	70 <section1 topic='Introduction' anchor='intro'>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	71 <p>XMPP components are used for long through &xep0114;, but are quite limited: they have a restricted access to other entities data, similar to what a client can do. This is sufficient for components like gateways, but very limiting for more complex components like a PubSub service. The goal of this XEP is to allow a component or any entity to have a "privileged" status, and access an other entity data with the same privileges than the entity itself, that means send and receive &IQ; stanzas on its behalf (and in <link url='#special'>some cases</link>, send &MESSAGE; or receive &PRESENCE; stanzas).</p>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	72 <p>Privileged entity have numerous advantages, including:</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	73 <ul>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	74 <li>a step forward in decentralization: it is possible for an entity to do tasks which were before reserved to server itself. For example, a privileged pubsub component can offer access model based on publisher's roster</li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	75 <li>better integration of components: a gateway can add items to an entity roster itself</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	76 <li>possibility to overpass a server limitation</li>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	77 <li>quick development cycle: developers can implement the components they need without waiting for a new server release</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	78 <li>server agnostic</li>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	79 </ul>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	80 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	81
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	82 <section1 topic='Requirements' anchor='reqs'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	83 <p>A privileged entity can be used in two modes:</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	84 <ul>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	85 <li><strong>admin</strong> mode, where it is installed by the server administrator.</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	86 <li><strong>client</strong> mode, where it can be installed by any user</li>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	87 </ul>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	88 <p>In <em>admin</em> mode, the privileged entity MAY be able to emit &IQ; stanzas in the same way as any entity, including managing roster or accessing persistent storage. The privilege mechanism MUST be totally transparent for the managed entities.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	89 <p>In <em>client</em> mode, a privileged entity MUST have an explicit autorization for any &IQ; namespace he wants to use. Client SHOULD be able to check and revoke granted permissions, and if it's not possible, permissions MUST be revoked after a disconnection.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	90 <p>In addition, some <link url='#special'>special permissions</link> can permit to send &MESSAGE; stanzas on behalf of the server or access &PRESENCE; informations</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	91 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	92
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	93 <section1 topic='Glossary' anchor='glossary'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	94 <ul>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	95 <li><strong>Privileged entity</strong> — the entity which has or wants a privileged status.</li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	96 <li><strong>Managed entity</strong> — the entity that the privileged entity wants to manage.</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	97 </ul>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	98 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	99
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	100 <section1 topic='Admin Mode Use Cases' anchor='admin_usecases'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	101
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	102 <section2 topic='Permission Request Use Case' anchor='admin_perm'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	103 <section3 topic='Entity request privileged status of admin' anchor='req_status'>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	104 <p>Once the privileged entity is authentified and stream is started, the entity can request its privileged status. It do it by sending an &IQ; stanza with <strong>'urn:xmpp:privilege:0'</strong> namespace</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	105 <p>The &QUERY; element MUST have a "request" type and MAY have a 'privilege' attribute with the value "admin". Namespace permissions are asked with a <perm/> element, which MUST contain a 'namespace' attribute set to the requested namespace and a 'type' attribute which can be:</p>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	106 <ul>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	107 <li><strong>get</strong> — the entity wants to send &IQ; stanza of type <em>'get'</em></li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	108 <li><strong>set</strong> — the entity wants to send &IQ; stanza of type <em>'set'</em></li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	109 <li><strong>both</strong> — the entity wants to send &IQ; stanza of type <em>'get'</em> and <em>'set'</em></li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	110 </ul>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	111 <example caption='Entity asks for admin privilege'><![CDATA[
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	112 <iq from='pubsub.capulet.net' type='get' id='privilege1'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	113 <query xmlns='urn:xmpp:privilege:0' type='request' privilege='admin'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	114 <perm namespace='jabber:iq:roster' type='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	115 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	116 </query>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	117 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	118 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	119 </section3>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	120 <section3 topic='Server Accept Admin Privilege' anchor='accept_status'>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	121 <p>If the server accept the privileged status (e.g.: admin status specified in configuration), it MUST return an &IQ; result stanza with a "allowed" &QUERY; type, and allowed permissions in <perm/> elements:</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	122 <example caption='Server accept admin privilege'><![CDATA[
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	123 <iq from='capulet.net' to='pubsub.capulet.net' type='result' id='privilege1'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	124 <query xmlns='urn:xmpp:privilege:0'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	125 type='allowed'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	126 <perm namespace='jabber:iq:roster' type='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	127 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	128 </query>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	129 </iq>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	130 ]]></example>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	131 <p>Note: the granted permissions MAY be different from the requested ones, according to server's configuration.</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	132 </section3>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	133 <section3 topic='Server Reject Admin Privilege' anchor='reject_status'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	134 <p>If the server reject the privileged status, it MUST return a &forbidden; error:</p>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	135 <example caption='Server reject admin privilege'><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	136 <iq from='capulet.net' to='pubsub.capulet.net' type='error' id='privilege1'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	137 <error type='cancel'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	138 <forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	139 </error>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	140 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	141 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	142 </section3>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	143 </section2>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	144
