We still need to figure out private storage via pubsub. Joe Hildebrand proposed that we tack "+private" on the end of the namespace (NodeID):
http://mail.jabber.org/pipermail/standards/2007-March/014758.html Rephrasing and generalizing his email based on subsequent list discussion, I would present it as follows: *** Whenever a client publishes the first item to a node that ends in "+[accessmodel]", the pubsub service MUST create the node with a default access model equal to the specified model (that is "open" or "presence" or "roster" or "authorize" or "whitelist"). [1] For such a node, the access model MUST remain fixed and a pubsub service MUST return an error if the node owner tries to change it. *** Yes this hardcodes NodeIDs. But it has the benefit of being simple, explicit, and secure (the access model can't be changed, which is especially important for private storage). Thoughts? /psa [1] In fact "roster" doesn't make sense here since you need to specify the roster group. And BTW the list for "whitelist" must start out empty, i.e., only the node owner can publish or subscribe.
smime.p7s
Description: S/MIME Cryptographic Signature