At this point, the PASS service is now listening on the given IP and port for incoming connections on behalf of the Jabber Entity. The provided IP and port can now be sent to any other entity as a connection point, for file transfers or any other use.
The default behavior for the PASS service is to listen on the port forever, unless the requesting client specifies an <expire/> value (in seconds). If the service is not configured with an expire value, it will not timeout the connection, and will start listening on the port again after one of the two sides disconnects.
@@ -125,7 +125,7 @@
1.2.3.4
- ]]>
+]]>
- ]]>
+]]>
The entity SHOULD now immediately connect to the given proxy IP and port, and upon connection all data written to that socket will be copied to the client connection, and vice-versa. Any disconnect on either side MUST cause a disconnect on the other (initiated by the service). If the IQ set to the entity fails or returns an error, the client socket MUST be dropped as well. The client XML element provides the information about the remote end of the incoming socket.
Abuse in bandwidth or resources could become an issue, so PASS implementations SHOULD include strict and detailed rate and usage limits, allowing only limited usage by single entities and rate-limiting bandwidth used if necessary for both single connections or overall usage. These limits are implementation-specific.
@@ -152,7 +152,7 @@
1.2.3.4
- ]]>
+]]>
- ]]>
+]]>
This tells the server to listen once, and then close the port. Even if the <expire/> has not been met, the <oneshot/> overrides that and shuts down the listening port. When this happens the server notifies the client with the following packet:
@@ -175,7 +175,7 @@
1.2.3.4
- ]]>
+]]>
- ]]>
+]]>
This tells the server to explicitly shut down a listening port. Useful for when the client shuts down and can tell the PASS service to recycle the port. The server sends back:
Obviously the port is not going to be known, but the IP address will let you authenticate the JID via the PASS service since the PASS service tells you the <client/> information upon a connection.
The &X; element qualified by the 'jabber:x:data' namespace SHOULD be included either directly as a first-level child of a &MESSAGE; stanza or as a second-level child of an &IQ; stanza (where the first-level child is an element qualified by a "wrapper" namespace); see also the restrictions enumerated below.
The OPTIONAL <title/> and <instructions/> elements enable the form-processing entity to label the form as a whole and specify natural-language instructions to be followed by the form-submitting entity. The XML character data for these elements SHOULD NOT contain newlines (the \n and \r characters), and any handling of newlines (e.g., presentation in a user interface) is unspecified herein; however, multiple instances of the <instructions/> element MAY be included.
@@ -299,7 +299,7 @@
.
.
- ]]>
+]]>
Each of these elements MUST contain one or more <field/> children. The <reported/> element defines the data format for the result items by specifying the fields to be expected for each item; for this reason, the <field/> elements SHOULD possess a 'type' attribute and 'label' attribute in addition to the 'var' attribute, and SHOULD NOT contain a <value/> element. Each <item/> element defines one item in the result set, and MUST contain each field specified in the <reported/> element (although the XML character data of the <value/> element MAY be null).
The hosting service then returns a data form to the user:
- ]]>
+]]>
The user then submits the configuration form:
- ]]>
+]]>
The service then returns the results to the user:
- ]]>
+]]>
Now that the user has created this search bot, let us suppose that one of the friends he has invited decides to try it out by sending a search request:
If an entity supports data forms indirectly through inclusion of data forms in a wrapper namespace (rather than directly within a &MESSAGE; stanza), it MUST NOT advertise support for the 'jabber:x:data' namespace, since support is implicit in support for the wrapper protocol.
@@ -733,7 +733,7 @@
- ]]>
+]]>
The following substantive protocol changes have been made while this specification has been in the Final state:
If the requesting entity does not have sufficient permissions to perform remote procedure calls, the responding entity MUST return a &forbidden; error:
- ]]>
+]]>
If an entity supports the Jabber-RPC protocol, it SHOULD advertise that fact in response to &xep0030; information ("diso#info") requests by returning an identity of "automation/rpc" and a feature of "jabber:iq:rpc":
An entity that supports Jabber-RPC SHOULD establish a "whitelist" of entities that are allowed to perform remote procedure calls and MUST return a &forbidden; error if entities with insufficient permissions attempt such calls.
The 'jabber:iq:browse' namespace has been in use for quite some time. However, live browsing still needs to be better defined by a generic publication/subscription system. It is assumed that when such a system is defined, updates to this document will be made. It is, however, possible that no futher changes to jabber:iq:browse itself may be needed.
The target entity MUST return either an IQ-result or an IQ-error. When returning an IQ-result, the target entity sends an &IQ; stanza of type='result' containing a &QUERY; element with a REQUIRED 'seconds' attribute and OPTIONAL XML character data.
- ]]>
+]]>
The requesting entity interprets the IQ-result based on the responding entity's JID type in order to determine the meaning of the information. Specifically, the information means something different depending on the identity of the responding entity:
An account registered on an XMPP server, with a JID of the form &LOCALBARE;.
@@ -114,7 +114,7 @@
type='get'>
- ]]>
+]]>
As specified in &xmppcore; and &xmppim;, an IQ stanza of type "get" sent to a bare JID &LOCALBARE; is handled by the user's server on the user's behalf, not delivered to one or more connected or available resources.
If the requesting entity is not authorized to view the user's presence information (normally via a presence subscription as defined in XMPP-IM), the user's server MUST NOT return last activity information but instead MUST return a &forbidden; error in response to the last activity request.
- ]]>
+]]>
If the requesting entity is authorized to view the user's presence information, the server shall return information about the last presence activity recorded by the server for that user.
Heading Home
- ]]>
+]]>
In this example, the user logged out fifteen minutes and three seconds ago, and when they logged out they sent a presence stanza of type='unavailable' whose <status/> element contained the text "Heading Home".
If the user has at least one connected or available resource when the server receives the request, the response MUST (subject to local security policies) contain an empty <query/> element whose 'seconds' attribute is set to a value of '0'.
@@ -148,7 +148,7 @@
type='get'>
- ]]>
+]]>
In this case, the user's server shall either deliver the IQ to an available resource or respond on behalf of the user.
In particular, as with the offline query use case above, if the requesting entity is not authorized to view the user's presence information (normally via a presence subscription as defined in XMPP IM), the user's server MUST NOT deliver the IQ-get to an available resource but instead MUST return a &forbidden; error in response to the last activity request.
- ]]>
+]]>
If the user's server delivers the IQ-get to one of the user's available resources, the user's client MAY respond with the idle time of the user (i.e., the last time that a human user interacted with the client application).
- ]]>
+]]>
In the foregoing example, the user has been idle for about two minutes.
Support for this functionality is OPTIONAL. A client that does not support the protocol, or that does not wish to divulge this information, MUST return a &unavailable; error.
- ]]>
+]]>
If there is no available resource matching the &LOCALBARE; in the 'to' attribute of the request, the server MUST follow the rules in XMPP IM in order to determine what error stanza to return.
In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.
If the server supports this protocol, it MUST return a <feature/> element in the disco result with the 'var' attribute set to the namespace name for this protocol: 'http://jabber.org/protocol/offline'.