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	145 <section2 topic='Privileged Entity Send &IQ; Stanzas' anchor='priv_iq_admin'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	146 <p>Sending an &IQ; stanzas is done by sending the stanza the way it would be done by the managed entity, except that its jid is in the 'to' attribute. In the following example, the PubSub service want to know juliet's roster because she own a node with access model based on publiser's roster:</p>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	147 <example caption='Privileged Entity Send A Roster Stanza'><![CDATA[
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	148 <iq id='roster1'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	149 xmlns='urn:xmpp:privilege:0'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	150 to='juliet@example.com'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	151 type='get'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	152 id='roster1'>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	153 <query xmlns='jabber:iq:roster'/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	154 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	155 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	156
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	157 <p>The server then answer normaly, as it would have done with the managed entity:</p>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	158 <example caption='Server Answer To Privileged Entity'><![CDATA[
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	159 <iq id='roster1'
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	160 from='juliet@example.com'
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	161 to='pubsub.capulet.net'
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	162 type='result'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	163 <query xmlns='jabber:iq:roster' ver='ver7'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	164 <item jid='nurse@example.com'/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	165 <item jid='romeo@example.net'/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	166 </query>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	167 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	168 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	169
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	170 <p>In the following example, the sync.capulet.net privileged entity want to access managed entity's bookmarks to synchronize them with an online service. It can request the bookmarks in the following way:</p>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	171 <example caption='Privileged Entity Request Bookmarks'><![CDATA[
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	172 <iq id='bookmark1'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	173 to='juliet@capulet.lit'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	174 type='get'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	175 <pubsub xmlns='http://jabber.org/protocol/pubsub'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	176 <items node='storage:bookmarks'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	177 </pubsub>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	178 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	179 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	180 <p>and server answer:</p>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	181
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	182 <example caption='Server Returns Bookmarks'><![CDATA[
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	183 <iq id='bookmark1'
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	184 to='sync.capulet.net'
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	185 type='result'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	186 <pubsub xmlns='http://jabber.org/protocol/pubsub'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	187 <items node='storage:bookmarks'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	188 <item id='current'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	189 <storage xmlns='storage:bookmarks'>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	190 <conference name='The Play's the Thing'
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	191 autojoin='true'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	192 jid='theplay@conference.shakespeare.lit'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	193 <nick>JC</nick>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	194 </conference>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	195 </storage>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	196 </item>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	197 </items>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	198 </pubsub>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	199 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	200 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	201 </section2>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	202 </section1>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	203
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	204 <section1 topic='Client Mode Use Cases' anchor='client_usecases'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	205 <section2 topic='Permission Request Use Case' anchor='client_perm'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	206 <p>In <em>client</em> mode, the privileged entity is not certified by the server administrator, so the permissions MUST be <strong>explicitly</strong> allowed by the managed entity. This is initiated by the privileged entity (it can be after an interaction with a managed entity, like a subscription). It's done in the same way as for <em>admin</em> mode with the following exceptions:</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	207 <ol>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	208 <li>the privilege type is <em>client</em> instead of <em>admin</em></li>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	209 <li>the privilege is done per entity, so the managed entity MUST be specified in a 'to' attribute</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	210 </ol>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	211 <p>If an entity want a read/write access to a client's roster (juliet) and a read only access to her pubsub, it can ask the permission like this:
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	212 </p>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	213 <example caption='Entity Asks For User Privilege'><![CDATA[
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	214 <iq from='priv.montaigu.net' to='capulet.net' type='get' id='privilege1'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	215 <query xmlns='urn:xmpp:privilege:0'
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	216 type='request'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	217 privilege='client'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	218 to='juliet@capulet.net'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	219 <perm namespace='jabber:iq:roster' type='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	220 <perm namespace='http://jabber.org/protocol/pubsub' type='get'/>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	221 </query>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	222 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	223 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	224 <p>Once received the permission request, the server ask to the client if it grant access to the requested permission using &xep0004;. The form SHOULD allow to fine tune the granted permissions. The server use a challenge which it MUST have generated himself.
