Re: [Standards] Adding countrycode to XEP-0080: User Location

[Florian Zeitz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jason wrote:
> For my current useage this spec is too limiting to physical locations.
> parts of related specs allow for location types that are not
> representable by "country/gps etc", things like URLs, or TIME. (you can
> be conceptually @ a web location, time, or some other unknown, perhaps
> virtual representation of location), it would be nice if this spec were
> flexible enough to accomodate such notions.
> 

Can you possibly explain in more detail what your current usage is?
I personally think there is merrit in having this namespace/XEP
specifically bound to physical location. For websites your currently
browsing there is User Browsing and there is also XEP 0202 for getting
an entities time (although I don't know how that fits in the context of
locations).
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqUjH8ACgkQ0JXcdjR+9YQZ6QCfXr9W7zW+j69zGn8G/ScoxXG1
bzUAoMzpcUwQ0c0Zb4eSucI1HjSZMplb
=zKiM
-END PGP SIGNATURE-

Re: [Standards] Adding countrycode to XEP-0080: User Location

[Pierre-Luc Beaudoin]

On Wed, 2009-08-26 at 09:55 +0900, Jason wrote:
> For my current useage this spec is too limiting to physical locations.
> parts of related specs allow for location types that are not 
> representable by "country/gps etc", things like URLs, or TIME. (you
> can be conceptually @ a web location, time, or some other unknown,
> perhaps virtual representation of location), it would be nice if this
> spec were flexible enough to accomodate such notions. 

You should probably re-read the spec: all the fields are optional.  You
can also provide a time, a uri and you have text and description fields
at your disposition if the other ones are too restrictive.

I understand that this was strictly designed with Earth locations in
mind though. :)

Pierre-Luc


signature.asc
Description: This is a digitally signed message part

Re: [Standards] Adding countrycode to XEP-0080: User Location

[Jason]

For my current useage this spec is too limiting to physical locations.
parts of related specs allow for location types that are not 
representable by "country/gps etc", things like URLs, or TIME. (you can 
be conceptually @ a web location, time, or some other unknown, perhaps 
virtual representation of location), it would be nice if this spec were 
flexible enough to accomodate such notions.

Re: [Standards] Adding countrycode to XEP-0080: User Location

[Peter Saint-Andre]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 8/13/09 10:08 AM, Pierre-Luc Beaudoin wrote:

> I'd like to suggest the addition of a "countrycode" child element to
> XEP-0080: User Location.  This element would convey a xs:string
> representing the ISO 3166 two letter country code of the user's
> location.

That makes eminent sense. It's surprising to me that we haven't added it
before!

Peter

- --
Peter Saint-Andre
https://stpeter.im/


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqUFXgACgkQNL8k5A2w/vxnNACgqzLaenrazQykWPx2jHH34nUe
JjYAoKWyqCIm7DVhbFnSW5xlwqxR/KbE
=Bn13
-END PGP SIGNATURE-

Re: [Standards] LAST CALL: XEP-0227 (Portable Import/Export Format for XMPP-IM Servers)

[Kurt Zeilenga]

On Aug 25, 2009, at 3:40 AM, Tobias Markmann wrote:

On Tue, Aug 25, 2009 at 8:18 AM, Kevin Smith   
wrote:

> 4. Do you have any security concerns related to this specification?

Only in as much as it's a great big file with everyone's passwords in.

Sure there are little servers supporting it and there doesn't seem  
to be huge demand for it but maybe one should add support for other  
encodings for the password. Currently it seems you have to use  
plaintext there.


Because otherwise you have little mechanism agility.  That is, no  
ability to support mechanisms which have different mechanism specific  
hashes from those you chosen to store.


For example one could also allow storage of the password via two  
values(one for UTF8 and one for ISO 8859-1) of
H( { username-value, ":", realm-value, ":", passwd } ) as it is used  
in Digest-MD5 mechanism.


It would be nice if XEP 227 provided a format for indicating that a  
password is hashed by a particular algorithm.


However, I don't think we should require importing servers to support  
any particular algorithm other than cleartext.  If a server exports a  
Digest-MD5 hash but the importer only accepts plain text, it's up to  
the admin to resolve the problem (by resetting passwords of all users,  
or by convincing the developers of the importing server to add new  
features, or whatever).


