annotate xmpp/xep-0356.xml @ 103:e69883c1ec30

docker (libervia_cont): added a "status" command: - if libervia container is not running, it exits with error code 1 - if libervia container is running but no server is launched, it exits with error code 2 - if libervia container is running and server is launcher, it exits with error code 0 (success) server detection is done by doing a simple grep on logs, that's not perfectly reliable (ports can be changed in configuration, even if that doesn't really make sense in Docker context) but should be good enough for this purpose.
author Goffi <goffi@goffi.org>
date Sat, 27 Feb 2016 00:45:40 +0100
parents 4c5bd7ddaaca
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
1 <?xml version='1.0' encoding='UTF-8'?>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
2 <!DOCTYPE xep SYSTEM 'xep.dtd' [
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
3 <!ENTITY % ents SYSTEM 'xep.ent'>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
4 %ents;
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
5 ]>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
6 <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
7 <xep>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
8 <header>
41
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
9 <title>Privileged Entity</title>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
10 <abstract>This specification provides a way for XMPP entities to have a privileged access to some other entities data</abstract>
41
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
11 &LEGALNOTICE;
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
12 <number>0356</number>
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
13 <status>Experimental</status>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
14 <type>Standards Track</type>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
15 <sig>Standards</sig>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
16 <approver>Council</approver>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
17 <dependencies>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
18 <spec>XMPP Core</spec>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
19 </dependencies>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
20 <supersedes/>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
21 <supersededby/>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
22 <shortname>NOT_YET_ASSIGNED</shortname>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
23 <author>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
24 <firstname>Jérôme</firstname>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
25 <surname>Poisson</surname>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
26 <email>goffi@goffi.org</email>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
27 <jid>goffi@jabber.fr</jid>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
28 </author>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
29 <revision>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
30 <version>0.2</version>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
31 <date>2015-03-23</date>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
32 <initials>jp</initials>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
33 <remark>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
34 <p>Several updates according to feedbacks + review:</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
35 <ul>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
36 <li>added links to PEP and namespace delegation XEPs</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
37 <li>removed MUST for default values in configuration</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
38 <li>&lt;forwarded/&gt; element is now a child of a &lt;privilege/&gt; element</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
39 <li>&lt;perm/&gt; "namespace" attribute has been renamed to "access"</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
40 <li>"headline" type restriction for "message" privilege has been removed</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
41 <li>"message" permission violation now result in a "forbidden" message error</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
42 <li>for "presence" permission, only &PRESENCE; stanza with no type or with a "unavailable" type are sent to privileged entity</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
43 <li>added specifitation for "presence" if a managed entity is unavailable and if a privileged entity is available after first &PRESENCE; stanzas have been received</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
44 <li>added Business Rules section</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
45 <li>Updated namespace to reflect incompatible changes</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
46 </ul>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
47 </remark>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
48 </revision>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
49 <revision>
41
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
50 <version>0.1</version>
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
51 <date>2015-01-27</date>
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
52 <initials>XEP Editor (mam)</initials>
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
53 <remark><p>Initial published version approved by the XMPP Council.</p></remark>
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
54 </revision>
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
55 <revision>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
56 <version>0.0.4</version>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
57 <date>2014-12-18</date>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
58 <initials>jp</initials>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
59 <remark><ul>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
60 <li>Big simplification and restriction following council's veto and standard@ discussions</li>
35
e4ed0682d7b6 XEP: fixed a typo in privileged entity
Goffi <goffi@goffi.org>
parents: 34
diff changeset
61 <li>Configuration is now done only on server own configuration</li>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
62 <li>No more client mode</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
63 <li>Permissions are adverised using &MESSAGE;</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
64 <li>The only &IQ; privilege still available is jabber:iq:roster</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
65 </ul>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
66 </remark>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
67 </revision>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
68 <revision>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
69 <version>0.0.3</version>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
70 <date>2014-11-13</date>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
71 <initials>jp</initials>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
72 <remark><ul>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
73 <li>giving permission to manage this XEP namespace is forbidden</li>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
74 <li>Added configuration section; with well-defined command node</li>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
75 <li>better specification of persistent permissions</li>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
76 <li>fixed erroneous example (server returns bookmarks)</li>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