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	225 </p>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	226 <example caption='Server Asks User For The Permission'><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	227 <message from='capulet.net' to='juliet@capulet.net'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	228 <body>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	229 priv.montaigu.net wants some privileges.
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	230 Do you you allow him to use the following features ?
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	231
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	232 Be careful ! According permissions to entity is a serious thing,
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	233 think twice that you can trust the entity before doing this.
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	234 </body>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	235 <x xmlns='jabber:x:data' type='form'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	236 <title>Privileges request</title>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	237 <instructions>priv.montaigu.net wants to use the following features:
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	238 Do you allow it?</instructions>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	239 <field type='hidden' var='challenge'><value>5439123</value></field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	240 <field type='hidden' var='FORM_TYPE'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	241 <value>urn:xmpp:privilege:0</value>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	242 </field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	243 <field type='list-single'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	244 label='Manage roster (jabber:iq:roster) READ/WRITE'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	245 var='jabber:iq:roster'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	246 <value>0</value>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	247 <option label='None'><value>none</value></option>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	248 <option label='Read only (get)'><value>get</value></option>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	249 <option label='Write only (set)'><value>set</value></option>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	250 <option label='Read and write (both)'><value>both</value></option>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	251 </field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	252 <field type='list-single'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	253 label='Manage PubSub (http://jabber.org/protocol/pubsub) READ'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	254 var='http://jabber.org/protocol/pubsub'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	255 <value>0</value>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	256 <option label='None'><value>none</value></option>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	257 <option label='Read only (get)'><value>get</value></option>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	258 </field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	259 </x>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	260 </message>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	261 ]]></example>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	262 <p>The server SHOULD include a warning message, SHOULD translate the namespace to human friendly names (and MAY keep the original namespace in addition) and MUST set the default value to "<strong>none</strong>" (permission refused). The server SHOULD use namespace as field var, so a client can use it to have a customized display.</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	263 <p>The client can then answer to the form:</p>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	264 <example caption='Client Answer To The Form'><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	265 <message from='juliet@capulet.net' to='capulet.net'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	266 <x xmlns='jabber:x:data' type='submit'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	267 <field var='FORM_TYPE'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	268 <value></value>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	269 </field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	270 <field var='challenge'><value>5439123</value></field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	271 <field var='jabber:iq:roster'><value>both</value></field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	272 <field var='http://jabber.org/protocol/pubsub'><value>none</value></field>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	273 </x>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	274 </message>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	275 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	276 <p>Here juliet accept that <em>priv.montaigu.net</em> use 'set' and 'get' to manage her roster, but doesn't want it to do any 'get' on her pubsub nodes.</p>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	277 <p>Finaly, the server notify the entity of the permissions granted. For this it use a &QUERY; element with the 'allowed' type, and put the client jid in a 'from' attribute:</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	278 <example caption='Server notify accepted permissions'><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	279 <iq from='capulet.net' to='priv.montaigu.net' type='set' id='privilege2'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	280 <query xmlns='urn:xmpp:privilege:0'
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	281 type='allowed'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	282 from='juliet@capulet.net'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	283 <perm namespace='jabber:iq:roster' type='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	284 <perm namespace='http://jabber.org/protocol/pubsub' type='none'/>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	285 </query>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	286 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	287 ]]></example>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	288 <p>The privileged entity can now act according to permission granted to him.</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	289 </section2>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	290 <section2 topic='Privileged Entity Send &IQ; Stanzas' anchor='priv_iq_client'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	291 <p>sending &IQ; stanza is done in the exact same way as for <link url='#priv_iq_admin'>admin mode</link>. If an entity want to sent a non authorized &IQ;, it get a &forbidden; error:</p>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	292 <example caption='Entity Request bookmarks'><![CDATA[
