diff --git a/inbox/push.xml b/inbox/push.xml new file mode 100644 index 00000000..cfc512d6 --- /dev/null +++ b/inbox/push.xml @@ -0,0 +1,516 @@ + + +%ents; +]> + + +
+ Push + This specification defines a way for an XMPP servers to broadcast information for use in push notifications to mobile and other devices. + &LEGALNOTICE; + xxxx + ProtoXEP + Standards Track + Standards + + XMPP Core + XMPP IM + XEP-0004 + XEP-0030 + XEP-0060 + + + + NOT_YET_ASSIGNED + + Lance + Stout + lancestout@gmail.com + lance@lance.im + + + 0.0.1 + 2015-02-23 + lance +

Initial version.

+
+
+ +

The purpose of push notifications is to inform users of new messages or other pertinent information even when they have no XMPP clients online.

+

Typically, these notifications are delivered to a user's mobile device, displaying a notice that can trigger opening an XMPP client to continue a conversation or answer a Jingle session request.

+ +

There have been several push noticiations implementations by mobile XMPP client vendors. However, experience has shown that these implementations carried several drawbacks:

+ + +

The goal for this document is to make the generalized case possible, whereby a user may use their XMPP client of choice with their own server of choice. The requirements are thus:

+ + +

Note: Any publish-subscribe use cases not described herein are described in XEP-0060. Also, this document does not show error flows related to the generic publish-subscribe use cases referenced herein, since they are exhaustively defined in XEP-0060. The reader is referred to XEP-0060 for all relevant protocol details related to the XMPP publish-subscribe extension. This document merely defines a "subset" or "profile" of XMPP publish-subscribe.

+
+ + +

XMPP Push works between the user's XMPP server and two push notification services in tandem:

+
    +
  1. The user's XMPP server publishes notifications to the XMPP Push Service of each of the user's client applications.
  2. +
  3. The XMPP Push Service (as defined here) for a client application then delivers the notification to a third-party notification delivery service.
  4. +
  5. The third-party (and potentially proprietary or platform-dependent) push service delivers the notification from the client application's backend service to the user's device.
  6. +
+ +

This two-tiered push architecture allows the user's XMPP server to deliver notifications to arbitrary third-pary clients, and in turn allows those clients to use the appropriate delivery mechanism for their platforms without having to share any private keys or other credentials with the XMPP server.

+ + +

The current state-of-the-art for a generic push notification service requires four actors:

+
+ +
App Client
+
The app client is the software installed and ran by the user, and is the final receiver of a push notification.
+
+ +
App Server
+
The app server is a backend service for the app client. At minimum, the app server exists to trigger push notifications, but it often also performs business logic for the app.
+
+ +
User Agent
+
The user agent is a service running locally on the user's device which receives push notifications and delivers them to the appropriate application.
+
+ +
Push Service
+
The push service is what ferries notifications from the App Server to the User Agent. How it does so is often proprietary and vendor/platform dependent.
+
+
+ +

Enabling notifications is a five step process:

+
    +
  1. The App Client asks the User Agent to authorize the delivery of notifications.
  2. +
  3. The User Agent then requests a token from the Push Service which authorizes delivery of notifications to that User Agent and App Client.
  4. +
  5. The Push Service issues the token to the User Agent.
  6. +
  7. The User Agent gives the token to the App Client.
  8. +
  9. The App Client sends the token to the App Server for later use.
  10. +
+ App Server | +| | | | ++-+--------^-+ +------------+ + |1 |4 + | | ++-v--------+-+ 3 +---------------+ +| <----------+ | +| User Agent | | Push Service | +| +----------> | ++------------+ 2 +---------------+ +]]> +

To send a push notification, the App Server sends the notification data to the Push Service along with the saved token.

+ + +
+ + +

To build an XMPP Push service on top of a general push service, we perform the following mapping:

+
    +
  • The general App Client becomes the XMPP User Agent
  • +
  • The general App Server becomes the XMPP Push Service
  • +
  • The XMPP server is now the new logical "App Server"
  • +
  • The XMPP client portion of the application is the new logical "App Client"
  • +
+ XMPP Server | +| | | | ++-+--------^--+ +-------------+ + |1 |4 + | | ++-v--------+-+ 3 +------------+-------------------+ +| <----------+ | | +| App Client | | App Server | XMPP Push Service | +| +----------> | | ++------------+ 2 +------------+-------------------+ +]]> +
+
+ + +

An XMPP Push Service is a PubSub service as defined by the XMPP &xep0060; extension. The functional difference between a Push Service and a generic pubsub service is that a Push Service will generally summarize and re-broadcast published content via non-XMPP mechanisms.