77 <li>added special permissions</li>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
78 <li>better specification of &QUERY; element</li>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
79 </ul>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
80 </remark>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
81 </revision>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
82 <revision>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
83 <version>0.0.2</version>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
84 <date>2014-09-17</date>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
85 <initials>jp</initials>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
86 <remark><ul>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
87 <li>changed for privileged entity</li>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
88 <li>fixes after feedbacks on standard mailing list</li>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
89 <li>completed missing required parts</li>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
90 </ul>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
91 </remark>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
92 </revision>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
93 <revision>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
94 <version>0.0.1</version>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
95 <date>2014-05-09</date>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
96 <initials>jp</initials>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
97 <remark><p>First draft.</p></remark>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
98 </revision>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
99 </header>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
100
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
101 <section1 topic='Introduction' anchor='intro'>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
102 <p>XMPP components are used for long through &xep0114;, but are quite limited: they have a restricted access to other entities data, similar to what a client can do. This is sufficient for components like gateways, but very limiting for more complex components like a PubSub service. The goal of this XEP is to allow a component or any entity to have a "privileged" status, and access some other entity data with the same privileges than the entity itself, that means manage an entity roster on its behalf, send &MESSAGE; or receive &PRESENCE; stanzas in the name of the server.</p>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
103 <p>Privileged entities have numerous advantages, including:</p>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
104 <ul>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
105 <li>a step forward in decentralization: it is possible for an entity to do tasks which were before reserved to server itself. For example, a privileged pubsub component can offer access model based on publisher's roster</li>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
106 <li>better integration of components: a gateway can add items to an entity roster itself</li>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
107 <li>possibility to overpass a server limitation (typically: incomplete &xep0163; implementation)</li>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
108 <li>quick development cycle: developers can implement the components they need without waiting for a new server release</li>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
109 <li>server agnostic</li>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
110 </ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
111 <p>Privileged entity has been created with the main goal to create an external, server agnostic, PEP service. It is restricted to only a couple of features, see <link url='#acks'>Acknowledgements section</link> for more details.</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
112 <p>This XEP is complementary to &xep0355; (and works in a similar way), although they can be used together or separately. To build something like an external PEP service, it is necessary to use both XEPs.</p>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
113 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
114
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
115 <section1 topic='Requirements' anchor='reqs'>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
116 <p>A privileged entity must be able to do what a PEP service can do and to access roster, so it must be able to (according to configuration):</p>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
117 <ul>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
118 <li>get and modify the roster of any entity managed by the server</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
119 <li>send a &MESSAGE; stanza on behalf of the server</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
120 <li>access &PRESENCE; informations for entities in a managed entity's roster (and for managed entity itself)</li>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
121 </ul>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
122 <p>The privilege mechanism MUST be totally transparent for the managed entities.</p>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
123 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
124
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
125 <section1 topic='Glossary' anchor='glossary'>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
126 <ul>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
127 <li><strong>Privileged entity</strong> the entity which has a privileged status.</li>
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
128 <li><strong>Managed entity</strong> the entity that is managed by a privileged entity.</li>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
129 </ul>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
130 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
131
41
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
132 <section1 topic='Accessing Roster' anchor='access_roster'>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
133
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
134 <section2 topic='Server Allows Roster Access' anchor='server_roster'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
135 <p>Roster access is granted in the server configuration. Roster access can have 4 types:</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
136 <ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
137 <li><strong>none</strong> the entity is not allowed to access managed entity roster at all. This is usually the default value.</li>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
138 <li><strong>get</strong> the entity is allowed to send &IQ; stanzas of type <em>'get'</em> for the namespace 'jabber:iq:roster'.</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
139 <li><strong>set</strong> the entity is allowed to send &IQ; stanzas of type <em>'set'</em> for namespace 'jabber:iq:roster'.</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
140 <li><strong>both</strong> the entity is allowed to send &IQ; stanzas of type <em>'get'</em> and <em>'set'</em> for namespace 'jabber:iq:roster'.</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
141 </ul>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
142 </section2>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
143
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
144 <section2 topic='Server Advertises Entity Of Allowed Permission' anchor='advertise_roster'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
