[JDEV] On Privacy/Invisibility (aka: Buddy Permit/Deny)

Jim Seymour jseymour at LinxNet.com
Sun Mar 17 09:50:59 CST 2002 

"Jean Louis Seguineau" <jean-louis.seguineau at antepo.com> wrote:
> 
[snip]
>  What I meant was to use
> something like:
> 
> <iq type="set" id="2">
>   <query xmlns="jabber:iq:privacy">
>     <item jid="jack at jabber.org" type="deny"/>
>     <item jid="jill at jabber.org" type="deny">
>       <message/>
>       <iq/>
>     </item>
>     <item jid="jill at jabber.org" type="allow">
>       <presence/>
>     </item>
>   </query>
> </iq>
[snip]

Forgive me if my comments are nonsense.  I'm relatively new at Jabber
and XML.

It seems to me the above doesn't work.  How would a combined deny/allow
list work in practice?  Specifically: what should the server do in the
presence of both, but the absence of a particular JID on either list?
Allow?  Deny?  And in the above scenario, what should the server do?
First JID match wins or last JID match over-rides?

Here are my thoughts, such as they are and keeping the caveat I
mentioned above in mind.

First of all: I believe "whitelisting" support needs to happen at the
start.  Particularly if the goal is to provide support similar to that
of AIM.  What I'm mainly working on is Jabber support in Gaim, so both
"blacklisting" and "whitelisting" capability would make things
considerably easier for consistency's sake.

I'm wondering if something more like this wouldn't work better
(warning: possibly completely brain-dead XML follows):

    <iq type="result" id="1"> 
     <query xmlns="jabber:iq:privacy" type="deny"> 
      <item jid="romeo at jabber.org"/> 
      <item jid="juliet at jabber.org"> 
       <message/> 
      </item> 
     </query> 
    </iq>

Which would provide for:

    <iq type="result" id="1"> 
     <query xmlns="jabber:iq:privacy" type="permit"> 
      <item jid="romeo at jabber.org"/> 
      <item jid="juliet at jabber.org"/> 
     </query> 
    </iq>

Then an empty "deny" list would be "permit everybody" and an empty
"permit" list would be a "deny everybody".

Admittedly: I'm not sure how this would work in conjunction with
"Client Requests to Filter a Specific IQ Namespace" (in the proposal).

I'm wondering what the thoughts are wrt interaction between "privacy,"
subscription requests, presence and the new "invisible" stuff in 1.4.2?
Would privacy "trump" these?  In other words:  if a JID was denied (or
not allowed--same thing): would/should the server automatically not
propagate subscription requests from the denied JID to the client?
And/or should it not propagate presence info back to the denied JID?


Regards,
Jim
-- 
Jim Seymour                  | PGP Public Key available at:
jseymour at LinxNet.com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |

More information about the JDev mailing list