Thank you Ralph and Peter. It sounds like I probably lucked out since I intend to use the authorize mode. Do you know if the <a href="http://jabber.org">jabber.org</a> server is running Idavoll?<br><br><div class="gmail_quote"> On Dec 4, 2007 6:26 PM, Peter Saint-Andre <<a href="mailto:stpeter@stpeter.im">stpeter@stpeter.im</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="Ih2E3d">Ralph Meijer wrote:<br>> On Mon, 2007-11-19 at 13:05 -0700, Peter Saint-Andre wrote:<br>>> Lindsay Oproman wrote:<br>>>> [..]<br>>> If the node is configured for an access model of "authorize" then each <br>>> subscription request will need to be approved by the node owner, unless<br>>> the implementation includes some logic to pre-approve subscription<br>>> requests from all resources based on the bare JID ( <a href="mailto:node@domain.tld">node@domain.tld</a>).<br>>> (Sounds like a good feature request.)<br>><br>> I think that XEP-0060 was designed to do access control on bare JIDs,<br>> although we never made that explicit, apparently. You can see this in <br>> various parts of the specification. For example, any resource can<br>> manipulate the subscriptions and affiliations that are associated with<br>> any resource of the bare JID and the bare JID itself.<br><br> </div>Good point.<br><div class="Ih2E3d"><br>> I don't think making it explicit that all access control is done on the<br>> bare JID should pose any issues. The only area that might be a concern<br>> is doing publish-subscribe from within a MUC room, but this is a special <br>> use case that we haven't given much attention anyway. I do have some<br>> thoughts on it, were it necessary to pull that into this thread.<br><br></div>Yes, that is "MEP".<br><div class="Ih2E3d"> <br>> For what it is worth, Idavoll assigns affiliations to, and does access<br>> control based on, bare JIDs.<br><br></div>I think that is right.<br><br>If someone would like to propose some text, that would be great. <br>Otherwise I'll work something up soon.<br><div><div></div><div class="Wj3C7c"><br>Peter<br><br>--<br>Peter Saint-Andre<br><a href="https://stpeter.im/" target="_blank">https://stpeter.im/</a><br><br></div></div></blockquote> </div><br>