Re: [Standards] XEP-0175 feedback
On Tue, Sep 15, 2009 at 7:39 PM, Peter Saint-Andre wrote: > Incorporating all the feedback provided so far, I have updated XEP-0175 > to version 1.2rc3. I have added a new section on "Deployment Types" and > have significantly modified the section on "Recommendations". The text > in my working copy now reads as follows: That sounds appropriate, thanks. /K
Re: [Standards] XEP-0175 feedback
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/15/09 11:29 AM, Kevin Smith wrote: > On Mon, Sep 14, 2009 at 5:29 PM, Jack Moffitt wrote: >> I'm fine with those amendments, Dave. > > I'm comfortable with them too (at least from my reading), and mostly > for the reasons Dave gives. Incorporating all the feedback provided so far, I have updated XEP-0175 to version 1.2rc3. I have added a new section on "Deployment Types" and have significantly modified the section on "Recommendations". The text in my working copy now reads as follows: *** 2. Deployment Types XMPP server implementations can be deployed in a variety of settings. Although it is difficult to provide recommendations for every kind of XMPP deployment, this document attempts to strike a balance between more and less controlled settings by defining three different deployment types: * Public deployments, such as well-known instant messaging (IM) services on the open Internet. * Private deployments, such as enterprise IM services, technical support departments, and helplines. * Specialized deployments that typically will be accessed in a controlled fashion, such as gaming services, members-only websites, and applications that are not used directly by human users. 3. Recommendations An XMPP server implementation SHOULD NOT enable the SASL ANONYMOUS mechanism by default, but instead SHOULD force the administrator of a given service to explicitly enable support in the context of that deployment. When a client authenticates using SASL ANONYMOUS, an XMPP server SHOULD assign a temporary, unique bare JID to the client. Although the method for ensuring the uniqueness of the localpart is a matter of implementation, it is RECOMMENDED for the localpart to be a UUID as specified in RFC 4122 [4]. Although RFC 4505 allows the client to provide so-called "trace data" when authenticating via SASL ANONYMOUS, it is NOT RECOMMENDED for the client to include trace data as the XML character data of the element (instead, the element SHOULD be empty). However, if trace data is included, the server MUST NOT use it for any purpose other than tracing (e.g., not use it as the resource identifier of the anonymous user's full JID). Because an anonymous user is unknown to the server, the server SHOULD appropriately restrict the user's access in order to limit the possibility of malicious behavior (such as denial of service attacks as described in Best Practices to Discourage Denial of Service Attacks [5]), especially on public deployments. The following restrictions are encouraged on public deployments. Administrators of private deployments and specialized deployments are advised to take these restrictions into account when configuring their services, but can reasonably relax these restrictions if they have appropriate access controls in place or their deployment requirements cannot be met using the more restrictive profile applied in public deployments. 1. During resource binding, the server MAY ignore the resource identifier provided by the client (if any) and instead assign a resource identifier that it generates on behalf of the client. 2. The server SHOULD NOT allow the client to initiate communication with entities hosted at remote servers. 3. The server MAY allow the client to establish relationships with local services and users; such relationships might include presence subscriptions and roster additions (see XMPP IM [6]), Multi-User Chat [7] registrations, and Publish-Subscribe [8] subscriptions. (Note that allowing presence subscriptions and roster additions can create a sub-optimal user experience for the added contacts.) However, if the server permits such relationships, it MUST cancel them when the client's session ends. 4. The server MAY allow the client to store information on the server for the purpsoe of providing an optimal user experience (e.g., storage of client preferences using Private XML Storage [9]). However, if the server allows this, it SHOULD remove such information when the client's session ends. 5. The server SHOULD NOT allow the client to send large numbers of XMPP stanzas or otherwise use large amounts of system resources (e.g., by binding multiple resource identifiers or creating multiple SOCKS5 Bytestreams [10] sessions). *** You can view the updated document here: http://xmpp.org/extensions/tmp/xep-0175-1.2.html The SVN diff from 1.1 is here: http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep-0175.xml?r1=1349&r2=3443 Peter - -- Peter Saint-Andre https://stpeter.im/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqv32YACgkQNL8k5A2w/vyOmQCdG55QFo9jtv1x3agvz2dc5Ot0 DvUAnRu9Snp1FovWPR6Kczy4XpUbjdBe =yxZ8 -END PGP SIGNATURE-
Re: [Standards] XEP-0175 feedback
On Mon, Sep 14, 2009 at 5:29 PM, Jack Moffitt wrote: > I'm fine with those amendments, Dave. I'm comfortable with them too (at least from my reading), and mostly for the reasons Dave gives. /K
Re: [Standards] XEP-0175 feedback
I'm fine with those amendments, Dave. jack.