@@ -144,7 +144,7 @@
- ]]>
+]]>
If the server supports retrieval of the number of messages, it MUST include &xep0128; data specifying the number of messages:
@@ -164,7 +164,7 @@
- ]]>
+]]>
Upon receiving a service discovery request addressed to a node of "http://jabber.org/protocol/offline" (either a disco#info request as in this use case or a disco#items request as in the next use case), the server MUST NOT send a flood of offline messages if the user subsequently sends initial presence to the server during this session. Thus the user is now free to send initial presence (if desired) and to engage in normal IM activities while continuing to read through offline messages. However, once the user sends presence, the user's server MUST deliver in-session messages as usual; this document applies to offline messages only. In addition, if the user authenticates and provides presence for another resource while the first (non-flood) resource still has an active session, the server MUST NOT flood the second resource with the offline message queue.
@@ -174,7 +174,7 @@
- ]]>
+]]>
The server now MUST return headers for all of the user's offline messages. So that the user may determine whether to view a full message, the header information provided MUST include the full Jabber ID of the sender (encoded in the 'name' attribute) and a unique identifier for the message within the user's "inbox" (encoded in the 'node' attribute), so that the user may appropriately manage (view or remove) the message.
If the requester is a JID other than an authorized resource of the user (i.e., the user@host of the requester does not match the user@host of the user), the server MUST return a &forbidden; error. If the requester is authorized but the node does not exist, the server MUST return an ¬found; error. If there are no offline messages for this user, the server MUST return an empty query as defined in XEP-0030. (For information about the syntax of error conditions, refer to &xep0086;.)
The syntax and semantics of the attributes are as follows:
If the requester is a JID other than an authorized resource of the user, the server MUST return a &forbidden; error. If the requester is authorized but the node does not exist, the server MUST return an ¬found; error. Otherwise, the server MUST send the requested message(s) plus an IQ result:
@@ -231,7 +231,7 @@
- ]]>
+]]>
In order to distinguish incoming messages, each message MUST contain the node value. It is RECOMMENDED for the server to include &xep0091; information in the message.
If the requester is a JID other than an authorized resource of the user, the server MUST return a &forbidden; error. If the requester is authorized but the node does not exist, the server MUST return a ¬found; error. Otherwise, the server MUST remove the messages and inform the user:
- ]]>
+]]>
The user retrieves all message by sending the "fetch" command:
@@ -260,7 +260,7 @@
- ]]>
+]]>
If the requester is a JID other than an authorized resource of the user, the server MUST return a &forbidden; error. If the requester is authorized but the node does not exist, the server MUST return a ¬found; error. Otherwise, the server MUST retrieve all messages and inform the user:
@@ -271,7 +271,7 @@
- ]]>
+]]>
A client MAY retrieve all messages without first requesting message headers. In this case, the server MUST return all of the user's offline messages and also MUST NOT send a flood of offline messages if the user subsequently sends initial presence to the server during this session. That is, the semantics here are the same as for requesting message headers.
@@ -282,11 +282,11 @@
- ]]>
+]]>
If the requester is a JID other than an authorized resource of the user, the server MUST return a &forbidden; error. If the requester is authorized but the node does not exist, the server MUST return a ¬found; error. Otherwise, the server MUST remove all messages and inform the user:
- ]]>
+]]>
@@ -377,7 +377,7 @@ C: request and remove offline messages, send and receive messages, etc.
XEP-0013
- ]]>
+]]>
The XMPP Registrar includes "http://jabber.org/protocol/offline" in its registry of well-known Service Discovery nodes.
@@ -397,7 +397,7 @@ C: request and remove offline messages, send and receive messages, etc.
type='text-single'
label='N/A'/>
- ]]>
+]]>
@@ -441,6 +441,6 @@ C: request and remove offline messages, send and receive messages, etc.
- ]]>
+]]>
diff --git a/xep-0016.xml b/xep-0016.xml
index f2dd5dc1..81e3e4ee 100644
--- a/xep-0016.xml
+++ b/xep-0016.xml
@@ -132,7 +132,7 @@
- ]]>
+]]>
If the type is "jid", then the 'value' attribute MUST contain a valid Jabber ID. JIDs SHOULD be matched in the following order:
<user@domain/resource> (only that resource matches)
In this example, the user has three lists: (1) 'public', which allows communications from everyone except one specific entity (this is the default list); (2) 'private', which allows communications only with contacts who have a bidirectional subscription with the user (this is the active list); and (3) 'special', which allows communications only with three specific entities.
If the user attempts to retrieve a list but a list by that name does not exist, the server MUST return an <item-not-found/> stanza error to the user:
- ]]>
+]]>
The user is allowed to retrieve only one list at a time. If the user attempts to retrieve more than one list in the same request, the server MUST return a <bad request/> stanza error to the user:
In order to set or change the active list currently being applied by the server, the user MUST send an IQ stanza of type "set" with a <query/> element qualified by the 'jabber:iq:privacy' namespace that contains an empty <active/> child element possessing a 'name' attribute whose value is set to the desired list name.
@@ -292,11 +292,11 @@
- ]]>
+]]>
The server MUST activate and apply the requested list before sending the result back to the client.
- ]]>
+]]>
If the user attempts to set an active list but a list by that name does not exist, the server MUST return an <item-not-found/> stanza error to the user:
In order to decline the use of any active list, the connected resource MUST send an empty <active/> element with no 'name' attribute.
@@ -316,10 +316,10 @@
- ]]>
+]]>
- ]]>
+]]>
In order to change its default list (which applies to the user as a whole, not only the sending resource), the user MUST send an IQ stanza of type "set" with a <query/> element qualified by the 'jabber:iq:privacy' namespace that contains an empty <default/> child element possessing a 'name' attribute whose value is set to the desired list name.
@@ -329,10 +329,10 @@
- ]]>
+]]>
- ]]>
+]]>
If the user attempts to change which list is the default list but the default list is in use by at least one connected resource other than the sending resource, the server MUST return a <conflict/> stanza error to the sending resource:
If the user attempts to set a default list but a list by that name does not exist, the server MUST return an <item-not-found/> stanza error to the user:
In order to decline the use of a default list (i.e., to use the domain's stanza routing rules at all times), the user MUST send an empty <default/> element with no 'name' attribute.
@@ -364,10 +364,10 @@
- ]]>
+]]>
- ]]>
+]]>
If one connected resource attempts to decline the use of a default list for the user as a whole but the default list currently applies to at least one other connected resource, the server MUST return a <conflict/> error to the sending resource:
In order to edit a privacy list, the user MUST send an IQ stanza of type "set" with a <query/> element qualified by the 'jabber:iq:privacy' namespace that contains one <list/> child element possessing a 'name' attribute whose value is set to the list name the user would like to edit. The <list/> element MUST contain one or more <item/> elements, which specify the user's desired changes to the list by including all elements in the list (not the "delta").
@@ -399,10 +399,10 @@
- ]]>
+]]>
- ]]>
+]]>
Note: The value of the 'order' attribute for any given item is not fixed. Thus in the foregoing example if the user would like to add 4 items between the "tybalt@example.com" item and the "paris@example.org" item, the user's client MUST renumber the relevant items before submitting the list to the server.
The server MUST now send a "privacy list push" to all connected resources:
- ]]>
+]]>
In accordance with the semantics of IQ stanzas defined in &xmppcore;, each connected resource MUST return an IQ result to the server as well:
- ]]>
+]]>
The same protocol used to edit an existing list is used to create a new list. If the list name matches that of an existing list, the request to add a new list will overwrite the old one. As with list edits, the server MUST also send a "privacy list push" to all connected resources.