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	293 <iq to='juliet@capulet.lit' type='get' id='bookmark1'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	294 <pubsub xmlns='http://jabber.org/protocol/pubsub'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	295 <items node='storage:bookmarks'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	296 </pubsub>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	297 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	298 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	299
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	300 <example caption='The Stanza Is Not Autorized !'><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	301 <iq from='capulet.net' to='priv.montaigu.net' type='error' id='bookmark1'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	302 <error type='cancel'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	303 <forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	304 </error>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	305 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	306 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	307 </section2>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	308 </section1>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	309
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	310 <section1 topic='Special permissions' anchor='special'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	311 <p>In some case, an entity may need extra permission beyond what &IQ; stanzas can do. An entity may want to send &MESSAGE; stanzas on behalf of the server, or get &PRESENCE; informations. The special permissions manage these cases with some restrictions.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	312
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	313 <section2 topic='message permission' anchor='message'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	314 <p>With some namespaces it can be desirable to send notifications (e.g. PEP service), so the privileged entity must be able to send &MESSAGE; stanzas. To do this, it MUST request it by using a <perm/> element with the special "message" namespace attribute and a 'type' attribute with the value "outgoing" (any other type MUST be rejected with a &forbidden; error).</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	315 <p>A privileged entity can then send message on the behalf either of the server or of a bare jid of the server, using &xep0297;, with the following restrictions:</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	316 <ol>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	317 <li>forwarded &MESSAGE; 'type' attribute has the value of "headline"</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	318 <li>forwarded &MESSAGE; 'from' attribute MUST be a bare jid from the server, no resource is allowed</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	319 <li>in client mode, the forwarded &MESSAGE; 'from' attribute can only be one of a managed entity which has explicitly accepted the delegation</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	320 </ol>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	321 <p>If any of this rules is violated, the server MUST return a <not-authorized/> stream error and close the connection, as explained in &rfc6120; section 4.9.3.12.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	322 <p>In the following example, pubsub.capulet.lit ask for pubsub and outgoing messages permission</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	323 <example caption='entity asks for outgoing messages permission'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	324 <iq from='pubsub.capulet.net' type='get' id='privilege1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	325 <query xmlns='urn:xmpp:privilege:0' type='request' privilege='admin'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	326 <perm namespace='message' type='outgoing'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	327 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	328 </query>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	329 </iq>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	330 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	331
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	332 <example caption='server accept permissions'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	333 <iq from='capulet.net' to='pubsub.capulet.net' type='result' id='privilege1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	334 <query xmlns='urn:xmpp:privilege:0' type='allowed'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	335 <perm namespace='message' type='outgoing'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	336 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	337 </query>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	338 </iq>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	339 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	340 <p>Now that <em>pubsub.capulet.lit</em> is allowed, it can send messages using <forwarded/> elements.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	341 <example caption='privileged entity send a notificaction message'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	342 <message from='pubsub.capulet.lit' to='capulet.lit' id='notif1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	343 <forwarded xmlns='urn:xmpp:forward:0'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	344 <message from='juliet@capulet.lit'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	345 id='foo'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	346 to='romeo@montague.lit/orchard'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	347 type='headline'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	348 xmlns='jabber:client'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	349 <event xmlns='http://jabber.org/protocol/pubsub#event'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	350 <items node='http://jabber.org/protocol/tune'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	351 <item>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	352 <tune xmlns='http://jabber.org/protocol/tune'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	353 <artist>Gerald Finzi</artist>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	354 <length>255</length>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	355 <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	356 <title>Introduction (Allegro vigoroso)</title>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	357 <track>1</track>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	358 </tune>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	359 </item>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	360 </items>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	361 </event>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	362 <delay