145 <p>Once a privileged entity is authenticated and stream is started, the server send it a &MESSAGE; stanza with a &lt;privilege/&gt; elements which MUST have the namespace 'urn:xmpp:privilege:1'. This element contains &lt;perm/&gt; elements which MUST contain a 'access' attribute of the value "roster" and a 'type' attribute which must correspond to the type configured as specified in <link url='#server_roster'>"Server Allows Roster Access" section</link></p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
146 <example caption='Server Advertises Roster Privilege'><![CDATA[
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
147 <message from='capulet.net' to='pubub.capulet.lit' id='12345'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
148 <privilege xmlns='urn:xmpp:privilege:1'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
149 <perm access='roster' type='both'/>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
150 </privilege>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
151 </message>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
152 ]]></example>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
153 <p>Here <em>pubsub.capulet.lit</em> is allowed to do <em>get</em> and <em>set</em> operations on all entities managed by capulet.lit</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
154 </section2>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
155
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
156 <section2 topic='Privileged Entity Manage Roster' anchor='priv_manage_roster'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
157 <p>Doing a <em>get</em> or <em>set</em> operation on the roster of a managed entity is done in the usual way (as described in &rfc6121; section 2), except that the 'to' attribute is set to the attribute of the managed entity. The server MUST check that the privileged entity has right to <em>get</em> or <em>set</em> the roster of managed entity, and MUST return a &forbidden; error if it is not the case:</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
158 <example caption='Privileged Entity Get Managed Entity Roster'><![CDATA[
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
159 <iq id='roster1'
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
160 from='pubsub.capulet.lit'
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
161 to='juliet@example.com'
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
162 type='get'
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
163 id='roster1'>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
164 <query xmlns='jabber:iq:roster'/>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
165 </iq>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
166 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
167
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
168 <p>The server then answers normally, as it would have done to the managed entity:</p>
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
169 <example caption='Server Answers To Privileged Entity'><![CDATA[
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
170 <iq id='roster1'
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
171 from='juliet@example.com'
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
172 to='pubsub.capulet.net'
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
173 type='result'>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
174 <query xmlns='jabber:iq:roster' ver='ver7'>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
175 <item jid='nurse@example.com'/>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
176 <item jid='romeo@example.net'/>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
177 </query>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
178 </iq>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
179 ]]></example>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
180
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
181 </section2>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
182 </section1>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
183
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
184 <section1 topic='Message Permission' anchor='message'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
185 <section2 topic='Authorizing Messages' anchor='auth_mess'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
186 <p>In some cases, it can be desirable to send notifications (e.g. PEP service), so the privileged entity must be able to send &MESSAGE; stanzas. This is allowed in server configuration in the same way as for roster permission. The permission type can have the following values:</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
187 <ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
188 <li><strong>none</strong> the entity is not allowed to send &MESSAGE; stanza in the name of the server. This is usually the default value.</li>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
189 <li><strong>outgoing</strong> the entity is allowed to send &MESSAGE; stanzas in the name of the server, according to following restrictions.</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
190 </ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
191 <p>A privileged entity can then send message on the behalf either of the server or of a bare JID of an entity managed by the server (i.e. a bare jid with the same domain as the server), using &xep0297;. The &lt;forwarded/&gt; element MUST be a child of a &lt;privilege/&gt; element with a namespace of <em>'urn:xmpp:privilege:1'</em>, with the following restriction:</p>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
192 <ol>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
193 <li>forwarded &MESSAGE; 'from' attribute MUST be a bare JID from the server, no resource is allowed</li>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
194 </ol>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
195 <p>If this rule is violated, the server MUST return a &MESSAGE; error with condition &lt;forbidden/&gt;, as in &rfc6120; section 8.3.3.4.</p>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
196 </section2>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
197
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
198 <section2 topic='Advertising Permission' anchor='advertise_mess'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
199 <p>Server advertises "message" permission in the same way as for "roster" permission, except that 'access' attribute has the value of "message", and the 'type' attribute as a value of 'outgoing':</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
200 <example caption='Server Advertises Roster And Message Privileges'><![CDATA[
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
201 <message from='capulet.net' to='pubub.capulet.lit' id='54321'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
202 <privilege xmlns='urn:xmpp:privilege:1'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
203 <perm access='roster' type='both'/>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
204 <perm access='message' type='outgoing'/>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
205 </privilege>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
206 </message>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
207 ]]></example>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
208 </section2>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
209
41
21d0d0ab7aa0 xeps: renamed published proto-xeps, and updated them according to published version
Goffi <goffi@goffi.org>
parents: 36
diff changeset
