moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity
xeps/inbox/pubsub-labels.xml

210 lines
8.0 KiB
XML
Raw Normal View History

0.0.1
2012-06-19 12:08:40 -04:00
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
<!ENTITY LABEL "<tt>&lt;label/&gt;</tt>">
<!ENTITY CATALOG "<tt>&lt;catalog/&gt;</tt>">
<!ENTITY ITEM "<tt>&lt;item/&gt;</tt>">
<!ENTITY SECURITYLABEL "<tt>&lt;securitylabel/&gt;</tt>">
<!ENTITY DISPLAYMARKING "<tt>&lt;displaymarking/&gt;</tt>">
<!ENTITY EQUIVALENTLABEL "<tt>&lt;equivalentlabel/&gt;</tt>">
<!ENTITY HEADLINE "<tt>&lt;headline/&gt;</tt>">
<!ENTITY IDENTITY "<tt>&lt;identity/&gt;</tt>">
<!ENTITY PUBLISH "<tt>&lt;publish/&gt;</tt>">
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Security Labels in PubSub</title>
<abstract>This document describes an extension to XEP-0258 (Security Labels in XMPP) to allow for the use of security labels in PubSub. This document describes
how security label metadata can be applied to the various elements within PubSub, including nodes and items.</abstract>
&LEGALNOTICE;
<number>xxxx</number>
<status>ProtoXEP</status>
<type>Standards Track</type>
<sig>Standards</sig>
<approver>Council</approver>
<dependencies>
<spec>XMPP Core</spec>
<spec>XEP-0060</spec>
<spec>XEP-0258</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>NOT_YET_ASSIGNED</shortname>
<author>
<firstname>Ashley</firstname>
<surname>Ward</surname>
<email>ashley.ward@surevine.com</email>
<jid>ashley.ward@surevine.com</jid>
</author>
<author>
<firstname>Lloyd</firstname>
<surname>Watkin</surname>
<email>lloyd.watkin@surevine.com</email>
<jid>lloyd.watkin@surevine.com</jid>
</author>
<revision>
<version>0.0.1</version>
<date>2012-05-16</date>
<initials>asw</initials>
<remark><p>First draft.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='intro'>
<p>This XEP defines a method to include Security Labels (as defined in &xep0258;) into PubSub (as
defined in &xep0060;). Security labels (sometimes referred to as confidentiality labels) blah
blah blah</p>
</section1>
<section1 topic='Requirements' anchor='reqs'>
<p>STRONGLY RECOMMENDED.</p>
</section1>
<section1 topic='Glossary' anchor='glossary'>
<p>OPTIONAL.</p>
<dl>
<dt>Security Label</dt>
<dd>The schema defined in &xep0258; with the XML namespace "urn:xmpp:sec-label:0"</dd>
</dl>
</section1>
<section1 topic='Entity Use Cases' anchor='entityusecases'>
<p>This section defines the use cases for and protocols to be used by any entity wishing to
publish or subscribe to content with a Security Label</p>
<section2 topic='Discovery' anchor='entityusecases-discovery'>
<p>A server SHOULD provide a label feature and information discovery for each node</p>
<p>Clients SHOULD discover label feature and information on a per-node basis</p>
</section2>
<section2 topic='Discover Nodes' anchor='entityusecases-discovernodes'>
<p>The protocol for node discovery is as defined in &xep0060;, but with the caveat that the
server SHOULD NOT return any nodes that have a security marking that the entity is not
authorised to view.</p>
<p>If a service implements a hierarchy of nodes (via
<link url="http://xmpp.org/extensions/xep-0060.html#collections">Collection Nodes</link>)
then the server MUST also prevent access to any child nodes of any nodes which the entity
is not authorised to view, even if the node's individual security label would otherwise
allow this</p>
</section2>
<section2 topic='Discover Items for a Node' anchor='entityusecases-discoveritems'>
</section2>
</section1>
<section1 topic='Subscriber Use Cases' anchor='subscriberusecases'>
</section1>
<section1 topic='Publisher Use Cases' anchor='publisherusecases'>
<section2 topic='Publish an Item' anchor='publisherusecases-publishitem'>
<p>Each Item within a &PUBLISH; element may be individually labelled with a &SECURITYLABEL;</p>
<p>The server SHOULD apply the default label for the node to any items which do not contain a
&SECURITYLABEL;</p>
<example caption="Publisher publishes an Item with a Security Label"><![CDATA[
<iq type='set'
from='hamlet@denmark.lit/blogbot'
to='pubsub.shakespeare.lit'
id='pub1'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
<publish node='princely_musings'>
<item>
<entry xmlns='http://www.w3.org/2005/Atom'>
<title>Soliloquy</title>
<summary>
To be, or not to be: that is the question:
Whether 'tis nobler in the mind to suffer
The slings and arrows of outrageous fortune,
Or to take arms against a sea of troubles,
And by opposing end them?
