From 36f9b7a3326f5f5dc0d6a980123527a2de58e326 Mon Sep 17 00:00:00 2001 From: Marc Schink Date: Wed, 10 Jan 2018 12:18:41 +0100 Subject: [PATCH] ProtoXEP: User invitation --- inbox/user-invite.xml | 320 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 320 insertions(+) create mode 100644 inbox/user-invite.xml diff --git a/inbox/user-invite.xml b/inbox/user-invite.xml new file mode 100644 index 00000000..da6c42e2 --- /dev/null +++ b/inbox/user-invite.xml @@ -0,0 +1,320 @@ + + +%ents; +]> + + +
+ XEP Template + This document defines a protocol and URI scheme for user invitation in order to allow a third party to register on a server. The goal of this is to make onboarding for XMPP IM newcomers as easy as possible. + &LEGALNOTICE; + xxxx + ProtoXEP + Standards Track + Standards + Council + + XMPP Core + XEP-0001 + XEP-0050 + XEP-0082 + XEP-0077 + XEP-0147 + + + + N/A + + Marc + Schink + + + 0.0.1 + 2017-11-03 + ms +

First draft.

 + +
+ +

Romeo is an active XMPP IM (Instant Messaging) user. He convinces Juliet + (who may not have an XMPP account yet) to install a client but she may + still need to choose a XMPP server and create an account. + This specification defines two ways to simplify this process for Juliet:

+ + + + + + +

STRONGLY RECOMMENDED.

+ + + + + +]]> + + + + + + +]]> + + +

OPTIONAL.

+ + + + + + +]]> + + + + + + xmpp:inviter@example.com?roster;preauth=TOKEN;ibr=true + + + https://example.com/invite/#TOKEN + + + 2017-11-06T02:56:15Z + + + + + +]]> + +

A server MUST provide the uri field which contains an + XMPP URI of the following format:

+ xmpp:inviter@example.com?roster;preauth=TOKEN;ibr=true +

The ibr query component in the XMPP URI indicates that + the invitee is allowed to create an account on the Romeo's server. + If the server does not support or allow in-band registration for invited + users, the server MUST omit the ibr query component.

+

Additionally, the server SHOULD provide the landing-url + field which contains an HTTPS URL of a web-based landing page as described + in &xep0379; § 3.3. The URL format may differ from the example shown here + depending on where the landing page is hosted.

+

A server MAY provide a field which provides the expiration date of the + generated token. The expiration date MUST conform to the DateTime profile + specified in &xep0082;. If the field is not provided, the token does not + expire.

+ + + + +]]> + + + + + + + + + + + +]]> +

A server MAY require a username to be specified for account creation. + In this case, the server MUST add the <required/> element to the + username field. + The username MUST be a valid localpart as defined in &rfc6122; §2.3.

+ + + + + juliet + + + + +]]> + + + + + + xmpp:juliet@example.com?register;preauth=TOKEN + + + https://example.com/invite/#TOKEN + + + 2017-11-06T02:56:15Z + + + + + +]]> +

The server's response for account creation is the same as for user + invitation except for the format of the uri field which + contains an XMPP URI of the following format:

+ xmpp:juliet@example.com?register;preauth=TOKEN +

If no username was specified during the account creation process, the + local part of the JID in the XMPP URI is omitted by the server which + results in the following format:

+ xmpp:example.com?register;preauth=TOKEN + + +

In order to allow invited users to register on a server, in-band + registration as defined in &xep0077; needs to be extended. + The invited user MUST send the following extended stanza in order to + register an account with a token.

+ + + + + +]]> + + + + + + + +]]> + + + juliet + m1cro$oft + TOKEN + + + + + +]]> + + + juliet + m1cro$oft + TOKEN + + + + + +]]> +

After the invitee has successfully registered on the inviter's server + and roster subscription is enabled for account creation, the server MUST + use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the + inviter about the invitee's new account without the need to reconnect.

+ + + + + +]]> + + + + +

If the inviter's server does not support user invitation, the client + application SHOULD silently fall back to &xep0379; for a good user + experience.

+ + +

If a username was specified during the account creation process, the + server SHOULD NOT create an account on the server until the invitee + actually registers it with the corresponding token. + The server MUST reserve the username at least until the corresponding + token expires.

+ + + + +

If the invitee opens the invitation URI and chooses to create a new + account, the client MUST use the inviter's server as default if the + server advertises in-band registration support via the + ibr=true query compontent.

+ + + +

OPTIONAL.

+ + +

OPTIONAL.

+ + +

See security considerations in &xep0379;.

+ + +

This document requires no interaction with &IANA;.

+ + +

As authorized by &xep0147;, the XMPP Registrar maintains a registry of + queries and key-value pairs for use in XMPP URIs (see &QUERYTYPES;).

+

The key-value parameter preauth is added to the + register query action as defined in &xep0077;

+ + register + ... + + preauth + the token used to allow one-time in-band registration on the inviter's server + + +]]> + +

In addition to the preauth key-value parameter define + in &xep0379;, the ibr parameter is added to the + roster query action.

+ + roster + ... + + ibr + true + the parameter to indicate that the token allows the invitee to create an account on the inviter's server via in-band registration + + +]]> + + +

REQUIRED for protocol specifications.

+ +