@@ -440,10 +440,10 @@
- ]]>
+]]>
- ]]>
+]]>
If a user attempts to remove a list that is currently being applied to at least one resource other than the sending resource, the server MUST return a <conflict/> stanza error to the user; i.e., the user MUST first set another list to active or default before attempting to remove it. If the user attempts to remove a list but a list by that name does not exist, the server MUST return an <item-not-found/> stanza error to the user. If the user attempts to remove more than one list in the same request, the server MUST return a <bad request/> stanza error to the user.
@@ -461,7 +461,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive messages from the entity with the specified JID.
@@ -476,7 +476,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive messages from any entities in the specified roster group.
@@ -491,7 +491,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive messages from any entities with the specified subscription type.
@@ -503,7 +503,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive messages from any other users.
@@ -522,7 +522,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive presence notifications from the entity with the specified JID.
@@ -537,7 +537,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive presence notifications from any entities in the specified roster group.
@@ -552,7 +552,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive presence notifications from any entities with the specified subscription type.
@@ -564,7 +564,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive presence notifications from any other users.
Note: If a client blocks incoming presence notifications from an entity that has been available before, the user's server SHOULD send unavailable presence to the user on behalf of that contact.
@@ -584,7 +584,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not send presence notifications to the entity with the specified JID.
@@ -599,7 +599,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not send presence notifications to any entities in the specified roster group.
@@ -614,7 +614,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not send presence notifications to any entities with the specified subscription type.
@@ -626,7 +626,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not send presence notifications to any other users.
Note: When a user blocks outbound presence to a contact, the user's server MUST send unavailable presence information to the contact (but only if the contact is allowed to receive presence notifications from the user in accordance with the rules defined in RFC 6121).
@@ -645,7 +645,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive IQ stanzas from the entity with the specified JID.
@@ -660,7 +660,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive IQ stanzas from any entities in the specified roster group.
@@ -675,7 +675,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive IQ stanzas from any entities with the specified subscription type.
@@ -687,7 +687,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive IQ stanzas from any other users.
@@ -703,7 +703,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send any stanzas to, the entity with the specified JID.
@@ -716,7 +716,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send any stanzas to, any entities in the specified roster group.
@@ -729,7 +729,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send any stanzas to, any entities with the specified subscription type.
@@ -739,7 +739,7 @@
- ]]>
+]]>
As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send any stanzas to, any other users.
If the user attempts to send an outbound stanza to a contact and that stanza type is blocked, the user's server MUST NOT route the stanza to the contact but instead MUST return a ¬acceptable; error:
@@ -778,7 +778,7 @@
- ]]>
+]]>
When building a representation of a higher-level privacy heuristic, a client SHOULD use the simplest possible representation.
Note: If the responding entity does not want to reveal presence to the initiating entity for whatever reason then the responding entity's client SHOULD return a &unavailable; error (or return no response or error whatsoever if the offer was wrapped in a &MESSAGE; stanza) - see Security Considerations.
If the responding entity does not support Feature Negotiation or does not support the specified FORM_TYPE, it SHOULD also return a &unavailable; error:
- ]]>
+]]>
If the responding entity does not support one or more of the features, it SHOULD return a &feature; error, and SHOULD specify the feature(s) not implemented in the XMPP <text/> element.
times-to-meet
- ]]>
+]]>
If the responding entity supports none of the options offered for one or more of the features, it SHOULD return a ¬acceptable; error, and SHOULD specify the relevant feature(s) in the XMPP <text/> element.
places-to-meet
- ]]>
+]]>
If at least one feature offered by an entity is subject to Feature Negotiation, the entity's response to a service discovery information request MUST include <feature var='http://jabber.org/protocol/feature-neg'/> as one of the features.
@@ -314,7 +314,7 @@
- ]]>
+]]>
Peter Millard, the primary author of this specification from version 0.1 through version 1.4, died on April 26, 2006. The remaining authors are thankful for Peter's work on this specification.
Here we see the sender wants to be notified if the message is stored offline (by the server), notified when the message is delivered (to the client), and notified if the recipient begins replying to the message. In this case, the sender will potentially receive three events based on this request. The first if the recipient is offline and the message is stored on the server, the second when the recipient becomes available and the message is delivered, and the third if the recipient begins composing a reply to the message.
Note that the &MESSAGE; element requesting event notification contains an 'id' attribute. While these attributes are optional in the Jabber protocol, messages that contain event notification requests MUST contain an 'id' attribute so that raised events may be matched up with their original requests.
@@ -137,7 +137,7 @@
message22
- ]]>
+]]>
When raising an event, the raiser must send a &MESSAGE; element constructed according to the following rules:
The element must contain only a jabber:x:event extension. Standard message elements such as <subject/>, <body/>, MUST NOT be included.
The lack of an <composing/> tag (and any other event tag) signifies that the composing event, indicated previously by the id value, has been cancelled. In this example, the composing event being cancelled is that event that was previously raised with the id of message22. After cancelling a composing event, a new one may be raised, following the same rules as before, when the typing of the reply is resumed.
@@ -186,7 +186,7 @@ SEND:
- ]]>
+]]>
Romeo temporarily loses his wireless connection in the Capulet's orchard and therefore his message is stored offline by the montague.net server, which generates the offline event and sends that notification to Juliet.
message22
- ]]>
+]]>
Romeo reconnects and the message is delivered to his Jabber client, which generates a delivered event and sends it to Juliet's client.
message22
- ]]>
+]]>
Romeo's Jabber client displays the message and sends a displayed event to Juliet's client.
message22
- ]]>
+]]>
Romeo begins composing a reply to Juliet's heartfelt question, and his Jabber client notifies Juliet that he is composing a reply.
message22
- ]]>
+]]>
Romeo realizes his reply is too rash and pauses to choose the right words; his Jabber client senses the delay and cancels the previous composing event.
message22
- ]]>
+]]>
Romeo starts composing again, and his Jabber client sends a notification to Juliet's client.
message22
- ]]>
+]]>
Romeo finally sends his reply, and requests composing events related to it.
The target entity then MUST either return an IQ result, or return an error (see the Error Conditions section of this document). The result MUST contain a <query/> element qualified by the 'http://jabber.org/protocol/disco#info' namespace, which in turn contains one or more <identity/> elements and one or more <feature/> elements. (Note: Every entity MUST have at least one identity, and every entity MUST support at least the 'http://jabber.org/protocol/disco#info' feature; however, an entity is not required to return a result and MAY return an error, most likely &feature; or &unavailable;, although other error conditions may be appropriate.)
Each <identity/> element MUST possess the 'category' and 'type' attributes specifying the category and type for the entity, and MAY possess a 'name' attribute specifying a natural-language name for the entity; the <identity/> element MAY also possess a standard 'xml:lang' attribute, which enables the entity to return localized results if desired (i.e., the <query/> element MAY include multiple <identity/> elements with the same category+type but with different 'xml:lang' values, however the <query/> element MUST NOT include multiple <identity/> elements with the same category+type+xml:lang but with different 'name' values).
Each <feature/> element MUST possess a 'var' attribute whose value is a protocol namespace or other feature offered by the entity, and MUST NOT have any children.