210 <section2 topic='Sending Messages' anchor='sending_mess'>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
211 <p>Now that <em>pubsub.capulet.lit</em> is allowed, it can send messages using &lt;forwarded/&gt; elements.</p>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
212 <example caption='privileged entity send a notificaction message'><![CDATA[
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
213 <message from='pubsub.capulet.lit' to='capulet.lit' id='notif1'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
214 <privilege xmlns='urn:xmpp:privilege:1'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
215 <forwarded xmlns='urn:xmpp:forward:0'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
216 <message from='juliet@capulet.lit'
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
217 id='foo'
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
218 to='romeo@montague.lit/orchard'
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
219 xmlns='jabber:client'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
220 <event xmlns='http://jabber.org/protocol/pubsub#event'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
221 <items node='http://jabber.org/protocol/tune'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
222 <item>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
223 <tune xmlns='http://jabber.org/protocol/tune'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
224 <artist>Gerald Finzi</artist>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
225 <length>255</length>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
226 <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
227 <title>Introduction (Allegro vigoroso)</title>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
228 <track>1</track>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
229 </tune>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
230 </item>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
231 </items>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
232 </event>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
233 <delay xmlns='urn:xmpp:delay' stamp='2014-11-25T14:34:32Z'/>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
234 </message>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
235 </forwarded>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
236 </privilege>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
237 </message>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
238 ]]></example>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
239 <p>The server sees that forwarded message 'from' attribute (<em>juliet@capulet.lit</em>) is a bare JID of the server, and that outgoing message permission was granted; it can now send the notification:</p>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
240 <example caption='server sends the notification as if it was originating from him'><![CDATA[
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
241 <message from='juliet@capulet.lit'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
242 id='bar'
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
243 to='romeo@montague.lit/orchard'>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
244 <event xmlns='http://jabber.org/protocol/pubsub#event'>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
245 <items node='http://jabber.org/protocol/tune'>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
246 <item>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
247 <tune xmlns='http://jabber.org/protocol/tune'>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
248 <artist>Gerald Finzi</artist>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
249 <length>255</length>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
250 <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
251 <title>Introduction (Allegro vigoroso)</title>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
252 <track>1</track>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
253 </tune>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
254 </item>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
255 </items>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
256 </event>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
257 <delay xmlns='urn:xmpp:delay' stamp='2014-11-25T14:34:32Z'/>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
258 </message>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
259 ]]></example>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
260 </section2>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
261 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
262
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
263 <section1 topic='Presence Permission' anchor='presence'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
264 <section2 topic='Managed Entity Presence' anchor='managed_ent_presence'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
265 <p>It can be often desirable for a privileged entity to have presence information of the managed entities (e.g. to know when to send them notificiations). As privileges must be transparent for the managed entity, this presence has to be sent by the server without modifying managed entity roster.</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
266 <p>This is allowed in server configuration in the same way as for <em>roster</em> and <em>message</em> permissions. The "presence" type can have the following values:</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
267 <ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
268 <li><strong>none</strong> the entity is not allowed to access &PRESENCE; informations at all. This is usually the default value.</li>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
269 <li><strong>managed_entity</strong> the entity is allowed to receive managed entity presence (see below).</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
270 <li><strong>roster</strong> the entity is allowed to receive presence informations of managed entity contacts, see <link url='#roster_presence'>Roster Presence section</link>.</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
271 </ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
272 <p>If the privilege is granted, the server MUST use a directed presence from the full jid of the managed entity, to the privileged entity, as specified in &rfc6121; section 4.6, on the behalf of managed entity each time its presence information change.</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
273 <p>Only presences with no 'type' attribute or with a 'type' attribute with the value "unavailable" are transmitted to the privileged entity, the server MUST NOT transmit &PRESENCE; stanza of any other type.</p>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
274 </section2>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
275
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
276 <section2 topic='Advertising Permission' anchor='advertise_managed_presence'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
277 <p>Server advertises "presence" permission in the same way as for "roster" or "message" permissions, except that 'access' attribute has the value of "presence", and the 'type' attribute has a value of "managed_entity"</p>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
278 </section2>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
279
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
280 <section2 topic="Server Send presence informations" anchor='server_send_presence'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