xmlns='urn:xmpp:delay' stamp='2014-11-25T14:34:32Z'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	363 </message>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	364 </forwarded>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	365 </message>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	366 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	367 <p>The server see that forwarded message type is '<em>headline</em>', that <em>juliet@capulet.lit</em> is a bare jid of the server, and that outgoing message permission was granted in admin mode (so all bare jids from server are allowed); it can now send the notification:</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	368 <example caption='server send the notification as if it was originating from him'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	369 <message from='juliet@capulet.lit'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	370 id='bar'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	371 to='romeo@montague.lit/orchard'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	372 type='headline'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	373 <event xmlns='http://jabber.org/protocol/pubsub#event'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	374 <items node='http://jabber.org/protocol/tune'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	375 <item>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	376 <tune xmlns='http://jabber.org/protocol/tune'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	377 <artist>Gerald Finzi</artist>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	378 <length>255</length>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	379 <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	380 <title>Introduction (Allegro vigoroso)</title>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	381 <track>1</track>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	382 </tune>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	383 </item>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	384 </items>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	385 </event>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	386 <delay xmlns='urn:xmpp:delay' stamp='2014-11-25T14:34:32Z'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	387 </message>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	388 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	389 </section2>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	390
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	391 <section2 topic='Managed Entity Presence' anchor='managed_ent_presence'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	392 <p>It can be often desirable for a privileged entity to have presence information of the managed entities (e.g. to know when to send it notificiations). As privileges must be transparent for the managed entity (in admin mode), this presence has to be sent by the server without modifying managed entity roster.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	393 <p>To do this, the privileged entity MUST ask for presence information when requesting privileges, using a special "presence" namespace attribute and a 'type' attribute with the value "managed_entity".</p><p>If the delegation is granted, the server MUST use a directed presence, as specified in &rfc6121; section 4.6 on the behalf of managed entity each time its presence information change.</p><p>This privilege MUST NOT be requested in client mode, and the server MUST reject the permission by setting the allowed type to "none". If an entity need presence information in client mode, it SHOULD request it using the normal &PRESENCE; subscription mechanism.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	394 <example caption='privileged entity asks for pusub privilege with presence'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	395 <iq from='pubsub.capulet.net' type='get' id='privilege1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	396 <query xmlns='urn:xmpp:privilege:0' type='request' privilege='admin'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	397 <perm namespace='presence' type='managed_entity'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	398 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	399 </query>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	400 </iq>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	401 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	402
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	403 <example caption='server accept privileges'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	404 <iq from='capulet.net' to='pubsub.capulet.net' type='result' id='privilege1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	405 <query xmlns='urn:xmpp:privilege:0' type='allowed'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	406 <perm namespace='presence' type='managed_entity'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	407 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	408 </query>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	409 </iq>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	410 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	411
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	412 <example caption='server receive new presence from juliet'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	413 <presence from='juliet@capulet.lit/balcony'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	414 id='presence1'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	415 xml:lang='en'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	416 <show>chat</show>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	417 <status>Staying on the balcony</status>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	418 </presence>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	419 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	420 <example caption='server redirect presence to privileged entity'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	421 <presence from='juliet@capulet.lit/balcony'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	422 to='pubsub.capulet.lit'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	423 id='presence1'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	424 xml:lang='en'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	425 <show>chat</show>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	426 <status>Staying on the balcony</status>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	427 </presence>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	428 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	429 </section2>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	430