@@ -304,7 +304,7 @@
- ]]>
+]]>
If the JID of the specified target entity does not exist, the server or other authoritative entity SHOULD return an ¬found; error, unless doing so would violate the privacy and security considerations specified in XMPP Core and &xmppim; or local privacy and security policies (see also the Security Considerations of this document):
- ]]>
+]]>
If privacy and security considerations or policies prevent the server or other authoritative entity from returning an ¬found; error, it SHOULD return a &unavailable; error instead:
- ]]>
+]]>
When an entity sends a disco#info request to a bare JID (<account@domain.tld>) hosted by a server, the server itself MUST reply on behalf of the hosted account, either with an IQ-error or an IQ-result. For important rules regarding access to this functionality, see the Security Considerations section of this document. In particular, in response to a disco#info request sent to a bare JID with no node, if access is not denied the server SHOULD return an IQ-result for the bare JID, in which the primary identity SHOULD have a category of "account" with an appropriate type as specified in the Service Discovery Identities registry (most likely, a type of "registered"). Note: This enables authorized or trusted entities to discover whether the account exists and its account type (e.g., in IM systems to determine the existence of an account before adding it to a contact's roster).
- ]]>
+]]>
Here we assume that shakespeare.lit is trusted by capulet.com and that the account <juliet@capulet.com> is a registered account:
- ]]>
+]]>
A query sent to an associated entity may result in different or more detailed information. One example is sending a query to a particular conference room rather than the parent conference service:
- ]]>
+]]>
A disco#info query MAY also be directed to a specific node identifier associated with a JID, although the primary use of nodes is as Items Nodes rather than as info nodes:
@@ -413,7 +413,7 @@
- ]]>
+]]>
If the request included a 'node' attribute, the response MUST mirror the specified 'node' attribute to ensure coherence between the request and the response.
The target entity then MUST either return its list of publicly-available items, or return an error. The list of items MUST be provided in an IQ stanza of type "result", with each item specified by means of an <item/> child of a <query/> element qualified by the 'http://jabber.org/protocol/disco#items' namespace (the <item/> child MUST possess a 'jid' attribute specifying the JID of the item and MAY possess a 'name' attribute specifying a natural-language name for the item):
- ]]>
+]]>
The <item/> element MUST NOT contain XML character data and SHOULD be empty; while it MAY contain XML data in another namespace, such data MUST be ignored if an implementation does not understand it.
If there are no items associated with an entity (or if those items are not publicly available), the target entity MUST return an empty query element to the requesting entity:
- ]]>
+]]>
As with disco#info requests, when an entity sends a disco#items request to a bare JID (<account@domain.tld>) hosted by a server, the server itself MUST reply on behalf of the hosted account. For important rules regarding access to this functionality, see the Security Considerations section of this document. In particular, in response to a disco#items request sent to a bare JID with no node, if access is not denied the server SHOULD return the associated items including connected or available resources as appropriate:
- ]]>
+]]>
Here we assume that shakespeare.lit is trusted by capulet.com and that the account <juliet@capulet.com> has two available resources:
- ]]>
+]]>
It is possible that an item associated with an entity will not be addressable as a JID; examples might include offline messages stored in an inbox (see &xep0013;), entries in a Jabber-enabled weblog, XML-RPC services associated with a client or component, items available in an online trading system (e.g., a catalog or auction), news postings located at an NNTP gateway, and topics hosted by a &xep0060; component. In order to handle such items, the <item/> element MAY possess an OPTIONAL 'node' attribute that supplements the REQUIRED 'jid' attribute.
@@ -512,7 +512,7 @@
id='items2'>
- ]]>
+]]>
If there are items associated with the target entity but they are not addressable as JIDs, the service SHOULD then return a list of nodes (where each <item/> element MUST possess a 'jid' attribute, SHOULD possess a 'node' attribute, and MAY possess a 'name' attribute):
- ]]>
+]]>
There may be futher nodes associated with the "first-level" nodes returned in the above query (e.g., the nodes may be categories that have associated items). The requesting entity can query a node further by sending a request to the JID and specifying the node of interest in the query.
- ]]>
+]]>
The service then returns the further nodes associated with the "parent" node. In the following example, the service itself enforces an alphabetically-ordered hierarchical structure on the nodes that are returned, but such a structure is a matter of implementation rather than protocol.
- ]]>
+]]>
The requesting entity can then query further if desired:
- ]]>
+]]>
- ]]>
+]]>
The foregoing examples show a hierarchy of nodes, in which some nodes are branches (i.e., contain further nodes) and some nodes are leaves (i.e., do not contain further nodes). The "hierarchy" category SHOULD be used to identify such nodes, where the "branch" and "leaf" types are exhaustive of the types within this category.
@@ -616,7 +616,7 @@
- ]]>
+]]>
The queried entity now returns a list of publish-subscribe nodes over which it has control, each of which is hosted on a different pubsub service:
- ]]>
+]]>
@@ -667,7 +667,7 @@
- ]]>
+]]>
Other error conditions may be appropriate depending on the application.
The following table summarizes the common error conditions that can have special meaning in the context of Service Discovery (for information regarding error condition syntax and semantics, see &xep0086;).
@@ -731,7 +731,7 @@
the document (e.g., XEP) in which this type is specified
- ]]>
+]]>
The registrant may register more than one category at a time, each contained in a separate <category/> element. The registrant may also register more than one type at a time, each contained in a separate <type/> child element. Registrations of new types within an existing category must include the full XML snippet but should not include the category description (only the name).
@@ -760,7 +760,7 @@
XEP-0030
- ]]>
+]]>
@@ -773,7 +773,7 @@
a natural-language description of the featurethe document (e.g., XEP) in which this feature is specified
- ]]>
+]]>
The registrant may register more than one feature at a time, each contained in a separate <feature/> element.
@@ -787,7 +787,7 @@
a natural-language description of the nodethe document (e.g., XEP) in which this node is specified
- ]]>
+]]>
The registrant may register more than one node at a time, each contained in a separate <node/> element.
@@ -797,20 +797,20 @@
The "disco" querytype is defined herein for service discovery interactions, with three keys: (1) "node" (the optional node to query), (2) "request" (with values of "info" to retrieve service discovery information and "items" to retrieve service discovery items), and (3) "type" (with values of "get" for IQ-gets and "set" for IQ-sets).
+]]>
- ]]>
+]]>
+]]>
- ]]>
+]]>
The following submission registers the "disco" querytype.
This creates a session between sender@domain/resource and any one receiver. At this point, the JOBS service is ready to accept connections for this session. The <session/> element describes the details for the session. The value returned in the "id" attribute is the JOBS session ID The exact value of the ID is left to JOBS implementations..
@@ -174,7 +174,7 @@
- ]]>
+]]>
- ]]>
+]]>
The returned <session/> is also prefilled with default values for all known parameters.
@@ -209,7 +209,7 @@
- ]]>
+]]>
- ]]>
+]]>
The above example creates a session that does not timeout. A JOBS service uses values from the default information set for any parameters that are missing.
@@ -239,7 +239,7 @@
- ]]>
+]]>
- ]]>
+]]>
The exact fields present in the form are dependent upon the JOBS implementation. The form SHOULD allow a user to at least specify the <session/> attributes.
