<abstract>This specification provides a presence-less standard for Multi-User Chats. Its feature set is a response to mobile XMPP applications needs and specific environment.</abstract>
<legal>
<copyright>This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF).</copyright>
<permissions>Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.</permissions>
<warranty>## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##</warranty>
<liability>In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.</liability>
<conformance>This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <<linkurl='http://xmpp.org/extensions/ipr-policy.shtml'>http://xmpp.org/extensions/ipr-policy.shtml</link>> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).</conformance>
<p>Classic Multi-User chat, as described in XEP-0045, adds an IRC-like functionality to XMPP. It distinguishes between the affiliation list and the occupant list, where the latter is based on presences routed to the room from the client resource. While perfectly sufficient for desktop applications and relatively stable network connection, it does not exactly meet the challenges the mobile world is facing. Modern mobile applications do not rely on presence information, as it can frequently change. The expected user experience not only differs from IRC model, but also uses only a small subset of XEP-0045 features. The service described in this specification attempts to provide a complete solution for all common use cases of mobile groupchats.</p>
</section1>
<section1topic='Requirements'anchor='reqs'>
<p>The list below contains the high-level features required from a new variant of MUC</p>
<ol>
<li>The service allows any user to create a room for group communication.</li>
<li>Users cannot join rooms on their own. They have to be added by the room owner or (if configured by service administrator) any other occupant.</li>
<li>Only the owner can remove other occupants from the room.</li>
<li>Every occupant can leave the room.</li>
<li>A user may block the attempts of being added to the specific room or by specific user.</li>
<li>The message sent in the room is always broadcasted to every occupant.</li>
<li>The full occupant list is always available to all occupants.</li>
<li>Occupant is always visible on the list, even if it does not have any resources online.</li>
<li>Occupants can only have two affiliations: owner and member.</li>
<li>There must be at most one owner in the room (the service can choose to treat all users equally).</li>
<li>If the room becomes empty, it is destroyed.</li>
<li>Occupants cannot hide behind nicks. Their real bare JID is always visible to everyone</li>
<li>No exchange of any &PRESENCE; stanza inside the room.</li>
<li>The user MUST be able to retrieve the list of rooms he or she occupies.</li>
<li>The owner can modify the room configuration at any time; members may also be allowed to set configuration.</li>
<li>All occupants can get the full room configuration at any time.</li>
<li>Room history is available only in Message Archive Management.</li>
</ol>
</section1>
<section1topic='Entity Use Cases'anchor='entity-usecases'>
<section2topic='Discovering a MUC Light Service'anchor='disco-service'>
<p>An entity often discovers a MUC service by sending a Service Discovery items ("disco#items") request to its own server.</p>
<examplecaption='Entity Queries the Server for Associated Services'><![CDATA[
<section2topic='Discovering the Features Supported by a MUC Light Service'anchor='disco-service-features'>
<p>An entity may wish to discover if a service implements the Multi-User Chat protocol; in order to do so, it sends a service discovery information ("disco#info") query to the MUC service's JID.</p>
<examplecaption='Entity Queries Chat Service for MUC Light Support via Disco'><![CDATA[
<p>The service discovery items ("disco#items") protocol enables an entity to query a service for a list of associated items, which in the case of a chat service would consist of the specific chat rooms the entity occupies.</p>
<examplecaption='Entity Queries Chat Service for Rooms'><![CDATA[
<p>If the full list of rooms is large (see <cite>XEP-0030</cite> for details), the service MAY return only a partial list of rooms. If it does so, it MUST include a <set/> element qualified by the 'http://jabber.org/protocol/rsm' namespace (as defined in &xep0059;) to indicate that the list is not the full result set.</p>
<examplecaption='Service Returns Limited List of Disco Items Result'><![CDATA[
<section1topic='Occupant Use Cases'anchor='occupant-usecases'>
<section2topic='Sending a message to a room'anchor='sending-message'>
<p>Every occupant in the room MAY broadcast messages to other occupants. In order to do so, the client MUST send a groupchat message to the room bare JID.</p>
<p>The room automatically assumes that occupants' nicks are equal to their bare JIDs. MUC light is designed for applications where it is not important to hide behind nicknames. On the contrary - it is up to th client to replace pure JIDs with user-friendly names like phone numbers or full names if necessary.</p>
<p>Room MUST route all messages of type 'groupchat'.</p>
<examplecaption='Client sends a message to the room'><![CDATA[