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	431 <section2 topic='Roster Presence' anchor='roster_presence'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	432 <p>In addition to "<link url='#managed_ent_presence'>managed entity presence</link>", a privileged entity may need to know when a contact in managed entity roster is online (for example, it's necessary for a PEP service because of the presence default access model).</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	433 <p>In this case, privileged entity MUST ask for presence information when requesting privileges, using a special "presence" namespace attribute (as in previous section) and a 'type' attribute with the value "roster". Furthermore, the privileged entity MUST have read permission on roster namespace (i.e. 'type' attribute in allowed <perm> of namespace <em>jabber:iq:roster</em> MUST have a value of either <strong>get</strong> or <strong>both</strong>).</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	434 <p>If the delegation is granted, the server MUST send to the privileged entity every presence information that the managing entity is receiving.</p><p>The server MUST reject the permission if the privileged entity doesn't have read permission on roster namespace.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	435 <p>Note: this permission should be given carefully, as it give access to presence of potentially a lot of entities to the privileged entity (see <link url='#security'>security considerations</link>). If allowed in client mode, server SHOULD display an extra warning when requesting permissions to the managed entity.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	436 <example caption='privileged entity asks for pusub privilege with presence roster'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	437 <iq from='pubsub.capulet.net' type='get' id='privilege1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	438 <query xmlns='urn:xmpp:privilege:0' type='request' privilege='admin'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	439 <perm namespace='presence' type='roster'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	440 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	441 <perm namespace='jabber:iq:roster' type='get'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	442 </query>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	443 </iq>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	444 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	445 <p>Note the presence of <em>jabber:iq:roster</em> permission request.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	446
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	447 <example caption='server accept privileges'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	448 <iq from='capulet.net' to='pubsub.capulet.net' type='result' id='privilege1'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	449 <query xmlns='urn:xmpp:privilege:0' type='allowed'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	450 <perm namespace='presence' type='roster'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	451 <perm namespace='http://jabber.org/protocol/pubsub' type='both'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	452 <perm namespace='jabber:iq:roster' type='get'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	453 </query>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	454 </iq>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	455 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	456
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	457 <example caption="server receive new presence from Romeo, which is in Juliet's roster"><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	458 <presence from='romeo@montaigu.lit/orchard'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	459 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	460 <example caption='server send the presence as usually, but also to the privileged entity'><![CDATA[
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	461 <presence from='romeo@montaigu.lit/orchard'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	462 to='juliet@capulet.lit'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	463 <presence from='romeo@montaigu.lit/orchard'
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	464 to='pubsub.capulet.lit'/>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	465 ]]></example>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	466 </section2>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	467 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	468
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	469 <section1 topic='Configuration' anchor='configuration'>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	470 <p>Server SHOULD provide a way to clients to check already granted permission, and revoke them by using &xep0050; on the well-defined command node of <strong>'urn:xmpp:privilege:0#configure'</strong>.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	471 <p>If present, the configurations commands MUST allow at least to check permissions granted to a privileged entity, and to revoke them. A server MAY offer an option to keep permission from one session to an other (see <link url='#rules'>business rules</link>).</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	472 </section1>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	473
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	474 <section1 topic='Discovering Support' anchor='disco'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	475 <p>If a server or an entity supports the entity privilege protocol, it MUST report that fact by including a service discovery feature of "urn:xmpp:privilege:0" in response to a &xep0030; information request:</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	476 <example caption="Service Discovery information request"><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	477 <iq from='pubsub.capulet.net'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	478 id='disco1'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	479 to='capulet.net'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	480 type='get'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	481 <query xmlns='http://jabber.org/protocol/disco#info'/>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	482 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	483 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	484 <example caption="Service Discovery information response"><![CDATA[
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	485 <iq from='capulet.net'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	486 id='disco1'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	487 to='pubsub.capulet.net'
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	488 type='result'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	489 <query xmlns='http://jabber.org/protocol/disco#info'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	490 ...
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	491 <feature var='urn:xmpp:privilege:0'/>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	492 ...
