include publisher with any item retrieval

2024-11-21 16:55:07 -05:00 · 2016-10-26 14:56:29 +02:00 · 2016-10-26 14:56:29 +02:00 · 5b801baa58
commit 5b801baa58
parent 277ec124d2
1 changed files with 17 additions and 0 deletions
--- a/xep-0060.xml
+++ b/xep-0060.xml
@ -2718,6 +2718,23 @@ And by opposing end them?
  </event>
 </message>
        ]]></example>
+        <p>If so, the service MUST also include the publisher with every other form of item retrieval.</p>
+        <example caption='Service returns items'><![CDATA[
+<iq type='result'
+    from='pubsub.shakespeare.lit'
+    to='francisco@denmark.lit/barracks'
+    id='items1'>
+  <pubsub xmlns='http://jabber.org/protocol/pubsub'>
+    <items node='princely_musings'>
+      <item id='ae890ac52d0df67ed7cfdf51b644e901'
+            publisher='hamlet@denmark.lit'>
+        [ ... ENTRY ... ]
+      </item>
+        [ ... MORE ITEMS ... ]
+    </items>
+  </pubsub>
+</iq>
+]]></example>
        <p>The value of the 'publisher' attribute MUST be generated by the service, not accepted by the service in the published item, since allowing the publisher to assert its JID would open the possibility of spoofing.</p>
        <p>The JID stamped by the service can be either (1) the full JID &LOCALFULL; of the publisher as taken the 'from' attribute of the IQ-set used to publish the item or (2) the bare JID &LOCALBARE; of the publisher as derived from a formal affiliation in the explicit list of whitelisted publishers.</p>
      </section4>