Using the form-based approach, the session is then created by sending a <session action='create'/> with a form submission (as defined for "jabber:x:data"):
If the session exists, and the client's JID is not automatically rejected, the JOBS service responds with an auth-challenge packet, containing an unique, arbitrary token:
Once received, the client then sends an "iq-set" containing a <session action="authenticate"/>, which itself contains an <item type='auth' action='confirm'/> with this confirm key:
The service then compares this confirm key to that sent with the "auth-challenge" OOB packet. If this matches correctly, and the service determines this connection is authorized, the session will respond with a <session action="authenticate"/> containing a <item type="auth" action="accept"/> with the accept key:
If the connection is accepted, the JOBS service sends a "connected" packet:
+]]>
and after this, the data transfer occurs. If this connection is the sender, they may start sending data now (regardless if receivers are connected). If this connection is a receiver, the sender's data immediately follows the terminating "newline".
One or more <item type="connection" action="confirm/> elements, each specifying a JID to accept/reject. To accept (or reject) a connection, the sender responds with an "iq-result", wrapping each JID in either an <item type="connection" action="accept"/> or <item type="connection" action="reject"/>.
The service also sends notification messages to the sender and the JID of the dropped connection (detailed in the "Being Notified about Events" section).
The reason the session is deleted is specified by the action attribute. A value of "delete" means it was explicitly deleted. A value of "expire" means it timed out.
@@ -676,7 +676,7 @@ confirm: SID00001234
max CDATA #REQUIRED
min CDATA #REQUIRED
>
- ]]>
+]]>
The <session/> element is the core element to the protocol. This element provides both information about a session and the action applied to it. It has a large number of attributes, and contains zero or more <item/> elements, zero or more <connect/> elements, and zero or three <limit/> elements. It may also contain elements governed by other namespaces.
Each chunk of data is included as the XML character data of the <data/> element after being encoded as Base64 as specified in Section 4 of &rfc4648;. Each block MUST be a valid base64 block with padding at the end if needed.
The <data/> element MUST possess a 'seq' attribute; this is a 16-bit unsigned integer that acts as a counter for data chunks sent in a particular direction within this session. The 'seq' value starts at 0 (zero) for each sender and MUST be incremented for each packet sent by that entity. Thus, the second chunk sent has a 'seq' value of 1, the third chunk has a 'seq' value of 2, and so on. The counter loops at maximum, so that after value 65535 (215 - 1) the 'seq' MUST start again at 0.
The <data/> element MUST also possess a 'sid' attribute that ties the data chunk to this particular IBB session.
The sender of a data chunk need not wait for these acknowledgements before sending further stanzas. However, it is RECOMMENDED that the sender does wait in order to minimize the potential for rate-limiting penalties or throttling.
It is possible that delivery of the stanza might fail, in which case the sender's or recipient's server shall return an appropriate error:
@@ -229,14 +229,14 @@
type='set'>
- ]]>
+]]>
The receiving party then acknowledges that the bytestream has been closed by returning an IQ-result (however, the receiving party might wait until it has had a chance to send any remaining data in the other direction, if the bytestream is bidirectional; in this case, the party that sent the original <close/> element SHOULD wait to receive the IQ response from the receiving party before considering the bytestream to be closed).
- ]]>
+]]>
It is possible that the recipient of the close notification does not know about the bytestream, in which case it would return an ¬found; error.
- ]]>
+]]>
In either case, both parties MUST consider the bytestream to be closed.
This bookmark would be displayed as 'Council of Oberon' and, if activated, would attempt to join the conference room 'council@conference.underhill.org' with nickname 'Puck'.
Note: A bookmark set may contain any number of conference rooms.
@@ -152,7 +152,7 @@
- ]]>
+]]>
This bookmark would be displayed in the client as 'Complete Works of Shakespeare' and would take the user to <http://the-tech.mit.edu/Shakespeare/> when selected.
Note: A bookmark set can contain any number of URLs.
@@ -191,10 +191,10 @@
- ]]>
+]]>
- ]]>
+]]>
The stored data is automatically pushed to all of the user's connected resources.
@@ -236,7 +236,7 @@
- ]]>
+]]>
In order to retrieve stored data without receiving notifications (e.g., upon initial login), the user's client sends a retrieve-items request as specified in XEP-0060.
If a user attempts to get or set jabber:iq:private data that belongs to another user, the server MUST return a "Forbidden" or "Service Unavailable" error to the sender (the latter condition is in common use by existing implementations, although the former is preferable).
- ]]>
+]]>
If a user attempts to perform an IQ get without providing a child element, the server SHOULD return a "Bad Format" error (however, some existing implementations return a "Not Acceptable" error in such circumstances):
- ]]>
+]]>
Certain namespaces are reserved in Jabber (namespaces beginning with 'jabber:' or 'http://jabber.org/', as well as 'vcard-temp'). If a user attempts to get or set jabber:iq:private data in a reserved namespace, historically some server implementations have chosen to return an error (commonly "Not Acceptable") to the sender. Such behavior is OPTIONAL, but may be encountered by clients when interacting with some existing server implementations.
To find what commands an entity provides, the requester uses Service Discovery. Each command is a node of the responder, under the fixed node "http://jabber.org/protocol/commands" (for which the service discovery identity category is "automation" and type is "command-list"). Use of a fixed node for all commands of an entity allows for immediate retrieval of commands.
@@ -193,7 +193,7 @@
- ]]>
+]]>
- ]]>
+]]>
The result can then be used by the client to populate a menu, a dialog of buttons, or whatever is appropriate to the current user interface. The responder is not required to send the same list of commands to all requesters.
If additional information about a command is desired, the requester queries for disco information on the command node:
- ]]>
+]]>
- ]]>
+]]>
A responder MUST at least provide <identity category='automation' type='command-node'/> and <feature var='http://jabber.org/protocol/commands'/>, and SHOULD include <feature var='jabber:x:data'/>. It is not required to support additional information about a command. If the command is not available to the requester, the responder SHOULD respond with a 403 "Forbidden" error.
The only portion required is <query xmlns='http://jabber.org/protocol/disco#items'/>. Any other information (such as the <subject/> in the foregoing example) is OPTIONAL.
The requester MAY include the "action='execute'", although this is implied.
If the command does not require any user interaction (returns results only), the responder sends a packet similar to the following:
- ]]>
+]]>
The above example shows the command execution resulting in a "jabber:x:data" form. It is also possible that one or more URLs (specified via &xep0066;) could be returned.
The <command/> SHOULD include an <actions/> element, which specifies the details of what the allowed actions are for this stage of execution. Each element within <action/> matches a possible value for the <command/> element's "action" attribute. The "execute" attribute defines which of the included actions is considered the equivalent to "execute" for this stage. In the above example, the only allowed action is to progress to the next stage, which is also the default.
The requester then submits the form, maintaining the command node and sessionid:
- ]]>
+]]>
The responder then provides the next stage's form in the result Note that the second stage can be reverted to the first stage or completed (signaled by the inclusion of the <prev/> and <complete/> elements), and that the default action is to complete execution (signaled by the "execute" attribute's value of "complete").:
@@ -410,7 +410,7 @@
- ]]>
+]]>
The requester then submits the second stage's form, again maintaining the node and sessionid:
@@ -427,7 +427,7 @@
- ]]>
+]]>
Service 'httpd' has been configured.