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	493 </query>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	494 </iq>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	495 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	496 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	497
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	498 <section1 topic='Business Rules' anchor='rules'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	499 <ol>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	500 <li>In client mode, server MAY keep permission granted to an entity by a client from one session to an other, but if it do so, it MUST provide configuration like explained in the <link url='#configuration'>suitable section</link>. If server offer this feature, it SHOULD add a field directly in configuration commands.</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	501 <li>If a client can't check or revoke permission (i.e. it doesn't support &xep0050;) when granting permissions, the server MUST NOT keep granted permissions from one session to an other, and permissions will be asked on each new session.</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	502 <li>If permissions are changed during a session, server MUST notify privileged entity of the new permissions, like in <link url='#client_perm'>permission request use case</link></li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	503 <li>A server MUST NOT grant permission for this XEP namespace (<strong>'urn:xmpp:privilege:0'</strong>)</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	504 </ol>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	505 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	506
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	507 <section1 topic='Implementation Notes' anchor='impl'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	508 <p>As admin mode is far more easy to implement than client mode, a server MAY choose to only implement the former</p>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	509 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	510
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	511 <section1 topic='Security Considerations' anchor='security'>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	512 <ol>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	513 <li>Privileged entity nearly have the same possibility as the server itself, <em>admin</em> permission should be granted carefuly, only if you absolutely trust the entity.</li>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	514 <li>A server MAY choose to filter allowed namespaces, to avoid giving dangerous permissions. In this case, it MUST always set the allowed type of filtered namespaces to "<strong>none</strong>"</li>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	515 <li><link url='#roster_presence'>Roster presence</link> is particulary sensitive, because if an entity accept this permission, it give presence information from its whole roster. For this reason, a server MAY choose to forbid its use in client mode (by always setting the allowed type to "<strong>none</strong>"). A server SHOULD at least disallow it in default configuration.</li>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	516
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	517 <li>In case of filtering, a whitelist system is more secure and SHOULD be prefered to a blacklist (idealy, configuration would allow no filtering, whitelist filtering and blacklist filtering)</li>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	518 </ol>
677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	519 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	520
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	521 <section1 topic='IANA Considerations' anchor='iana'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	522 <p>This document requires no interaction with &IANA;.</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	523 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	524
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	525 <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	526 <section2 topic='Protocol Namespaces' anchor='ns'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	527 <p>The &REGISTRAR; includes 'urn:xmpp:privilege:0' in its registry of protocol namespaces (see &NAMESPACES;).</p>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	528 <ul>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	529 <li>urn:xmpp:privilege:0</li>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	530 </ul>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	531 </section2>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	532 <section2 topic='Protocol Versioning' anchor='registrar-versioning'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	533 &NSVER;
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	534 </section2>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	535 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	536
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	537 <section1 topic='XML Schema' anchor='schema'>
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	538 <code><![CDATA[
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	539 <?xml version='1.0' encoding='UTF-8'?>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	540
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	541 <xs:schema
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	542 xmlns:xs='http://www.w3.org/2001/XMLSchema'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	543 targetNamespace='urn:xmpp:privilege:0'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	544 xmlns='urn:xmpp:privilege:0'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	545 elementFormDefault='qualified'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	546
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	547 <xs:element name='query'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	548 <xs:complexType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	549 <xs:attribute name='type' use='required'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	550 <xs:simpleType base='xs:NMTOKEN'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	551 <xs:enumeration value='request'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	552 <xs:enumeration value='allowed'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	553 </xs:simpleType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	554 </xs:attribute>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	555 <xs:attribute name='privilege' use='optional'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	556 <xs:simpleType base='xs:NMTOKEN'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	557 <xs:enumeration value='admin'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	558 <xs:enumeration value='client'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	559 </xs:simpleType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	560 </xs:attribute>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	561 <xs:attribute name='to' use='optional' type='xs:string'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	562 </xs:attribute>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	563 <xs:element name='perm'
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	564 maxOccurs='unbounded'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	565 <xs:complexType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	566 <xs:attribute name='namespace' use='required' type='xs:string'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	567 <xs:attribute name='type' use='required'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	568 <xs:simpleType base='xs:NMTOKEN'>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	569 <xs:enumeration value='none'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	570 <xs:enumeration value='get'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	571 <xs:enumeration value='set'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	572 <xs:enumeration value='both'/>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	573 </xs:simpleType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	574 </xs:attribute>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	575 </xs:complexType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	576 </xs:element>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	577 </xs:complexType>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	578 </xs:element>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	579
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	580 </xs:schema>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	581 ]]></code>
c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	582 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	583
17 c6824592e3ef privileged entity xep update: Goffi <goffi@goffi.org> parents: 0 diff changeset	584 <section1 topic='Acknowledgements' anchor='acks'>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	585 <p>Thanks to Sergey Dobrov, Dave Cridland, Steven Lloyd Watkin, Lance Stout and Johannes Hund for their feedbacks.</p>
91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	586 <p>The client mode permission mechanism is inspired from &xep0321; permission request.</p>
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	587 </section1>
31 91d56a6e4b0d xep: privileged entity update: Goffi <goffi@goffi.org> parents: 17 diff changeset	588
0 677de998f9d9 XMPP: added privileged component protoXEP Goffi <goffi@goffi.org> parents: diff changeset	589 </xep>

Mercurial > sat_docs

annotate xmpp/xep-proto-privileged-component.xml @ 31:91d56a6e4b0d