281 <p>Once the "presence" permission is granted, the server send presence informations:</p>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
282 <example caption='server receives new presence from Juliet'><![CDATA[
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
283 <presence from='juliet@capulet.lit/balcony'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
284 id='presence1'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
285 xml:lang='en'>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
286 <show>chat</show>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
287 <status>Staying on the balcony</status>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
288 </presence>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
289 ]]></example>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
290
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
291 <example caption='server redirects presence to privileged entity'><![CDATA[
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
292 <presence from='juliet@capulet.lit/balcony'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
293 to='pubsub.capulet.lit'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
294 id='presence1'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
295 xml:lang='en'>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
296 <show>chat</show>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
297 <status>Staying on the balcony</status>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
298 </presence>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
299 ]]></example>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
300
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
301 </section2>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
302
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
303 <section2 topic='Roster Presence' anchor='roster_presence'>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
304 <p>In addition to "<link url='#managed_ent_presence'>managed entity presence</link>", a privileged entity may need to know when a contact in managed entity roster is online (for example, it's necessary for a PEP service because of the presence default access model).</p>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
305 <p>As for other permissions, the access is granted in server's configuration, but there is an additional restriction: the privileged entity MUST have read permission on roster namespace (i.e. 'type' attribute in allowed &lt;perm&gt; of access <em>roster</em> MUST have a value of either <strong>get</strong> or <strong>both</strong>).</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
306 <p>If the privilege is granted, the server MUST send to the privileged entity every presence information with no 'type' attribute or with a 'type' with a value of 'unavailable' that the privileged entity is receiving or would receive if it were available. It do it in the same way as for <link url='#managed_ent_presence'>managing entity</link> by using directed &PRESENCE; from the full jid of the entity from which presence information has changed, to the privileged entity. If the managed entity is unavailable but the privileged entity is available, the server MUST send &PRESENCE; stanza to the later anyway.</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
307 <p>Having "roster" type for "presence" permission imply that you have also implicitly "managed_entity" type.</p><p>The server MUST reject the permission if the privileged entity doesn't have read permission on roster namespace.</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
308
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
309 <p>Note: this permission should be given carefully, as it gives access to presence of potentially a lot of entities to the privileged entity (see <link url='#security'>security considerations</link>).</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
310 </section2>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
311
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
312 <section2 topic='Advertising Permission' anchor='advertise_roster_presence'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
313 <p>Server advertises roster "presence" permission in the same way as for other permissions, except that the 'access' attribute has the value of "presence", and the 'type' attribute has a value of "roster"</p>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
314 <example caption='Server Advertises Roster, Message, Managed Entity Presence and Roster Presence Privileges'><![CDATA[
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
315 <message from='capulet.net' to='pubub.capulet.lit' id='54321'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
316 <privilege xmlns='urn:xmpp:privilege:1'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
317 <perm access='roster' type='both'/>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
318 <perm access='message'/>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
319 <perm access='presence' type='roster'/>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
320 </privilege>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
321 </message>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
322 ]]></example>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
323 <p>Note the presence of <em>roster</em> permission request.</p>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
324 </section2>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
325
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
326 <section2 topic="Privileged Entity Receive Roster Presences" anchor='priv_rec_roster_presence'>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
327 <example caption="server receives new presence from Romeo, which is in Juliet's roster"><![CDATA[
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
328 <presence from='romeo@montaigu.lit/orchard'/>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
329 ]]></example>
32
a3f262d5b594 xeps: typos/style fixes
souliane <souliane@mailoo.org>
parents: 31
diff changeset
330 <example caption='server sends the presence as usually, but also to the privileged entity'><![CDATA[
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
331 <presence from='romeo@montaigu.lit/orchard'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
332 to='juliet@capulet.lit'/>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
333 <presence from='romeo@montaigu.lit/orchard'
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
334 to='pubsub.capulet.lit'/>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
335 ]]></example>
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
336 </section2>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
337 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
338
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
339 <section1 topic='Business Rules' anchor='rules'>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
340 <ol>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
341 <li>For "presence" access, if a privileged entity is connected after first &PRESENCE; stanzas have been received, the server MUST send it all the &PRESENCE; stanzas with no 'type' attribute it would have had if it was connected first (in other words: all the presences informations for connected entities it has access to).</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
342 <li>For "presence" access, if a privileged entity is supposed to received several time the same &PRESENCE; stanza, the server SHOULD send it only once. For example: if <em>pubsub.capulet.lit</em> has a "presence" access with a "roster" type for <em>capulet.lit</em>, and <em>juliet@capulet.lit</em> and <em>nurse@capulet.it</em> both have <em>romeo@montague.lit</em> in their roster. When romeo is available, <em>pubsub.capulet.lit</em> shoud have its &PRESENCE; stanza only once (instead of 2 times).</li>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