- ]]>
+]]>
If the requester wishes to revert to the previous stage, it sends an &IQ; with the command's node and sessionid, and "action='prev'":
If the responder accepts this, it responds with the previous stage's command The responder MAY present "remembered" field values, but doing so is OPTIONAL.:
@@ -471,7 +471,7 @@
- ]]>
+]]>
In the case where a command has multiple stages, the requester may wish to cancel at some point. To cancel, the requester sends the continuing command request with an "action='cancel'":
Within the "http://jabber.org/protocol/commands" schema, the language/locale applies only to the human-readable character data for <info/> elements. It SHOULD also apply to all payload elements, appropriate to their respective specifications.
Responders MUST take this into consideration, and properly account for the language/locale settings within payloads. If the responder cannot accomodate the requested language/locale, it SHOULD respond with a <bad-request/> (<bad-locale/>) error condition.
The <file/> element is the "workhorse" element. This element is used to convey meta-data and report file transfer actions. This elemnt contains attributes for file meta-data and actions, and MAY contain a <desc/>, a <range/>, and zero or more <feature xmlns='jabber:iq:negotiate'/> (&xep0020;) elements.
If a vCard exists for the user, the server MUST return in an IQ-result:
- ]]>
+]]>
If no vCard exists, the server MUST return a stanza error (which SHOULD be ¬found;) or an IQ-result containing an empty <vCard/> element.
- ]]>
+]]>
- ]]>
+]]>
A user may publish or update his or her vCard by sending an IQ of type "set" with no 'to' address, following the format in the previous use case.
@@ -194,13 +194,13 @@
- ]]>
+]]>
The server then returns an IQ-result (or an IQ-error).
- ]]>
+]]>
Notice that the previous IQ-set included only one changed element (the <DESC/> element). Currently there is no method for partial updates of a vCard, and the entire vCard must be sent to the server in order to update any part of the vCard.
If a user attempts to perform an IQ set on another user's vCard (i.e., by setting a 'to' address to a JID other than the sending user's bare JID), the server MUST return a stanza error, which SHOULD be &forbidden; or ¬allowed;.
- ]]>
+]]>
A user may view another user's vCard by sending an IQ of type "get" to the other user's bare JID.
@@ -222,7 +222,7 @@
type='get'>
- ]]>
+]]>
In accordance with &xmppcore;, a compliant server MUST respond on behalf of the requestor and not forward the IQ to the requestee's connected resource.
jer@jabber.org
- ]]>
+]]>
If no vCard exists or the user does not exist, the server MUST return a stanza error, which SHOULD be either &unavailable; or ¬found; (but the server MUST return the same error condition in both cases to help prevent directory harvesting attacks).
- ]]>
+]]>
Note: The use of vCards is not limited to accounts associated with human users. For example, an XMPP server could itself have a vCard that defines the server's hosting organization, physical location, and relevant contact addresses.
The intent of the <first/> and <last/> elements (and associated data form fields) is that they map to given name and family name, respectively. Therefore, cultures that place the family name first and the given name second (e.g., as is done in China) would use <first/> for the given name and <last/> for the family name, NOT the other way around.
@@ -253,7 +253,7 @@
Kong
- ]]>
+]]>
There are no security features or concerns related to this proposal.
The responding entity then returns the first items of the result set in order. The number of items is limited to the requested size:
@@ -165,7 +165,7 @@
- ]]>
+]]>
An entity often needs to retrieve a page of items adjacent to a page it has already received. For examples, when retrieving a complete result set in order page by page, or when a user 'scrolls' forwards one page.
@@ -188,7 +188,7 @@
- ]]>
+]]>
Responding entity support for paging through a result set is optional. If it does support paging (not just Limiting the Number of Items), then in each page it returns, the responding entity MUST include <first/> and <last/> elements that specify the unique ID (UID) for the first and last items in the page. If there is only one item in the page, then the first and last UIDs MUST be the same. If there are no items in the page, then the <first/> and <last/> elements MUST NOT be included.
The responding entity may generate these UIDs in any way, as long as the UIDs are unique in the context of all possible members of the full result set. Each UID MAY be based on part of the content of its associated item, as shown below, or on an internal table index. Another possible method is to serialize the XML of the item and then hash it to generate the UID. Note: The requesting entity MUST treat all UIDs as opaque.
The responding entity SHOULD also include the number of items in the full result set (which MAY be approximate) encapsulated in a <count/> element. The <first/> element SHOULD include an 'index' attribute. This integer specifies the position within the full set (which MAY be approximate) of the first item in the page. If that item is the first in the full set, then the index SHOULD be '0'. If the last item in the page is the last item in the full set, then the value of the <first/> element's 'index' attribute SHOULD be the specified count minus the number of items in the last page.
@@ -216,7 +216,7 @@
- ]]>
+]]>
The requesting entity can then ask for the next page in the result set by including in its request the UID of the last item from the previous page (encapsulated in an <after/> element), along with the maximum number of items to return. Note: If no <after/> element is specified, then the UID defaults to "before the first item in the result set" (i.e., effectively an index of negative one).
@@ -228,7 +228,7 @@
- ]]>
+]]>
The first item in the page returned by the responding entity MUST be the item that immediately follows the item that the requesting entity indicated in the <after/> element:
@@ -253,7 +253,7 @@
- ]]>
+]]>
It may sometimes be necessary to return an empty page to the requesting entity. For example, with dynamic result sets the responding entity MAY delete some items from the full result set between requests. Another example occurs when the requesting entity specifies "0" for the maximum number items to return (see Getting the Item Count).
@@ -263,7 +263,7 @@
- ]]>
+]]>
If there are no items whatsoever in the full result set, the responding entity MUST return a response that adheres to the definition of the wrapper protocol (e.g., "jabber:iq:search", "http://jabber.org/protocol/disco#items", or "http://jabber.org/protocol/pubsub"). For both XEP-0055 and XEP-0030, that means the responding entity shall return an empty &QUERY; element; for XEP-0060, that means the responding entity shall return an empty <pubsub/> element; for XEP-0136, that means the responding entity shall return an empty <list/> or <store/> element.
@@ -278,7 +278,7 @@
- ]]>
+]]>
The last item in the page returned by the responding entity MUST be the item that immediately preceeds the item that the requesting entity indicated it has already received:
@@ -303,7 +303,7 @@
- ]]>
+]]>
The responding entity MUST reply with an 'item-not-found' error if all the following circumstances apply:
@@ -325,7 +325,7 @@
- ]]>
+]]>
The requesting entity MAY ask for the last page in a result set by including in its request an empty <before/> element, and the maximum number of items to return.
@@ -339,7 +339,7 @@
- ]]>
+]]>
The requesting entity MAY choose not to retrieve pages from the result set in order. (For example, when its user drags a user-interface slider to a radically new position within a very large result set.)
@@ -355,7 +355,7 @@
- ]]>
+]]>
The responding entity SHOULD derive the first UID from the specified index (the method used MAY be approximate) before returning the requested result set page in the normal way. If the specified index was "0" then the responding entity SHOULD derive the UID that is the first in the full result set.
Note: The 'index' attribute of the <first/> element MUST be the same as the index specified in the request. If the index specified by the requesting entity is greater than or equal to the number of items in the full set then the responding entity MUST return an empty page (see Paging Forwards Through a Result Set).
