[JDEV] Security/Encryption Issues

[Andrew J. Lynn]

I agree with Michael and would like to add one other thing that is somewhat
related.  It would be good, if there are going to be updated versions of the
Jabber standards, to support per-subscription exposure levels.

What I mean by that is, if we are to take this a couple of years into the
future, and I have an instant messaging system that knows presence information
beyond available/idle/long-idle/dnd, for example
on-the-phone/emailing/in-the-office-but-not-at-the-computer, there would be new
privacy issues.  I might want my coworker who is working with me on a project to
know I'm in a meeting with my boss, but other people outside the company to just
see that I am not available for a videoconference.  Or I might want my fishing
buddy to know that I am currently conducting extramarital relations with my
18-year-old babysitter, but certainly not my brother-in-law.  Yes, this is a bit
beyond the current scope, but it is going to happen.

I guess this could be done in a transport, but it would be nice if there were,
say, a field in the standard roster element for this, similar to the group
element, and the server could send particular presence info to people with
particular information in there.

-Andy

p.s. -- For an example of a messaging system with authentication and encryption,
see gale (www.gale.org).  Also see Zephyr, which uses Kerberos authentication
but does not encrypt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: andy.vcf
Type: text/x-vcard
Size: 320 bytes
Desc: Card for Andrew J. Lynn
URL: <https://www.jabber.org/jdev/attachments/20000808/bde6ffc7/attachment-0002.vcf>