+

Note: a Push Service is provided by a specific client application as part of the App Server. A user's XMPP server will typically not act as a Push Service itself, but will instead publish to the Push Services for the user's client applications.

+ + +

A Push Service MUST:

+
    +
  • Support the 'whitelist' access model and set it to the default.
  • +
  • Support the 'publish-only' affiliation.
  • +
+
+ +

Each PubSub node is a delivery target for the Push Service, which could represent multiple devices for a single user.

+

In order to prevent information leaks, each node SHOULD be configured with a 'whitelist' access model so that only trusted entities are able to view or subscribe to published notifications. Furthermore, the 'publish-only' affiliation SHOULD be used to allow acceptable entities (such as the user's bare JID) to publish to the node to trigger notifications.

+

Care ought to be taken to ensure that publish requests are coming from the user's server and not from other third-party client applications using the full JID of a user. A Push Service MAY opt to only accept or further process publish requests from bare JIDs to ensure that only a user's server is able to publish, but it SHOULD instead use publish options with credentials shared only with the user's server (see Enabling Notifications).

+
+
+ + + +

Before enabling or disabling push services, a client SHOULD determine whether the user's server supports publishing push notifications; to do so, it MUST send a &xep0030; information quest to the user's bare JID:

+ + + +]]> +

If the user's server supports publishing push notifications and the account is provisioned to allow them, the server MUST include the feature 'urn:xmpp:push:0' in its list of supported features.

+ + + + + + ... + + +]]> +
+ + +

If a service supports the XMPP Push Service publish-subscribe profile described herein, it MUST include an identity of "pubsub/push" in "disco#info" results.

+ + + + + ... + + +]]> +
+
+ + +

The full process for enabling notifications requires initializing two separate push services: between the App Client and App Server, and between the App Server and the user's XMPP server.

+

Note: It is assumed that an App Client is able to perform any registration procedures it requires to bootstrap its own preferred push notification system. Furthermore, it is assumed that the App Client or App Server is able to provision a node on its own XMPP Push Service. It is possible, but not required, to perform these actions over XMPP using &xep0077;.

+ +
    +
  1. The App Client performs any necessary bootstrapping and registration for its preferred push service.
  2. +
  3. The App Client registers itself with the App Server.
  4. +
  5. The App Server allocates or reuses a node on the App Server's XMPP Push Service.
  6. +
  7. The App Server informs the App Client of the provisioned node, along with any additional parameters required for publishing to that node.
  8. +
  9. The App Client requests the XMPP server to publish notifications to the given node.
  10. +
+ + XMPP Server | +| | 5b | | ++------^------+ +-------------+ + |5a + | ++------+-----+ 4 +--------------+---------------------+ +| <----------+ | | +| App Client | | App Server <-3-> XMPP Push Service | +| +----------> | | ++--+------^--+ 2 +--------------+---------------------+ + |1a |1d + | | ++--v------+--+ 1c +---------------+ +| <----------+ | +| User Agent | | Push Service | +| +----------> | ++------------+ 1b +---------------+ +]]> + +

For the last step, the App Client sends an IQ-set to the user's bare JID with an <enable /> element qualified by the 'urn:xmpp:push:0' namespace, which MUST contain a 'jid' attribute of the XMPP Push Service being enabled. It SHOULD contain a 'node' attribute which is set to the provisioned node specified by the App Server.

+ + + + +]]> + +

An App Server MAY require additional information to be provided with each published notification, such as authentication credentials. These parameters are included in the enable request by adding a XEP-0004 data form with a FORM_TYPE of 'http://jabber.org/protocol/pubsub#publish-options'.

+ + + + + http://jabber.org/protocol/pubsub#publish-options + eruio234vzxc2kla-91 + + + +]]> + +

The JID for a Push Service MAY be enabled multiple times for a user only if different node values are provided. If the combination of JID and node has already been enabled, then the server SHOULD use the last received request for any publish options.