343 </ol>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
344 </section1>
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
345
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
346 <section1 topic='Security Considerations' anchor='security'>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
347 <ol>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
348 <li>Privileged entitiy has access to sensitive data, and can act as the server itself, permissions should be granted carefuly, only if you absolutely trust the entity.</li>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
349 <li><link url='#roster_presence'>Roster presence</link> is particulary sensitive, because presence informations of whole rosters are shared.</li>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
350 <li>Generaly, the server MUST NOT allow the privileged entity to do anything that the managed entity could not do.</li>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
351 </ol>
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
352 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
353
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
354 <section1 topic='IANA Considerations' anchor='iana'>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
355 <p>This document requires no interaction with &IANA;.</p>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
356 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
357
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
358 <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
359 <section2 topic='Protocol Namespaces' anchor='ns'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
360 <p>The &REGISTRAR; includes 'urn:xmpp:privilege:1' in its registry of protocol namespaces (see &NAMESPACES;).</p>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
361 <ul>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
362 <li>urn:xmpp:privilege:1</li>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
363 </ul>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
364 </section2>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
365 <section2 topic='Protocol Versioning' anchor='registrar-versioning'>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
366 &NSVER;
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
367 </section2>
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
368 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
369
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
370 <section1 topic='XML Schema' anchor='schema'>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
371 <code><![CDATA[
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
372 <?xml version='1.0' encoding='UTF-8'?>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
373
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
374 <xs:schema
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
375 xmlns:xs='http://www.w3.org/2001/XMLSchema'
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
376 targetNamespace='urn:xmpp:privilege:1'
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
377 xmlns='urn:xmpp:privilege:1'
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
378 elementFormDefault='qualified'>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
379
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
380 <xs:element name='privilege'>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
381 <xs:complexType>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
382 <xs:element name='perm'
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
383 maxOccurs='unbounded'>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
384 <xs:complexType>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
385 <xs:attribute name='access' use='required' type='xs:string'/>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
386 <xs:simpleType base='xs:NMTOKEN'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
387 <xs:enumeration value='roster'/>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
388 <xs:enumeration value='message'/>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
389 <xs:enumeration value='presence'/>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
390 </xs:simpleType>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
391 <xs:attribute name='type' use='required'>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
392 <xs:simpleType base='xs:NMTOKEN'>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
393 <xs:enumeration value='none'/>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
394 <xs:enumeration value='get'/>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
395 <xs:enumeration value='set'/>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
396 <xs:enumeration value='both'/>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
397 <xs:enumeration value='outgoing'/>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
398 <xs:enumeration value='managed_entity'/>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
399 <xs:enumeration value='roster'/>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
400 </xs:simpleType>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
401 </xs:attribute>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
402 </xs:complexType>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
403 </xs:element>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
404 </xs:complexType>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
405 </xs:element>
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
406
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
407 </xs:schema>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
408 ]]></code>
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
409 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
410
17
c6824592e3ef privileged entity xep update:
Goffi <goffi@goffi.org>
parents: 0
diff changeset
411 <section1 topic='Acknowledgements' anchor='acks'>
43
4c5bd7ddaaca xep: updated XEP-0356 (privileged entity):
Goffi <goffi@goffi.org>
parents: 41
diff changeset
412 <p>Thanks to Sergey Dobrov, Dave Cridland, Steven Lloyd Watkin, Lance Stout, Johannes Hund, Kurt Zeilenga and Kevin Smith for their feedbacks. Thanks to Adrien Cossa for his typos/style corrections.</p>
34
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
413 <p>Privileged entity was initialy written to be a generic identity based access control (IBAC) which allows an entity to access sensitive data. After <link url='http://mail.jabber.org/pipermail/standards/2014-December/029378.html'>a discussion on standard mailing list</link>, it has been decided to restrict the current XEP to immediate needs to build an external PEP service, and to implement separately an Attribute Based Access Control (ABAC) which is more modern, generic and flexible. This XEP is still interesting for being easy to implement and doing the job.</p>
db9316a75306 XEP: updated privileged entity according to discussions following the council's veto (see http://mail.jabber.org/pipermail/standards/2014-December/029378.html):
Goffi <goffi@goffi.org>
parents: 33
diff changeset
414
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
415 </section1>
31
91d56a6e4b0d xep: privileged entity update:
Goffi <goffi@goffi.org>
parents: 17
diff changeset
416
0
677de998f9d9 XMPP: added privileged component protoXEP
Goffi <goffi@goffi.org>
parents:
diff changeset
417 </xep>