xeps/xep-0074.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
  <!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
  <header>
    <title>Simple Access Control</title>
    <abstract>A simple protocol for querying information for permissions.</abstract>
    &LEGALNOTICE;
    <number>0074</number>
    <status>Retracted</status>
    <type>Standards Track</type>
    <sig>Standards</sig>
    <dependencies>XEP-0030</dependencies>
    <supersedes>None</supersedes>
    <supersededby>None</supersededby>
    <shortname>sac</shortname>
    <schemaloc>Not yet assigned</schemaloc>
    <author>
      <firstname>Justin</firstname>
      <surname>Kirby</surname>
      <email>justin@openaether.org</email>
      <jid>zion@openaether.org</jid>
    </author>
    <revision>
      <version>0.2</version>
      <date>2003-10-20</date>
      <initials>psa</initials>
      <remark>At the request of the author, changed status to Retracted.</remark>
    </revision>
    <revision>
      <version>0.1</version>
      <date>2003-03-05</date>
      <initials>jk</initials>
      <remark>Initial version.</remark>
    </revision>
  </header>
  <section1 topic='Introduction'>
    <p>A Jabber travels further into the Jabber-as-Middleware world, it needs a protocol to determine "who can do what to whom". This proposal defines a protocol that enables any Jabber entity to determine the permissions of another Jabber entity, whether the context is a user JID querying a component for access, a client-to-client conversation, or a component asking another component about a request from a user.</p>
    <p>All access control lists (ACLs) boil down to three aspects: Actor, Operation, and Target/Sink. With this in mind it becomes almost trivial to implement the basic query/response mechanism.</p>
    <example caption="A simple query">
      <![CDATA[
	<iq to="security.capulet.com"
	    from="inventory.capulet.com"
	    type="get" id="1234">
	  <acl xmlns="http://jabber.org/protocol/sac"
	       actor="juliet@capulet.com/church"
	       oper="uri://capulet.com/inventory#obtain"
	       target="poison"/>
	</iq> 
	]]>
    </example>
    <p>Here we have the inventory.capulet.com component querying the security component as to whether juliet@ may obtain the requested poison.</p>
    <example caption="A response to the above query">
      <![CDATA[
	<iq to="inventory.capulet.com"
	    from="security.capulet.com"
	    type="result" id="1234">
	  <acl xmlns="http://jabber.org/protocol/sac"
	       actor="juliet@capulet.com/church"
	       oper="uri://capulet.com/inventory#obtain"
	       target="poison">
	    <allowed/>
	  </acl>
	</iq> 
	]]>
    </example>
    <p>Unfortunately, the response is in the affirmative and the romantic tragedy follows.</p>
  </section1>
  <section1 topic='A More Formal Tone'>
    <p>The &lt;acl&gt; element provides the container for the query. It MUST have the three attributes: actor, oper, and target.</p>
    <p>The actor attribute is set to the Jabber ID which is attempting to perform an operation. This need not be the JID sending the acl, although it may be. Remember this is to allow for the question, "Can X do Y to Z?", which is a question anyone can ask.</p>
    <p>The oper attribute is application-specific and refers to the operation for which a permission check is required (e.g., read/write operations). This also defines the scope of the ACL check, so the implementation is responsible for interpreting the actor and target values based on the value of the 'oper' attribute.</p>
    <p>The target is the object which the actor is trying to perform the operation on. This MUST be a node queryable via &xep0030;.</p>
    <p>Requests MUST be in the form of an empty &lt;acl/&gt; element with ALL the attributes specified. If not all attributes are specified, the request is incomplete and ambiguities arise; therefore the entity receving the request MUST return a "bad request" error to the sender. </p>
    <p>Responses MUST be in one of three forms: allowed, denied, error.</p>
    <p>The response is inserted into the &lt;acl/&gt; as a child element. If the response is allowed, then &lt;allowed/&gt; is inserted. If the JID is denied then &lt;denied/&gt; is returned. If there is inadequate information then &lt;error/&gt; is used following the standard Jabber error scheme.</p>
    <example caption='A positive response'>
      <![CDATA[
	<iq to="inventory.capulet.com"
	    from="security.capulet.com"
	    type="result" id="1234">
	  <acl xmlns="http://jabber.org/protocol/sac"
	       actor="juliet@capulet.com/church"
	       oper="uri://capulet.com/inventory#obtain"
	       target="poison">
	    <allowed/>
	  </acl>
	</iq>       
	]]>
    </example>
    <example caption='Negative response (denied)'>
      <![CDATA[
	<iq to="inventory.capulet.com"
	    from="security.capulet.com"
	    type="result" id="1234">
	  <acl xmlns="http://jabber.org/protocol/sac"
	       actor="juliet@capulet.com/church"
	       oper="uri://capulet.com/inventory#obtain"
	       target="poison">
	    <denied/>
	  </acl>
	</iq> 
	]]>
    </example>
    <example caption='Error response'>
      <![CDATA[
	<iq to="inventory.capulet.com"
	    from="security.capulet.com"
	    type="error" id="1234">
	  <acl xmlns="http://jabber.org/protocol/sac"
	       actor="juliet@capulet.com/church"
	       oper="uri://capulet.com/inventory#obtain"
	       target="poison"/>
	  <error code="404">No information available</error>
	</iq> 
	]]>
    </example>
  </section1>
  <section1 topic='Query List of ACL operations'>
    <p>To obtain a list of acl operations that a jid supports, you must send an empty &lt;query/&gt; </p>
    <example caption='querying for list of acl operations'>
      <![CDATA[
	<iq to="security.capulet.com"
	    from="inventory.capulet.com"
	    type="get" id="1234">
	  <query xmlns="http://jabber.org/protocol/sac"/>
	</iq> 
	]]>
    </example>
    <p>The to jid must then respond with a list of operations, if the jid supports SAC.</p>
    <example caption='response to the query'>
      <![CDATA[
	<iq to="inventory.capulet.com"
	    from="security.capulet.com"
	    type="result" id="1234">
	  <query xmlns="http://jabber.org/protocol/sac">
	    <oper uri="uri://capulet.com/inventory#obtain"/>
	    <oper uri="uri://capulet.com/inventory#add"/>
	    <oper uri="uri://capulet.com/inventory#remove"/>
	  </query>
	</iq> 
	]]>
    </example>
  </section1>
  <section1 topic='Integrating with Service Discovery'>
    <p>To follow.</p>
  </section1>
  <section1 topic='Security Considerations'>
    <p>To follow.</p>
  </section1>
  <section1 topic='IANA Considerations'>
    <p>This document requires no interaction with &IANA;.</p> 
  </section1>
  <section1 topic='XMPP Registrar Considerations'>
    <p>As a result of this document, the &REGISTRAR; will need to register the 'http://jabber.org/protocol/sac' namespace.</p>
  </section1>
  <section1 topic='Open Issues'>
    <ol>
      <li>Add disco integration section.</li>
      <li>Fill out error codes.</li>
      <li>Add DTD and Schema.</li>
      <li>Allow for query of all allowable operations for actor in relation to a target.</li>
      <li>Investigate possible integration with pubsub.</li>
    </ol>
  </section1>
</xep>