[jdev] XEP-0060 Subscription Authorization

[Lindsay Oproman]

Thank you Ralph and Peter. It sounds like I probably lucked out since I
intend to use the authorize mode. Do you know if the jabber.org server is
running Idavoll?

On Dec 4, 2007 6:26 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:

> Ralph Meijer wrote:
> > On Mon, 2007-11-19 at 13:05 -0700, Peter Saint-Andre wrote:
> >> Lindsay Oproman wrote:
> >>> [..]
> >> If the node is configured for an access model of "authorize" then each
> >> subscription request will need to be approved by the node owner, unless
> >> the implementation includes some logic to pre-approve subscription
> >> requests from all resources based on the bare JID (node at domain.tld).
> >> (Sounds like a good feature request.)
> >
> > I think that XEP-0060 was designed to do access control on bare JIDs,
> > although we never made that explicit, apparently. You can see this in
> > various parts of the specification. For example, any resource can
> > manipulate the subscriptions and affiliations that are associated with
> > any resource of the bare JID and the bare JID itself.
>
> Good point.
>
> > I don't think making it explicit that all access control is done on the
> > bare JID should pose any issues. The only area that might be a concern
> > is doing publish-subscribe from within a MUC room, but this is a special
> > use case that we haven't given much attention anyway. I do have some
> > thoughts on it, were it necessary to pull that into this thread.
>
> Yes, that is "MEP".
>
> > For what it is worth, Idavoll assigns affiliations to, and does access
> > control based on, bare JIDs.
>
> I think that is right.
>
> If someone would like to propose some text, that would be great.
> Otherwise I'll work something up soon.
>
> Peter
>
> --
> Peter Saint-Andre
> https://stpeter.im/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20071205/c22cb213/attachment-0002.htm>