1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-21 15:18:51 -05:00

0.9: clarified stanza handling

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@2338 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2008-10-07 16:02:12 +00:00
parent 0de49175b6
commit 5f2683ed45

View File

@ -24,6 +24,12 @@
<supersededby>None</supersededby>
<shortname>invisible</shortname>
&stpeter;
<revision>
<version>0.9</version>
<date>2008-10-07</date>
<initials>psa</initials>
<remark><p>Further clarified server and client handling of stanzas during an invisibility session.</p></remark>
</revision>
<revision>
<version>0.8</version>
<date>2008-10-06</date>
@ -121,17 +127,35 @@
type='result'/>
]]></example>
<p>(Standard XMPP stanza errors apply; see <cite>RFC 3920</cite> and &xep0086;.)</p>
<p>If the client enters invisible mode after having previously sent undirected presence with no 'type' attribute (e.g., after sending initial presence), the server MUST send &UNAVAILABLE; presence from the specified resource to all contacts who would receive unavailable presence if the client sent &UNAVAILABLE;.</p>
<p>While the client is in invisible mode, the server:</p>
<ol start='1'>
<li><p>MUST NOT broadcast presence notifications as a result of receiving any subsequent undirected presence notifications from the client.</p></li>
<li><p>MUST deliver directed presence stanzas generated by the client.</p></li>
<li><p>MUST deliver inbound &PRESENCE; stanzas.</p></li>
<li><p>SHOULD deliver inbound &MESSAGE; stanzas whose 'to' address is the bare JID &LOCALBARE; of the user (subject to standard XMPP stanza handling rules).</p></li>
<li><p>MUST deliver inbound &MESSAGE; and &IQ; stanzas whose 'to' address is the full JID &LOCALFULL; corresponding to the resource of the client.</p></li>
<li><p>MUST deliver outbound &MESSAGE; and &IQ; stanzas generated by the client (for an important note regarding presence leaks, see the <link url='#security'>Security Considerations</link> section of this document).</p></li>
</ol>
<p>If after sending directed presence the client then sends &UNAVAILABLE;, the server MUST deliver that unavailable presence only to the entities to which the client sent directed presence after going invisible.</p>
<p>When the client enters invisible mode in the midst of a presence session (i.e., after having previously sent undirected presence with no 'type' attribute), the server MUST send &UNAVAILABLE; presence from the specified resource to all contacts who would receive unavailable presence if the client sent &UNAVAILABLE;.</p>
<p>The following sections define how the server and the client shall handle inbound and outbound XML stanzas while the client is invisible.</p>
<section3 topic='Server Handling' anchor='invisible-server'>
<p>While the client is in invisible mode, the server:</p>
<ol start='1'>
<li><p>MUST NOT broadcast presence notifications as a result of receiving any subsequent undirected presence notifications from the client.</p></li>
<li><p>MUST deliver directed presence stanzas generated by the client.</p></li>
<li><p>MUST deliver inbound &PRESENCE; stanzas.</p></li>
<li><p>SHOULD deliver inbound &MESSAGE; stanzas whose 'to' address is the bare JID &LOCALBARE; of the user (subject to standard XMPP stanza handling rules).</p></li>
<li><p>MUST deliver inbound &MESSAGE; and &IQ; stanzas whose 'to' address is the full JID &LOCALFULL; corresponding to the resource of the client.</p></li>
<li><p>MUST deliver outbound &MESSAGE; and &IQ; stanzas generated by the client (for an important note regarding presence leaks, see the <link url='#security'>Security Considerations</link> section of this document).</p></li>
<li>
<p>If there are no other available resources, MUST respond to all IQ-get requests and presence probes sent to the account's bare JID as if the account were offline; this includes but is not limited to the following:</p>
<ul>
<li>If the server responds to a presence probe, the last available presence MUST indicate that the user is unavailable, and if a time is indicated it MUST be the time when the client went invisibile.</li>
<li>If the server responds to a &xep0012; request, the last activity time MUST be the time when the client went invisible.</li>
<li>If the server responds to a &xep0030; items request, the response MUST NOT include the invisible resource as one of the account's available items.</li>
</ul>
</li>
<li><p>If after sending directed presence the client then sends &UNAVAILABLE;, the server MUST deliver that unavailable presence only to the entities to which the client sent directed presence after going invisible.</p></li>
</ol>
</section3>
<section3 topic='Client Handling' anchor='invisible-client'>
<p>While the client is in invisible mode, the client:</p>
<ul>
<li><p>MUST maintain a temporary list of entities with which communication is allowed, and prompt the user before adding any entity to that "communicants list" for this invisibility session; the list MAY be auto-populated with trusted entities if so configured by the user.</p></li>
<li><p>MUST prompt the user before sending any outbound traffic (message, presence, or IQ stanza) to a contact even if the user generated such traffic; upon receiving authorization from the user, the client SHOULD add the authorized entity to the communicants list for this invisibility session.</p></li>
</ul>
</section3>
</section2>
<section2 topic='User Becomes Visible' anchor='visible'>
<p>In order for a client to become visible again, it shall send an IQ-set with no 'to' address (thus handled by the user's server) containing a &lt;visible/&gt; element qualified by the 'urn:xmpp:invisible:0' namespace &VNOTE;.</p>
@ -186,12 +210,7 @@
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>It is important to recognize that invisibility can be defeated without the use of privacy lists, intelligent stanza handling by the server, and an awareness of context on the part of a client. For example:</p>
<ul>
<li>If a user attempts to send a message, IQ, or presence stanza to a contact, the user can inadvertently leak his or her presence; therefore the client SHOULD warn the user before allowing the user to generate any outbound traffic, including "is-composing" events as defined in &xep0085;.</li>
<li>If a user usually logs in as the same resource (e.g., "Home"), a contact can send an IQ request to that resource's full JID using &xep0012;, &xep0030;, &xep0090;, or &xep0092; and receive a reply, thus providing information that reveals the user's availability.</li>
<li>If a contact sends a <cite>Last Activity</cite> request to the user's bare JID, the user's server normally would reveal information about the user's availability; however, while the user is in invisible mode the server MUST return a &unavailable; error to such contacts.</li>
</ul>
<p>No matter how it is implemented, invisibility can be defeated and presence leaks can occur without careful stanza handling on the part of the server and the client. Use of the protocol defined here does not guarantee that presence leaks will not occur, either technically or socially (e.g., if the user reveals his presence to one contact but not another and those contacts are in communication).</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>