Re: XEP-0060 Subscription Authorization

Ralph Meijer wrote:
> On Mon, 2007-11-19 at 13:05 -0700, Peter Saint-Andre
wrote:
>> Lindsay Oproman wrote:
>>> [..]
>> If the node is configured for an access model of
"authorize" then each
>> subscription request will need to be approved by
the node owner, unless
>> the implementation includes some logic to
pre-approve subscription
>> requests from all resources based on the bare JID
(nodedomain.tld).
>> (Sounds like a good feature request.)
> 
> I think that XEP-0060 was designed to do access control
on bare JIDs,
> although we never made that explicit, apparently. You
can see this in
> various parts of the specification. For example, any
resource can
> manipulate the subscriptions and affiliations that are
associated with
> any resource of the bare JID and the bare JID itself.

Good point.

> I don't think making it explicit that all access
control is done on the
> bare JID should pose any issues. The only area that
might be a concern
> is doing publish-subscribe from within a MUC room, but
this is a special
> use case that we haven't given much attention anyway. I
do have some
> thoughts on it, were it necessary to pull that into
this thread.

Yes, that is "MEP".

> For what it is worth, Idavoll assigns affiliations to,
and does access
> control based on, bare JIDs.

I think that is right.

If someone would like to propose some text, that would be
great.
Otherwise I'll work something up soon.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/