<messagefrom='hag66@shakespeare.lit/pda'
id='hysf1v37'
to='coven@muclight.shakespeare.lit'
type='groupchat'>
<body>Harpier cries: 'tis time, 'tis time.</body>
</message>
]]></example>
<examplecaption='Server broadcasts a groupchat message'><![CDATA[
<p>The service MAY allow room occupants to set the room subject by changing "subject" configuration field. A standard configuration stanza is used in this case. Subject change is announced like an ordinary configuration change.</p>
<examplecaption='Client sends a message to the room'><![CDATA[
<p>Room occupant may request room information (configuration and/or occupants list) by information version. It is up to service to define the version string, the only requirement for it is to be unique per room. Please note there are no separate versions for configuration and occupant list alone.</p>
<p>If the server side version does not match the one provided by the client (or if the client does not provide one, i.e. 'version' element is empty), the service MUST respond with a current version string and full configuration and/or occupant list.</p>
<p>If the version strings match, server MUST reply with an empty result.</p>
<p>Only room occupants can get room information.</p>
<examplecaption='Matching versions'><![CDATA[
<iqfrom='crone1@shakespeare.lit/desktop'
id='config0'
to='coven@muclight.shakespeare.lit'
type='get'>
<queryxmlns='urn:xmpp:muclight:0#configuration'>
<version>abcdefg</version>
</query>
</iq>
<iqfrom='coven@muclight.shakespeare.lit'
id='config0'
to='crone1@shakespeare.lit/desktop'
type='result' />
]]></example>
<section3topic='Getting the room configuration'anchor='get-room-config'>
<examplecaption='Client gets configuration from the server'><![CDATA[
<iqfrom='crone1@shakespeare.lit/desktop'
id='getconfig1'
to='coven@muclight.shakespeare.lit'
type='get'>
<queryxmlns='urn:xmpp:muclight:0#configuration'>
<version>abcdefg</version>
</query>
</iq>
<iqfrom='coven@muclight.shakespeare.lit'
id='getconfig1'
to='crone1@shakespeare.lit/desktop'
type='result'>
<queryxmlns='urn:xmpp:muclight:0#configuration'>
<version>123456</version>
<roomname>A Dark Cave</roomname>
</query>
</iq>
]]></example>
</section3>
<section3topic='Requesting a user list'anchor='requesting-user-list'>
<examplecaption='Client requests a user list'><![CDATA[
<p>A user MAY choose to automatically deny being added to the room. All stanzas must be directed to MUC Light service. User MAY send more than one item in a single request and mix both 'user' and 'room' elements.</p>
<p>If the occupant tries to add another user to the room, and this user has set a blocking policy, the server MUST ignore the attempt. No error is returned, this user is simply skipped when processing affiliation change query.</p>
<section3topic='Requesting a blocking list'anchor='block-get-list'>
<p>In order to get the current blocking list in MUC Light service, the client sends an empty IQ get query with a proper namespace.</p>
<p>The list includes only items with a 'deny' action, since the 'allow' behaviour is default for MUC Light and is only used for the list modification.</p>
<examplecaption='User retrieves a blocking list'><![CDATA[
<p>In order to cancel a blocking, a query must contain at least one 'room' or 'user' item with an 'allow' action and an appriopriate bare JID in the content.</p>
<p>Unblocking a JID that is not blocked does not trigger any error. The server MUST return empty IQ result in such case.</p>
<section1topic='Owner Use Cases'anchor='owner-usecases'>
<section2topic='Creating a new room'anchor='creating-a-room'>
<p>A room is created by submitting a dedicated stanza. The client application should pick random room node name, since human-readable room name is in configuration.</p>
<p>For rules that apply to the configuration options, please see "Setting room configuration" chapter.</p>
<p>The client MAY include initial configuration and occupant list (the list MUST NOT include the creator). The server MAY allow sending incomplete configuration form. In such case the server MUST use default values for missing fields. The server MAY enforce a minimal occupant list length.</p>
<p>The service MAY either give the creator the 'owner' or 'member' status. In the latter case all users are equal.</p>
<p>Upon room creation success, the service MUST reply with an empty IQ result.</p>
<p>The following rules (similar to the ones relevant to the affiliation change request) apply to the occupant list:
<ul>
<li>'none' affiliation cannot be used.</li>
<li>All user bare JIDs must be unique</li>
<li>At most one owner can be chosen. In such case the room creator will become "just" a 'member'.</li>
</ul>
</p>
<p>After the room is created (but before receiving IQ result), new occupants (including creator) receive &MESSAGE; from the room with their affiliations (stanza MUST include only recipient's affiliation) and initial room version. <prev-version /> element MUST NOT be included.</p>
<section3topic='Requesting a new room with a unique name'anchor='unique-room-name'>
<p>If a client would like to avoid a room JID conflict, it MAY request creating a new room with a server-side generated name, that is verfied to be unique. In order to do so, the client MUST send a creation request to service JID, not room bare JID. The IQ result will originate from the new room bare JID</p>
