mirror of
https://github.com/moparisthebest/xeps
synced 2024-12-22 07:38:52 -05:00
XEP-0357: Use server JID as 'from' address
This commit is contained in:
parent
5d9029cfb8
commit
8656899927
14
xep-0357.xml
14
xep-0357.xml
@ -29,6 +29,12 @@
|
||||
<email>lancestout@gmail.com</email>
|
||||
<jid>lance@lance.im</jid>
|
||||
</author>
|
||||
<revision>
|
||||
<version>0.3</version>
|
||||
<date>2017-07-07</date>
|
||||
<initials>hw</initials>
|
||||
<remark><p>Use server JID as 'from' address for notifications.</p></remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>0.2.1</version>
|
||||
<date>2016-02-16</date>
|
||||
@ -189,8 +195,8 @@
|
||||
</section2>
|
||||
<section2 topic='Business Rules'>
|
||||
<p>Each PubSub node is a delivery target for the Push Service, which could represent multiple devices for a single user.</p>
|
||||
<p>In order to prevent information leaks, each node SHOULD be configured with a 'whitelist' access model so that only trusted entities are able to view or subscribe to published notifications. Furthermore, the 'publish-only' affiliation SHOULD be used to allow acceptable entities (such as the user's bare JID) to publish to the node to trigger notifications.</p>
|
||||
<p>Care SHOULD be taken to ensure that publish requests are coming from the user's server and not from other third-party client applications using the full JID of a user. A Push Service MAY opt to only accept or further process publish requests from bare JIDs to ensure that only a user's server is able to publish, but it SHOULD instead use publish options with credentials shared only with the user's server (see <link url='#publish-options'>Enabling Notifications</link>).</p>
|
||||
<p>In order to prevent information leaks, each node SHOULD be configured with a 'whitelist' access model so that only trusted entities are able to view or subscribe to published notifications. Furthermore, the 'publish-only' affiliation SHOULD be used to allow acceptable entities (such as the server JID and the user's bare JID) to publish to the node to trigger notifications.</p>
|
||||
<p>Care SHOULD be taken to ensure that publish requests are coming from the user's server and not from other third-party client applications using the full JID of a user. A Push Service MAY opt to only accept or further process publish requests from server JIDs and bare user JIDs to ensure that only a user's server is able to publish, but it SHOULD instead use publish options with credentials shared only with the user's server (see <link url='#publish-options'>Enabling Notifications</link>).</p>
|
||||
</section2>
|
||||
</section1>
|
||||
|
||||
@ -324,7 +330,7 @@
|
||||
<p>Other elements MAY be included if relevant for the notification.</p>
|
||||
<example caption='Server publishes a push notification'><![CDATA[
|
||||
<iq type='set'
|
||||
from='user@example.com'
|
||||
from='example.com'
|
||||
to='push-5.client.example'
|
||||
id='n12'>
|
||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||
@ -349,7 +355,7 @@
|
||||
|
||||
<example caption='Server publishes a push notification with provided publish options'><![CDATA[
|
||||
<iq type='set'
|
||||
from='user@example.com'
|
||||
from='example.com'
|
||||
to='push-5.client.example'
|
||||
id='n12'>
|
||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||
|
Loading…
Reference in New Issue
Block a user