</summary>
<link rel='alternate' type='text/html'
href='http://denmark.lit/2003/12/13/atom03'/>
<id>tag:denmark.lit,2003:entry-32397</id>
<published>2003-12-13T18:30:02Z</published>
<updated>2003-12-13T18:30:02Z</updated>
</entry>
<securitylabel xmlns='urn:xmpp:sec-label:0'>
<displaymarking fgcolor='black' bgcolor='green'>UNCLASSIFIED</displaymarking>
<label>
<esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'>MQMGASk=</esssecuritylabel>
</label>
</securitylabel>
</item>
</publish>
</pubsub>
</iq>
]]></example>
<section3 topic='Notification with Payloads'>
<p>The service then notifies appropriately cleared subscribers</p>
<example caption="Subscriber receives event notification with payload"><![CDATA[
<message from='pubsub.shakespeare.lit' to='francisco@denmark.lit' id='foo'>
<event xmlns='http://jabber.org/protocol/pubsub#event'>
<items node=princely_musings'>
<item id='ae890ac52d0df67ed7cfdf51b644e901'>
<entry xmlns='http://www.w3.org/2005/Atom'>
<title>Soliloquy</title>
<summary>
To be, or not to be: that is the question:
Whether 'tis nobler in the mind to suffer
The slings and arrows of outrageous fortune,
Or to take arms against a sea of troubles,
And by opposing end them?
</summary>
<link rel='alternate' type='text/html'
href='http://denmark.lit/2003/12/13/atom03'/>
<id>tag:denmark.lit,2003:entry-32397</id>
<published>2003-12-13T18:30:02Z</published>
<updated>2003-12-13T18:30:02Z</updated>
</entry>
<securitylabel xmlns='urn:xmpp:sec-label:0'>
<displaymarking fgcolor='black' bgcolor='green'>UNCLASSIFIED</displaymarking>
<label>
<esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'>MQMGASk=</esssecuritylabel>
</label>
</securitylabel>
</item>
</items>
</event>
</message>
]]></example>
</section3>
<section3 topic='Notification without Payloads'>
<p>If the node is configured not to include payloads</p>
</section3>
</section2>
</section1>
<section1 topic='Business Rules' anchor='rules'>
<p>OPTIONAL.</p>
<ol>
<li>Server responses from a request for a node which the entity is not authorised to view MUST
be identical to a response as if that node did not exist.
<example caption="Request for a node that the entity is not authorised to view"><![CDATA[
<iq type='error'
from='pubsub.shakespeare.lit'
to='francisco@denmark.lit/barracks'
id='sub1'>
<error type='cancel'>
<item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</iq>
]]></example>
</li>
</ol>
</section1>
<section1 topic='Implementation Notes' anchor='impl'>
<p>OPTIONAL.</p>
</section1>
<section1 topic='Accessibility Considerations' anchor='access'>
<p>OPTIONAL.</p>
</section1>
<section1 topic='Internationalization Considerations' anchor='i18n'>
<p>OPTIONAL.</p>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>REQUIRED.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>REQUIRED.</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<p>REQUIRED.</p>
</section1>
<section1 topic='XML Schema' anchor='schema'>
<p>REQUIRED for protocol specifications.</p>
</section1>
</xep>