From 8cd1320ddc7822ffecf04f524de3514ad6dbae86 Mon Sep 17 00:00:00 2001 From: Thilo Molitor Date: Thu, 5 Jan 2023 06:43:51 +0100 Subject: [PATCH] Port version 0.5 to :0 namespace and introduce --- xep-0353.xml | 164 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 107 insertions(+), 57 deletions(-) diff --git a/xep-0353.xml b/xep-0353.xml index 59f9f886..282b8fc0 100644 --- a/xep-0353.xml +++ b/xep-0353.xml @@ -27,6 +27,14 @@ &fippo; &stpeter; &tmolitor; + + 0.6.0 + 2022-01-29 + tm + + Port version 0.5 to :0 namespace and improve tie-breaking section + + 0.5.0 2022-01-05 @@ -106,12 +114,12 @@

All &MESSAGE; stanzas exchanged by this protocol MUST be of type="chat" and contain &xep0334; <store/> hints.

-

In order to prepare for sending a Jingle invitation, the initiator (e.g., Romeo) sends a &MESSAGE; stanza containing a <propose/> element qualified by the 'urn:xmpp:jingle-message:1' namespace. The <propose/> element MUST possess an 'id' attribute being a globally unique identifier. It therefore is RECOMMENDED to use UUIDv4. This id will also be used for the session invitation of &xep0166; later on. The <propose/> element MUST contain one <description/> element for each media type associated with the intended session.

+

In order to prepare for sending a Jingle invitation, the initiator (e.g., Romeo) sends a &MESSAGE; stanza containing a <propose/> element qualified by the 'urn:xmpp:jingle-message:0' namespace. The <propose/> element MUST possess an 'id' attribute being a globally unique identifier. It therefore is RECOMMENDED to use UUIDv4. This id will also be used for the session invitation of &xep0166; later on. The <propose/> element MUST contain one <description/> element for each media type associated with the intended session.

- + @@ -127,16 +135,29 @@ node='http://psi-im.org' ver='q07IKJEyjvHSyhy//CH0CxmKi8w='/> +]]> + + +

Upon receiving the <propose/> message, the responder's various devices will start "ringing" and indicate so by sending a message to the bare JID of the initiator containing a <ringing/> element qualified by the 'urn:xmpp:jingle-message:0' namespace and specifying the session ID of the original <propose/> message.

+

This makes it possible to reflect the real state of the call in the UI and therefore comprises for better UX. It also somewhat compensates for the (intentionally) missing discovery of this protocol.

+ + + + ]]> -

It can happen that the initiator might want to disavow intent to send a session invitation (e.g., because the initiator has accepted another session). The initiator can do so by sending a message stanza containing a <retract/> element specifying the same session ID.

-

The <retract/> element MUST contain a <reason/> element as defined in &xep0166; section 7.4. This SHOULD use a condition of <cancel/>, but implementations MAY use other conditions if deemed more appropriate (see Security Considerations below for details and rationale).

- It can happen that the initiator might want to disavow intent to send a session invitation (e.g., because the initiator has accepted another session). The initiator can do so by sending a message stanza containing a <retract/> element qualified by the 'urn:xmpp:jingle-message:0' namespace and specifying the session ID of the original <propose/> message.

+

The <retract/> element SHOULD contain a <reason/> element as defined in &xep0166; section 7.4. This SHOULD use a condition of <cancel/>, but implementations MAY use other conditions if deemed more appropriate (see Security Considerations below for details and rationale).

+

In conjunction with &xep0313; upon ending the catchup phase the responder SHOULD consider all sessions for which it received a <propose/> but no <retract/> or <finish/> message to be still active and allow the user to accept the intent to start a session.

+ - + Retracted @@ -145,21 +166,20 @@ ]]> -

In conjunction with &xep0313; upon ending the catchup phase the responder SHOULD consider all sessions for which it received a <propose/> but no <retract/> or <finish/> message to be still active and allow the user to accept the intent to start a session.

 - -

Upon receiving the intent message, the responder's various devices will "ring" and the responder will answer the call on a particular device. Here we assume that since this is an audio-only call, Juliet chooses to take the call on the device associated with her "phone" resource.

-

Her "phone" resource informs all of her resources and all of the initiator's resources about accepting the call by sending a message to the bare JID of the initiator containing an <accept/> element specifying the session ID of the original <propose/> message.

- +

The responder will answer the call on a particular device. Here we assume that since this is an audio-only call, Juliet chooses to take the call on the device associated with her "phone" resource.

