[jdev] Fine permissions tuning for PubSub
Goffi
goffi at goffi.org
Mon Jun 25 21:28:12 UTC 2012
Hi Sergey,
> I am fine with a possibility to tune permissions per item
Cool :)
> but there are
> some nuances. For example, what if user posts an item to a foreign node
> (i.e. node where the user is not an owner). It will be strange to
> restrict an access for such item.
I know, and as I said in my blog post, I have simplified for my tests by
saying creator = owner = publisher. So if the publisher is not the
owner, there are some question about which roster to use, how to keep
roster private, etc.
AFAIK, there is no good way at the moment to access remotly (and
securely) the roster of an entity.
> I think we should not insert an item configuration form in the<item>
> but in<publish>.
That's right, I was thinking too the item node was not the best place,
but I wanted to tie to it. We can put the configuration in <publish>
indeed, and identify the item with its id.
> On the other hand, I think that it is time to invent new XEP to allow to
> implement such protocols as PEP or "Private XML storage" as separate
> components. It will facilitate migration from server to server and will
> increase speed of implementing new technologies.
I hope things will move a bit in the pubsub part of XMPP, as we need
severals things for modern softwares (per item permissions, better
decentralisation, polished microblogging, etc).
Thank for your feedback
Cheers
Goffi
More information about the JDev
mailing list