From 1a7bcc5bfc47e98ff86a82871724e8ee9baca228 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Sun, 18 Mar 2018 16:34:44 +0000 Subject: [PATCH 1/2] inbox/bookmarks2 Remove password element. As suggested by Sam on the list --- inbox/bookmarks2.xml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/inbox/bookmarks2.xml b/inbox/bookmarks2.xml index f4edd4fc..877aa065 100644 --- a/inbox/bookmarks2.xml +++ b/inbox/bookmarks2.xml @@ -83,12 +83,6 @@ string OPTIONAL - - <password/> element - Unencrypted string for the password needed to enter a password-protected room. For security reasons, use of this element is NOT RECOMMENDED. - string - NOT RECOMMENDED -

Note: The datatypes are as defined in &w3xmlschema2;.

-

The password child element of conference is well known to provide only very weak levels of security; storing it in bookmarks lowers this security still further.

+

Security considerations related to object persistence via publish-subscribe are described in XEP-0060 and XEP-0223.

 From afc9d3a01443c5ba1bfeeaeedf16af084bfabe44 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Sun, 18 Mar 2018 17:18:32 +0000 Subject: [PATCH 2/2] bookmarks2: Add examples of fetching/adding/removing bookmarks --- inbox/bookmarks2.xml | 106 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 100 insertions(+), 6 deletions(-) diff --git a/inbox/bookmarks2.xml b/inbox/bookmarks2.xml index 877aa065..cee29979 100644 --- a/inbox/bookmarks2.xml +++ b/inbox/bookmarks2.xml @@ -86,20 +86,110 @@

Note: The datatypes are as defined in &w3xmlschema2;.

&namespace; - Puck - + + Puck + ]]>

This bookmark would be displayed as 'Council of Oberon' and, if activated, would attempt to join the conference room 'council@conference.underhill.org' with nickname 'Puck'.

Note that a bookmark item MUST contain only one conference room.

Note also that a conference element has no truly mandatory attributes or child elements, though a name SHOULD be given. Thus the following is legal:

&namespace; + ]]> + + + + + + + + + ]]> + + + + + + JC + + + + + JC + + + + + + ]]> + + + +

Adding a bookmark means publishing a new item, with the bookmark JID as id, to the '&namespace;' node.

+ + + + + + + JC + + + + + + + http://jabber.org/protocol/pubsub#publish-options + + + true + + + whitelist + + + + + + ]]> + + ]]> + + + +

Removing a bookmark means retracting an existing item, identified by the bookmark's JID, form the '&namespace;' node.

+

This implies that server support for the "delete-items" pubsub feature is REQUIRED.

+ + + + + + + + + ]]> + + ]]> + + + + +

When a client is sent an event from the Pubsub service for the '&namespace;' node, it MUST check the 'autojoin' attribute if present, and join the room immediately if the attribute is both present and true.

 @@ -112,6 +202,9 @@
  • The storage MUST be &xep0223;
    • + +

    &xep0060; is used for data storage, specifically through the use of private, personal pubsub nodes (described in &xep0223;) hosted at the user's virtual pubsub service (see &xep0163;).

    +

    A server MAY choose to unify the bookmarks from both &xep0049; based and the current &xep0048;.

    @@ -133,5 +226,6 @@

    Security considerations related to object persistence via publish-subscribe are described in XEP-0060 and XEP-0223.

    +

    The client needs to make sure that the server actually supports the "http://jabber.org/protocol/pubsub#publish-options" feature, before relying on it. If it's not supported, the client should configure the '&namespace;' node first (see xep-0060), before adding any bookmarks.