+
+ + +

If the user decides to stop push notifications for a particular client application, the App Client SHOULD send an IQ-set to the user's bare JID with a <disable /> element qualified by the 'urn:xmpp:push:0' namespace, which MUST include a 'jid' attribute of the service to be removed.

+ + + + +]]> + +

A 'node' attribute MAY be included to remove a particular JID and node combination if multiple nodes have been enabled for a single service JID.

+ + + + +]]> + +

If a 'node' attribute is provided, then only that combination of JID and node SHOULD be removed from the set of enabled services. Otherwise, the server SHOULD disable all enabled entries for the specified service for the user.

+ +

When a service is not enabled, the server MUST NOT attempt publishing notifications to the service.

+
+ + +

When the user's server detects an event warranting a push notification, it performs a PubSub publish to all XMPP Push Services registered for the user, where the item payload is a <notification /> element in the 'urn:xmpp:push:0' namespace.

+

A XEP-0004 data form whose FORM_TYPE is 'urn:xmpp:push:summary' MAY be included to provide summarized information such as the number of unread messages or number of pending subscription requests.

+

Other elements MAY be included if relevant for the notification.

+ + + + + + + urn:xmpp:push:summary + 1 + juliet@capulet.example/balcony + Wherefore art thou, Romeo? + + Additional custom elements + + + + + +]]> + +

If additional data was provided when enabling the service, the publish request SHOULD include the data as publish options.

+ + + + + + + + urn:xmpp:push:summary + 1 + juliet@capulet.example/balcony + Wherefore art thou, Romeo? + + Additional custom elements + + + + + + http://jabber.org/protocol/pubsub#publish-options + eruio234vzxc2kla-91 + + + + +]]> + + +

If a publish request is returned with an IQ-error, then the server SHOULD consider the particular JID and node combination to be disabled.

+

However, a server MAY choose to keep a service enabled if the error is deemed recoverable or transient, until a sufficient number of errors have been received in a row.

+
+ + +

Once the notification has been published to the XMPP Push Service, it is left to the implementation how to deliver the notification to the user's device. However, the general flow for the process looks like so:

+ +
+
+ + +

It can be desirable for an XMPP Push Service to stop accepting notifications the user's XMPP server. To do so, the XMPP Push Service removes the 'publish-only' (or other publish-enabling affiliation) from the user's JID, and MAY send an affiliation change notice to the user's bare JID:

+ + + + + + +]]> + +

Upon receiving an affiliation change event, the server MAY remove the received JID and node combination from the set of enabled services. If a server does not do so, then the service will be removed from the enabled set through the error handling process.

+
+ + +

Push notifications require routing private information, such as message bodies, through third parties. As such, server implmentations SHOULD allow users to limit the information sent via push notifications.

+

It is NOT RECOMMENDED to allow in-band modification of push notification settings. Such operations SHOULD be done out-of-band to prevent privilege escalation.

+
+ + +

This document requires no interaction with &IANA;.

+
+ + + +

The ®ISTRAR; includes 'urn:xmpp:push:0' in its registry of protocol namespaces (see &NAMESPACES;).

+
    +
  • urn:xmpp:push:0
  • +
+
+ + &NSVER; + + +

XEP-0068 defines a process for standardizing the fields used within Data Forms scoped by a particular namespace, and the XMPP Registrar maintains a registry of such FORM_TYPES (see &FORMTYPES;).

+ + + + urn:xmpp:push:summary + XEP-XXXX + Provides summarizing information about a user for use in push notifications. + + + + + +]]> + +
+ +

The ®ISTRAR; includes a category of "component" in its registry of Service Discovery identities (see &DISCOCATEGORIES;); as a result of this document, the Registrar includes a type of "jidprep" to that category.

+

The registry submission is as follows:

+ + pubsub + + push + + A push notification service that supports the publish-subscribe profile defined in XEP-XXXX. + + XEP-XXXX + + +]]> +
+
+ + + + + + + + + The protocol documented by this schema is defined in + XEP-xxxx: http://www.xmpp.org/extensions/xep-xxxx.html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +]]> + +