<p>The messages with affiliation change notifications MUST have the same ID as IQ set and result.</p>
<section2topic='Destroying a room'anchor='destroying-a-room'>
<p>A room is automatically destroyed when its occupant list becomes empty or the room owner explicitly sends IQ with a room destroy request.</p>
<p>Before sending an IQ result, every occupant is notified that its affiliation has changed to 'none'. These notifications include &X; element qualified with "urn:xmpp:muclight:0#destroy" namespace.</p>
<p>Only the room owner is allowed to destroy it.</p>
<p>Room destruction notification SHOULD NOT contain version (or "prev-version" information).</p>
<p>Only room owners can modify room configuration but the service MAY allow members to change it too.</p>
<p>All room occupants MUST be notified about a configuration change and both the new and old room version string (<version /> and <prev-version /> respectively).</p>
<p>"version" and "prev-version" configuration field names are NOT ALLOWED - they are reserved for room versioning.</p>
<p>The service MAY allow the client to set the configuration fields with any name but it is NOT RECOMMENDED.</p>
<p>The Data Forms are not used for the configuration. Instead, the config fields are encoded in XML elements with names equal to the key and content equal to the value.</p>
<examplecaption='Client configuration request to the server'><![CDATA[
<iqfrom='crone1@shakespeare.lit/desktop'
id='conf2'
to='coven@muclight.shakespeare.lit'
type='set'>
<queryxmlns='urn:xmpp:muclight:0#configuration'>
<roomname>A Darker Cave</roomname>
</query>
</iq>
<messagefrom='coven@muclight.shakespeare.lit'
to='crone1@shakespeare.lit'
type='groupchat'
id='configchange'>
<xxmlns='urn:xmpp:muclight:0#configuration'>
<prev-version>zaqwsx</prev-version>
<version>zxcvbnm</version>
<roomname>A Darker Cave</roomname>
</x>
<body/>
</message>
<messagefrom='coven@muclight.shakespeare.lit'
to='hag66@shakespeare.lit'
type='groupchat'
id='configchange'>
<xxmlns='urn:xmpp:muclight:0#configuration'>
<prev-version>zaqwsx</prev-version>
<version>zxcvbnm</version>
<roomname>A Darker Cave</roomname>
</x>
<body/>
</message>
<iqto='crone1@shakespeare.lit/desktop'
id='conf2'
from='coven@muclight.shakespeare.lit'
type='result' />
]]></example>
<p>The server SHOULD accept incomplete (i.e. delta) configuration forms. In such case, values of the missing fields SHOULD be preserved.</p>
</section2>
<section2topic='Changing the occupant list'anchor='changing-occupant-list'>
<p>The occupant list is modified by a direct affiliation change. Following rules apply:</p>
<ol>
<li>There are only 3 affiliations.
<ul>
<li>owner - can do everything in the room</li>
<li>member - can send messages to the room and if the service allows it, can also change configuration or change others' affiliations</li>
<li>none - not in the room; it's a keyword for marking a user for removal from room</li>
</ul></li>
<li>Every occupant can change its own affiliation to none in order to leave the room.</li>
<li>The only way to join the room is being added by other occupant.</li>
<li>The owner can change affiliations at will.</li>
<li>If the owner leaves, the server MAY use any strategy to choose a new one.</li>
<li>The room can have at most one owner. Giving someone else the 'owner' status effectively causes the current one to lose it.</li>
<li>Owner can choose a new owner when leaving by including both 'none' and 'owner' items in affiliation change request.</li>
<li>Every user JID can be used in the request at most once.</li>
<li>A single request MAY change multiple affiliations.</li>
<li>All changes must be meaningful, e.g. setting member's affiliation to 'member' is considered a bad request.</li>
<li>Server MAY allow members to add new members but they still cannot make anyone an 'owner' or remove other users from the room.</li>
</ol>
<p>On success the server will reply with result IQ with all changed items. <b>BEFORE</b> returning the IQ result, the service MUST route a message with affiliation change to all relevant users.</p>
<p>Newcomers, i.e. users that were not occupants before the change, SHOULD receive only their own affiliation and SHOULD NOT receive <prev-version /> element.</p>
<p>The notifications must include both the new and old room version (<version /> and <prev-version /> respectively) string (except for the ones directed to users that have been removed from the room).</p>
<p>The notifications contain a list of items. The item list may be different from the list in IQ set, because some of the changes may require additional operations, e.g. choosing new owner when the old one leaves. Users, that are still in the room after change, will receive full change list. Users, that have been removed from the room with the request, will get only one item: themselves with affiliation 'none'.</p>
<p>The service MAY add user's rooms to its roster. It allows the client to skip separate Disco request to the service. Roster items with rooms MUST belong to the group "urn:xmpp:muclight:0" (MUC Light namespace) and include <version> element. Their subscription type MUST be 'to'.</p>