Re: [Standards] XEP-0175 feedback
On Fri Sep 11 18:27:10 2009, Jack Moffitt wrote: Anonymous users MAY establish relationships with services and users if allowed by sever policy such as presence subscriptions, multi-user chat rooms, and pubsub subscriptions. If a server permits these relationships, it MUST cancel such relationships when the user's session ends. That's what I took it to mean by "long term relationships". A pubsub subscription that only lasts a session is, IMHO, comfortably within the one-night-stand length. Still, I'd go for SHOULD NOT, I can conceive of cases whereby this rule may need breaking, at least locally. It is not recommended that SASL ANONYMOUS users add human contacts to their rosters, as this may create odd user experiences. This makes sense, too. I'd go for NOT RECOMMENDED, though. (== SHOULD NOT). 2) The next line states that users SHOULD NOT store things on the server, and that if so the server MUST delete them. This is also overly restrictive. I can see several use cases where one would want to temporarily store something on the server and retrieve it in another session, similar to an HTTP cookie. I think that it should be the server operators perogative to allow or disallow storage and to determine when that storage is undone. Perhaps changing the MUST to MAY is enough. Or SHOULD, with a note that there are cases where service operators may need to rely on storage of data by anonymous clients. SHOULD means "Do this unless you know better". I do worry that although *you* certainly do know when to break these rules, a server implementor might think "Oh, hey, I don't have to do that then." The note implies that a configuration option might be useful to control this. Dave. -- Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
Re: [Standards] XEP-0175 feedback
Cheers, 2009/9/11 Jack Moffitt : > In general, the proposed changes in v1.2 at > http://xmpp.org/extensions/tmp/xep-0175-1.2.html > > are sound ones. I do however have some minor points to raise. > > 1) The current wording states that anonymous users SHOULD NOT be able > to establish long term relationships. I believe this is too strong. > I think that it will be quite common to use SASL ANONYMOUS clients to > do things like pubsub scriptions and creating muc rooms. My team and > I have done this in nearly every app we've written. I do however > agree that it makes sense to tear these down once the session is over. > > I propose the following wording instead: > > Anonymous users MAY establish relationships with services and users if > allowed by sever policy such as presence subscriptions, multi-user > chat rooms, and pubsub subscriptions. If a server permits these > relationships, it MUST cancel such relationships when the user's > session ends. I agree. I also often allow SASL ANONYMOUS clients to have time based PubSub subscriptions (or even presence based on my tests). Same for muc rooms based stuff. When user's session ends the cleaning must be done accordingly of course. Good weekend for all, -- tuomas 2009/9/11 Jack Moffitt : > I might add another sentence as well: > > It is not recommended that SASL ANONYMOUS users add human contacts to > their rosters, as this may create odd user experiences. > > 2) The next line states that users SHOULD NOT store things on the > server, and that if so the server MUST delete them. This is also > overly restrictive. I can see several use cases where one would want > to temporarily store something on the server and retrieve it in > another session, similar to an HTTP cookie. I think that it should be > the server operators perogative to allow or disallow storage and to > determine when that storage is undone. > > Perhaps changing the MUST to MAY is enough. > > > I do think that Peter's previous feedback of there being two different > scenarios is spot on. Some of us see this as "what should SASL > ANONYMOUS users be able to do on jabber.org" and some of us are not > running IM servers, but using SASL ANONYMOUS as a tool in a bigger > application. > > I think the above wording proposals are good enough for both cases, > but if people feel strongly otherwise, I think we may have to split > this into two sections of recommendations for the different use cases. > > jack.
[Standards] XEP-0175 feedback
In general, the proposed changes in v1.2 at http://xmpp.org/extensions/tmp/xep-0175-1.2.html are sound ones. I do however have some minor points to raise. 1) The current wording states that anonymous users SHOULD NOT be able to establish long term relationships. I believe this is too strong. I think that it will be quite common to use SASL ANONYMOUS clients to do things like pubsub scriptions and creating muc rooms. My team and I have done this in nearly every app we've written. I do however agree that it makes sense to tear these down once the session is over. I propose the following wording instead: Anonymous users MAY establish relationships with services and users if allowed by sever policy such as presence subscriptions, multi-user chat rooms, and pubsub subscriptions. If a server permits these relationships, it MUST cancel such relationships when the user's session ends. I might add another sentence as well: It is not recommended that SASL ANONYMOUS users add human contacts to their rosters, as this may create odd user experiences. 2) The next line states that users SHOULD NOT store things on the server, and that if so the server MUST delete them. This is also overly restrictive. I can see several use cases where one would want to temporarily store something on the server and retrieve it in another session, similar to an HTTP cookie. I think that it should be the server operators perogative to allow or disallow storage and to determine when that storage is undone. Perhaps changing the MUST to MAY is enough. I do think that Peter's previous feedback of there being two different scenarios is spot on. Some of us see this as "what should SASL ANONYMOUS users be able to do on jabber.org" and some of us are not running IM servers, but using SASL ANONYMOUS as a tool in a bigger application. I think the above wording proposals are good enough for both cases, but if people feel strongly otherwise, I think we may have to split this into two sections of recommendations for the different use cases. jack.