- ]]>
+]]>
If it would be either impossible or exceptionally resource intensive for the responding entity to derive the first UID from the specified index with reasonable accuracy then the responding entity MAY return a &e501; error.
@@ -396,7 +396,7 @@
- ]]>
+]]>
In order to get the item count of a result set without retrieving the items themselves, the requesting entity simply specifies zero for the maximum size of the result set page:
@@ -409,7 +409,7 @@
- ]]>
+]]>
The responding entity then returns the item count, which MAY be approximate rather than precise if determining the exact number of items would be resource-intensive:
@@ -419,7 +419,7 @@
- ]]>
+]]>
Note: The <count/> element MAY be omitted, but only if it would be either impossible or exceptionally resource intensive to calculate reasonably accurate values.
Note: If there are no items in the full result set then the responding entity MUST return a response that adheres to the definition of the wrapper protocol (see Paging Forwards Through a Result Set).
In order for a requesting entity to determine if a responding entity supports result set management, it SHOULD send a Service Discovery information request to the responding entity:
An entity SHOULD NOT include the result set management extensions defined in this document in its requests if it does not have positive knowledge that the responding entity supports the protocol defined herein. If the responding entity does not understand result set management, it MUST ignore such extensions.
Note: Even if a responding entity understands the result set management protocol, its support for result set management in the context of any given "using protocol" is OPTIONAL (e.g., an implementation could support it in the context of the 'jabber:iq:search' namespace but not in the context of the 'http://jabber.org/protocol/disco#items' namespace). Currently the only way for a requesting entity to determine if a responding entity supports result set management in the context of a given "using protocol" is to include result set management extensions in its request. If the responding entity does not include result set management extensions in its response, then the requesting entity SHOULD NOT include such extensions in future requests wrapped by the "using protocol" namespace.
@@ -553,7 +553,7 @@
- ]]>
+]]>
Thanks to Olivier Goffart, Jon Perlow, and Andrew Plotkin for their feedback.
Future submissions to the XMPP Registrar may register additional types.
@@ -6048,7 +6048,7 @@ xmpp:pubsub.shakespeare.lit?pubsub;action=retrieve;node=princely_musings;item=ae
Notification of subscription state changes is supported.XEP-0060
- ]]>
+]]>
@@ -6085,7 +6085,7 @@ xmpp:pubsub.shakespeare.lit?pubsub;action=retrieve;node=princely_musings;item=ae
type='text-single'
label='The subscription identifier associated with the subscription request'/>
- ]]>
+]]>
- ]]>
+]]>
- ]]>
+]]>
- ]]>
+]]>
- ]]>
+]]>
@@ -6429,7 +6429,7 @@ xmpp:pubsub.shakespeare.lit?pubsub;action=retrieve;node=princely_musings;item=ae
A subscription identifer within the pubsub protocol.XEP-0060
- ]]>
+]]>
Future submissions to the XMPP Registrar may register additional SHIM headers that can be used in relation to the pubsub protocol, and such submission may occur without updating this specification.
Any element not specified in the note should use the last known setting or client defaults, so that when a
change is sent, only the changed elements are returned.
The server will return all of the items it knows about.
- ]]>
+]]>
In this case, the "streamer.example.com" is a bytestreams proxy.
For each item in the disco#items result, the Requester needs to query to determine if it is a bytestreams proxy.
- ]]>
+]]>
The proxy returns its information and the Requester inspects it to determine if it contains an identity of category "proxy" and type "bytestreams".
- ]]>
+]]>
Next the Requester needs to request the full network address to be used for bytestreaming through the Proxy. This is done by sending an IQ-get to the proxy containing a &QUERY; element qualified by the bytestreams namespace (not the service discovery namespace). Before version 1.8 of this specification, the &QUERY; element in this use case possessed a 'sid' attribute; however, it is unnecessary for the Requester to specify the StreamID here and it would be harmful for the Proxy to reserve the StreamID at this point because the StreamID might never be used (thus forcing the Proxy to establish and maintain state about the bytestream) and because the Requester might use the Proxy's services for multiple different streams.
- ]]>
+]]>
The Proxy replies by returning an IQ-result that contains its network address, structured using the <streamhost/> child of the &QUERY; element; the <streamhost/> element MUST possess the following attributes:
host = the IP address or DNS domain name of the StreamHost for SOCKS5 communication over TCP (if the value is an IPv6 address, it MUST be formatted according to &rfc5952;, as is done in &xmppcore;)
@@ -300,7 +300,7 @@
port='7625'/>
- ]]>
+]]>
If the Requester does not have permissions to initiate bytestreams on the Proxy for whatever reason (e.g., a proxy implementation might enable administrators to ban JIDs or domains from using the Proxy), the Proxy MUST return a &forbidden; error to the Requester.
- ]]>
+]]>
If the Proxy is unable to act as a StreamHost, the Proxy MUST return an error to the Requester, which SHOULD be ¬allowed;.
- ]]>
+]]>
If the Proxy is unable to act as a StreamHost, the Proxy MUST return an error to the Requester, which SHOULD be ¬allowed;.
When replying to the Target in accordance with Section 6 of RFC 1928, the StreamHost MUST set the BND.ADDR and BND.PORT to the DST.ADDR and DST.PORT values provided by the client in the connection request.
If the Target tries but is unable to connect to any of the StreamHosts and it does not wish to attempt a connection from its side, it MUST return an ¬found; error to the Requester.
- ]]>
+]]>
After the Target has authenticated with the StreamHost/Requester, it replies to the initiate request with an IQ-result whose &QUERY; element contains a <streamhost-used/> child that specifies which StreamHost was used (in this case, the StreamHost/Requester).
@@ -456,7 +456,7 @@ STATUS = X'00'
- ]]>
+]]>
At this point, the Requester knows which StreamHost was used by the Target and the parties are able to use the StreamHost/Requester to exchange data over the bytestream.
When replying to the Target in accordance with Section 6 of RFC 1928, the Proxy MUST set the BND.ADDR and BND.PORT to the DST.ADDR and DST.PORT values provided by the client in the connection request.
@@ -575,7 +575,7 @@ STATUS = X'00'
- ]]>
+]]>
At this point, the Requester knows which StreamHost was used by the Target.
Next the Requester needs to activate the bytestream with the Proxy. This is done by sending an IQ-set to the Proxy, including an <activate/> element whose XML character data specifies the full or bare JID of the Target.
Using this information, with the SID and from address on the packet, the Proxy is able to activate the stream by hashing the SID + Requester JID + Target JID and comparing the result against the DST.ADDR it has received from the Target and Receiver. Although this provides a reasonable level of trust that the activation request came from the Requester, it does not guard against active or even passive attacks against the bytestreams negotiation (see the Security Considerations for information about potential hijacking of the negotiation).
If the Proxy can fulfill the request, it MUST respond to the Requester with an IQ-result.
- ]]>
+]]>
At this point the parties can begin exchanging data over the bytestream.
If the Proxy cannot fulfill the request, it MUST return an IQ-error to the Requester; the following conditions are defined:
The MUC room will then forward the IQ-set to the Target's real JID with a 'from' address of the Requester's room JID.
- ]]>
+]]>
Now the parties can proceed as defined for the direct or mediated connection. See the Security Considerations for information about potential hijacking of the negotiation.