That is, if you want exchange interoperability, export passwords as  
plain text.



Similar method should be possible for future SCRAM mechanism.


And for SRP and ...,  but each will likely be different.

-- Kurt

Re: [Standards] LAST CALL: XEP-0227 (Portable Import/Export Format for XMPP-IM Servers)

[Tobias Markmann]

On Tue, Aug 25, 2009 at 8:18 AM, Kevin Smith  wrote:

> > 4. Do you have any security concerns related to this specification?
>
> Only in as much as it's a great big file with everyone's passwords in.


Sure there are little servers supporting it and there doesn't seem to be
huge demand for it but maybe one should add support for other encodings for
the password. Currently it seems you have to use plaintext there.
For example one could also allow storage of the password via two values(one
for UTF8 and one for ISO 8859-1) of
H( { username-value, ":", realm-value, ":", passwd } ) as it is used in
Digest-MD5 mechanism.

Similar method should be possible for future SCRAM mechanism.

Tobias

[Standards] XEP 0254 suggestions

[Mads Randstoft]

Title: Signatur




After looking at PubSub queuing for our system, we have desided that
this is almost what we need.

I have a few suggestions to be discussed before we do an implementation
and I will try and move this to Draft or even Final soon.

1) Priority queue.
As an added namespaced attribute to  (described in
XEP-0060) a priority would be set, and in case there are already
unhandled (not yet locked) items in the queue, this item is added in a
priority queue manner.
This gives the following questions.
What are priorities? I suggest a list of 5 from "Highest, High,
Default, Low, Lowest".
What happens if a priority is not set? I suggest, based on the above
that a Default is chosen if none is set.
Should starvation prevention be implemented? Implementation specific.
Should timeout be different based on priority? Implementation specific.

2) Handler & Monitor subscriptions.
As an extension of the current proposition, I would like to add
"Monitor" subscriptions, that work in the same way, "normal" PubSub
(XEP-0060) works, each monitor subscriber gets a normal notification,
the component does NOT lock the item to any monitor.
So, for each item that is published, any number of monitors are
notified, one handler is notified and item is locked to this handler.
Since items in a PubSub queue is deleted "quickly" by the handler,
Payload must be sent along with notifications, for all monitors to be
able to get it without
This gives the following questions.
How to distinguish monitor and handler? Via subscription options when
subscription is done.
Should monitor subscriptions be kept when client is offline? Possibly
set via subscription options.

3) I suggest renaming subscription option  "pubsub#queue_requests" to
"pubsub#max_concurrent_locks" as I belive this describes the purpose
better.

4) An ad-hoc command should be added for the component to get a readout
of the current queue size (number of items on a named queue at this
very moment, locked an not yet locked) this could be implementation
specific as well, but s std. could be deviced.
-- 


Med venlig hilsen / Best regards
Mads Randstoft


  

  
  
  
  mads randstoft
java developer
  
wireless factory aps
galionsvej 52
dk-1437 københavn k
  
mobile: +45 31 31 96 07
office: +45 70 20 12 92
fax: + 45 32 95 83 02
  m...@wirelessfactory.com
  www.wirelessfactory.dk
  

  

Re: [Standards] XEP-0215 and STUN/TURN

[Evgeniy Khramtsov]

Evgeniy Khramtsov wrote:

Hello.

I'm thinking of XEP-0215 implementation. In fact, the XEP is very 
simple to implement (at least on server), but that leads to 
configuration overkill. I imagine a system administrator maintaining a 
server with N nodes in a cluster and H virtual hosts. He wants to 
configure a stun, stuns, turn and turns server in external discovery. 
In that case he need to create N*3*H*3*H records in the configuration 
file: a stun and turn takes 3 sections per virtual host (udp, tcp and 
tls) each and requires to configure it on every node. If N=2 and H=2 
(a cluster of 2 nodes and 2 virtual hosts) he needs to create 72 
records! Of course a server software may provide a technique to reduce 
the overhead, but that may cause a configuration file complexity.


Personally, I'm interesting in a short-term credentials allocation for 
a TURN server. I think DNS is the right place to discover stun/turn 
services since corresponding specifications provide SRV records for that.




I think we can move the secret allocation part in a separate request. 
Example:



 



 


Or something like that. What do you think?

--
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:x...@jabber.ru.