<examplecaption='Entity requests the roster and receives reply that includes room item'><![CDATA[
<p>This section defines the rules for archiving MUC Light events and messages. Stanzas described in the subsections below MUST be archived by the server. The stanzas not included here MUST NOT be archived.</p>
<p>The &MESSAGE; element inside <forwarded> MUST include "from" attribute and MUST NOT include "to" attribute. "id" SHOULD be archived as well.</p>
<p>In case of regular groupchat messages, "from" attribute MUST consist of a room full JID with sender bare JID in the resource part. As for room notification, e.g. create event, "from" MUST be equal to room bare JID.</p>
<p>Examples below use MAM v0.4 protocol. Archive can be fetched only from a specific room, the client MUST NOT query MUC Light service directly.</p>
<section3topic='Groupchat message from occupant'anchor='mam-message-occupant'>
<p>Message from a user MUST be archived with all child elements.</p>
<examplecaption='Occupant queries MAM and receives regular groupchat message'><![CDATA[
<section2topic='Request sender has insufficient privileges'anchor='insufficient-privileges'>
<p>If the request sender does not have sufficient privileges (but is a room occupant), the service MUST reply with a 'not-allowed' error.</p>
<p>It occurs in the following cases:
<ul>
<li>A member tries to change the configuration but the service is not configured to allow it. It does not apply to the subject change, although it has to be performed by sending &MESSAGE; with &SUBJECT;, not configuration &IQ;.</li>
<li>A member tries to change anyone's affiliation to 'none' or 'owner'.</li>
<li>A member tries to change someone's affiliation to 'member' but the service is not configured to allow it.</li>
<p>Some client-side developers might choose to use existing XEP-0045 Multi-User Chat implementations to interface with the new MUC Light. There may be various reasons to do so: using familiar protocol, avoiding additional implementation, quick prototyping etc. This section provides suggestions of mappings between XEP-0045 stanzas and the new ones described in this document.</p>
<p>Operations not described here SHOULD remain unmodified.</p>
<section3topic='Discovering the Features Supported by a MUC Service'anchor='comp-features'>
<p>A Disco result MAY either include new <feature /> element with an "http://jabber.org/protocol/muc" namespace next to MUC Light one, or completely replace it, which is RECOMMENDED behaviour.</p>
<examplecaption='Returning MUC namespace in Disco'><![CDATA[
<section3topic='Changing a room subject'anchor='comp-change-subject'>
<p>Instead of distributing the configuration change notifications, the room MUST route &MESSAGE; with &SUBJECT; like a classic MUC would. The client MUST send classic message &SUBJECT; as well. The room SHOULD save new subject in the room configuration.</p>
<examplecaption='New subject is routed as ordinary message'><![CDATA[
<p>There is no XEP-0045 equivalent for getting full room information</p>
</section3>
<section3topic='Leaving the room'anchor='comp-leaving'>
<p>Leaving the room is performed by setting own affiliation to 'none'. The service uses &PRESENCE; to notify all occupants (and former occupant) about the change. &PRESENCE; to the leaving occupant MUST be of type "unavailable" and MUST include status code 321 (i.e. user leaving due to affiliation change).</p>
<p>If the client attempts to create a room that is already used, it will receive error &PRESENCE; informing that registration is required (like in case of members-only rooms in XEP-0045)</p>
<p>Room occupants can use standard XEP-0045 configuration modification method. The service MUST broadcast only the notification about configuration change with status code 104, so every occupant can retrieve new room configuration in separate request. The client is allowed to send config delta in a form.</p>
<p>The service MUST send affiliation change notification to all participants. Leaving users MUST NOT receive any information except for their own "none" affiliation. New users MUST receive invitation message.</p>
<section2topic='Service limits and configuration'anchor='limits-and-config'>
<p>MUC Light service may be abused by malicious users, e.g. due to replicating single message for every room occupant. The list below contains suggested configurable limits that SHOULD be implemented.</p>
<p>The service features that might vary depending on specific application are included as well.</p>
<p>
<ul>
<li>Maximal count of rooms the user occupies.</li>
<p>Since every user is allowed to create rooms in MUC Light, it is possible to achieve high ratio of messages delivered to the clients to messages sent by the clients with little effort. To mitigate or avoid this issue, the service MAY implement additional rules like limiting per-user room count or message rate in a room. Heuristic algorithms for analysing user behaviours MAY be used as well to monitor and detect potential attacks.</p>
<p>Many thanks to Stefan Strigler for the long, initial brainstorm before creating MUC Light extension. I am also very grateful to ESL MongooseIM team for their input and sharing stories that helped in improving this specification.</p>