There is one main difference between UDP mode and TCP mode: rather than simply establishing a TCP connection, the Target and/or Requester MUST (1) establish a UDP association and then (2) initialize the UDP channel. In particular:
After connecting to the StreamHost, the Target (direct connection) or both Target and Requester (mediated connection) MUST initialize the UDP channel. In order to do so, each sending entity MUST send a SOCKS5 UDP packet to the StreamHost on the same port used for the initial TCP connection (in the foregeoing example, a host of 192.168.4.1 and port of 5086), with DST.PORT set to '1' and DATA containing the sending entity's JID (i.e, the JID of either the Target or Requester).
Upon successful receipt by the StreamHost, the StreamHost MUST reply with a message notification indicating success:
- ]]>
+]]>
The <udpsuccess/> element indicates that the StreamHost has received a UDP initialization packet. This element has a single attribute containing the DST.ADDR that was used in the UDP packet.
If Target is unable to initialize the UDP channel, it MUST return a &remoteserver; error to RequesteRequester.
Note: Since UDP is not reliable, the Target SHOULD resend the UDP packet if the reply notification is not received within a short time (a 5-second retry is RECOMMENDED). The StreamHost SHOULD ignore duplicate UDP initialization packets once it has replied with a notification.
UDP packets sent from the StreamHost do not have any SOCKS5 headers, and so the payload shall be delivered as-is.
The programming interface for a SOCKS5 Bytestreams-aware UDP MUST report an available buffer space for UDP datagrams that is smaller than the actual space provided by the operating system and SOCKS5 layer if applicable. In other words, 4 more octets smaller.
@@ -874,7 +874,7 @@ DATA = (payload)
XEP-0065
- ]]>
+]]>
@@ -954,7 +954,7 @@ DATA = (payload)
- ]]>
+]]>
diff --git a/xep-0066.xml b/xep-0066.xml
index f1361fbc..504bb1ec 100644
--- a/xep-0066.xml
+++ b/xep-0066.xml
@@ -99,14 +99,14 @@
A license to Jabber!
- ]]>
+]]>
The expected result is for the recipient to retrieve the file via an HTTP GET request and to then inform the sender of successful receipt of the file. The receiving application MUST NOT send the IQ result until it has retrieved the complete file (e.g., it MUST NOT send the IQ result if it has merely attempted to retrieve the file or the URL provided seems to be valid):
- ]]>
+]]>
If the recipient attempts to retrieve the file but is unable to do so, the receiving application MUST return an &IQ; of type 'error' to the sender specifying a Not Found condition:
- ]]>
+]]>
If the recipient rejects the request outright, the receiving application MUST return an &IQ; of type 'error' to the sender specifying a Not Acceptable condition:
- ]]>
+]]>
The 'jabber:x:oob' namespace is used to communicate a URI to another user or application. This is done by including an &X; child element qualified by the 'jabber:x:oob' namespace in either a &MESSAGE; and &PRESENCE; stanza; the &X; child MUST contain a <url/> child specifying the URL of the resource, and MAY contain an optional <desc/> child describing the resource.
If an entity supports the out of band data protocol, it MUST report that by including a service discovery feature of "jabber:iq:oob" and/or "jabber:x:oob" in response to a &xep0030; information request:
The value of the <url/> element is not limited to URIs that conform to the http: URI scheme (as specified by &rfc2616;). For example, file transfers could also be effected using ftp: URIs as (specified by &rfc0959;). Going further afield, several existing Jabber clients use the callto: URI scheme to initiate voice conferencing via NetMeeting or GnomeMeeting. Other out-of-band communications could be initiated in a similar way via URI schemes such as sip: (as specified by &rfc3261;). All of these usages are allowed by the existing OOB namespaces, as long as the value of the <url/> element is a valid URI (as specified by &rfc3986;).
As with any mechanism that communicates a URI, care must be taken by the receiving application to ensure that the resource retrieved does not contain harmful or malicious data (e.g., a virus-infected file).
In the following example, the FORM_TYPE is 'http://jabber.org/protocol/pubsub', all of the fields whose names start with "pubsub#" are registered with the XMPP Registrar (see &xep0060;), and the custom "time_restrictions" field defined by the organization at example.com uses Clark Notation in the field name.
The registrant MAY register more than one FORM_TYPE at a time, each contained in a separate <form_type/> element. The registrant MAY also register more than one field at a time, each contained in a separate <field/> child element. Registrations of new fields within an existing FORM_TYPE MUST include the full XML snippet but SHOULD NOT include the FORM_TYPE description (only the name and the XEP number or other document identifier). Note that for ease of use the format for the <field/> element in the registry submission is the same as that defined in XEP-0004; in addition, the value of the 'type' attribute MUST be one of those defined in XEP-0004.
In addition, a registrant MAY also register particular field option values for fields of type 'list-single' and 'list-multi'. The format for such submissions is as follows:
(Refer to RFC 2617 for specification of the syntax of the Basic Access Authentication scheme; that information is not duplicated here.)
+]]>
The Digest Access Authentication scheme is defined in RFC 2617. This scheme specifies that the authorization information shall consist of the MD5 checksum of the username, a cnonce generated by the client, a nonce value provided in the challenge, the HTTP method, and the requested URL. When the realm is "xmpp", the profile defined herein further specifies that prior to creating the MD5 checksum the username MUST be a valid JID as described above, that the cnonce MUST be a transaction identifier as described above, and that any character in the JID or transaction identifier that is outside the range of the US-ASCII coded character set MUST be transformed into a percent-encoded octet as specified in Section 2.1 of RFC 3986.
The HTTP Server MAY offer any other valid authentication scheme, instead of or in addition to the Basic and Digest schemes mentioned above, as long as the scheme makes it possible to specify a userid (JID) and transaction identifier as described above. However, it is RECOMMENDED to implement both the Basic and Digest authentication schemes.
If the confirmation request was provided via an &IQ; stanza, the XMPP Client MUST respond to the request by sending an &IQ; stanza back to the XMPP Server. If the user wishes to confirm the request, the &IQ; response stanza MUST be of type "result" and MAY contain the original <confirm/> child element (although this is not necessary since the XMPP 'id' attribute can be used for tracking purposes):
If the user wishes to deny the request, the &IQ; response stanza MUST be of type "error", MAY contain the original <confirm/> child element (although this is not necessary since the XMPP 'id' attribute can be used for tracking purposes), and MUST specify an error, which SHOULD be ¬authorized;:
- ]]>
+]]>
If the confirmation request was provided via a &MESSAGE; stanza and the &MESSAGE; contains a human-readable &BODY; or does not contain a &BODY; but the XMPP Client understands the 'http://jabber.org/protocol/http-auth' namespace, the XMPP Client SHOULD respond to the request by sending a &MESSAGE; stanza back to the XMPP Server. If the user wishes to confirm the request, the &MESSAGE; response stanza SHOULD be of type "normal", MUST mirror the <thread/> ID (if provided by the XMPP Server), and MUST contain the original <confirm/> child element:
- ]]>
+]]>
If the user wishes to deny the request, the &MESSAGE; response stanza MUST be of type "error", MUST mirror the <thread/> ID (if provided by the XMPP Server), MUST contain the original <confirm/> child element, and MUST specify an error, which SHOULD be ¬authorized;:
- ]]>
+]]>
Once the XMPP Client has successfully confirmed the request, the XMPP Server forwards that confirmation to the HTTP Server, which allows access: