[JDEV] Transports and unregistered Jabber accounts

[Alexey Nezhdanov]

I think this can be done (and done at least in icqv7t and JIT) on the 
transports side. Since transport usually requests authorization from 
client and server removes this authorization while removing registration 
the transport can beleive that <iq type='unsubscribed'/> is enough to 
unregister the client.

--
Alexey Nezhdanov

>Hi!
>
>I see problems in the way unregistering an account is handled. If an
>account is unregistered this account is dropped by the Jabber server but
>non of the transports a user has registered is notified about that (and
>it wouldn't even be easily possible as the server does not know which
>contact list entires are transports and the transports could even be
>just removed from the roster).
>The result is, that an other person can register for the same account
>and use the former users transport without reregistering and without
>knowing the password used to register the accounts. With some transports
>the new user can even retrive the password, that used used to register
>the transport.
>
>I think this should be fixed, but it might require that the server knows
>which roster items are transports. (This knowledge could be used for
>other things like Contact-Import as well.) The server could then
>unregister all transports if an account is deregistered or if the
>transport is removed from the roster.
>It would also be possible, that not the server cares about this but the
>client and that the client unregistered all transports before removing
>them or before unregistering the account. While this might be a good
>idea, I think the server should still care for this as well.
>
>
>Tot kijk
>    Matthias
>  
>