+

Her "phone" resource informs all of her resources and all of the initiator's resources about accepting the call by sending a message to the bare JID of the initiator containing an <proceed/> element qualified by the 'urn:xmpp:jingle-message:0' namespace and specifying the session ID of the original <propose/> message.

+ - + ]]> -

Juliet's server broadcasts this accept message to all of her resources (as described in &xep0280;), which stop ringing, and to all of Romeo's resources (as described in &rfc6121;). Romeo's resources that did not send the <propose/> can use this &MESSAGE; stanza to update their UI or choose to ignore this &MESSAGE; stanza altogether.

-

Next, the device from which Juliet accepted the call sends directed presence to Romeo for the reasons described above.

+

Juliet's server broadcasts this accept message to all of her resources (as described in &xep0280;), which stop ringing, and to all of Romeo's resources (as described in &rfc6121;). Romeo's resources that did not send the <propose/> can use this &MESSAGE; stanza to update their UI or choose to ignore this &MESSAGE; stanza altogether.

+

Next, the device from which Juliet accepted the call SHOULD also send directed presence to Romeo if the two entities do not already share presence information, for the reasons described above.

@@ -171,14 +191,14 @@ ]]> -

Instead of accepting the call, the responder might want to decline the call and tell all of her devices to stop ringing (e.g., perhaps because Romeo is getting to be a bit of a nuisance). She does this by rejecting the call on one of her devices and having that device tell all of the other devices to stop ringing by sending a &MESSAGE; stanza containing a <reject/> element specifying the session ID of the original <propose/> message to the bare JID of Romeo.

-

The <reject/> element MUST contain a <reason/> element as defined in &xep0166; section 7.4. The <reason/> element SHOULD use a condition of <busy/>, but implementations MAY use other conditions if deemed more appropriate (see Security Considerations below for details and rationale).

-

In Tie-Breaking scenarios it MUST also contain a <tie-break/> element as defined in Tie Breaking.

- Instead of accepting the call, the responder might want to decline the call and tell all of her devices to stop ringing (e.g., perhaps because Romeo is getting to be a bit of a nuisance). She does this by rejecting the call on one of her devices and having that device tell all of the other devices to stop ringing by sending a &MESSAGE; stanza containing a <reject/> element qualified by the 'urn:xmpp:jingle-message:0' namespace and specifying the session ID of the original <propose/> message to the bare JID of Romeo.

+

The <reject/> element SHOULD contain a <reason/> element as defined in &xep0166; section 7.4. If given, the <reason/> element SHOULD use a condition of <busy/>, but implementations MAY use other conditions if deemed more appropriate (see Security Considerations below for details and rationale).

+

In Tie-Breaking scenarios it MUST also contain a <tie-break/> element as defined in Tie Breaking.

+ - + Busy @@ -198,7 +218,7 @@ + sid='ca3cf894-5325-482f-a412-a6e9f832298d'> @@ -240,14 +260,14 @@ ]]> -

This protocol in conjunction with &xep0280; and &xep0313; allows all devices of both involved parties to get synchronized about session start, rejection etc. To synchronize the ending of the session, both parties MUST send a message stanza containing a <finish/> element specifying the same session ID as in Accept to the bare jid of the other party.

+

This protocol in conjunction with &xep0280; and &xep0313; allows all devices of both involved parties to get synchronized about session start, rejection etc. To synchronize the ending of the session, both parties SHOULD send a message stanza containing a <finish/> element qualified by the 'urn:xmpp:jingle-message:0' namespace and specifying the same session ID as in proceed to the bare jid of the other party.

Letting both involved parties send the <finish/> element makes sure we have the correct state in MAM archives etc. even if one client suddenly looses connectivity/power. It even makes possible for a client to determine if the call is still deemed "running" by the other party if it manages to recover from connectivity loss — before the other party runs into a timeout and sends a <finish/> — to recover the session or formally terminate the call (by ending the Jingle session and sending a <finish/> message itself). See Tie Breaking for more infos on this and similar scenarios.

-

The <finish/> element MUST contain a <reason/> element as defined in &xep0166; section 7.4. This SHOULD use a condition of <success/>, but implementations MAY use other conditions if deemed more appropriate (see Security Considerations below for details and rationale).

+

The <finish/> element SHOULD contain a <reason/> element as defined in &xep0166; section 7.4. This SHOULD use a condition of <success/> or <expired/>, but implementations MAY use other conditions like <connectivity-error/> if deemed more appropriate (see Security Considerations below for details and rationale).

- + Success @@ -260,7 +280,7 @@ - + Success @@ -272,15 +292,17 @@ -

It is possible that a <propose/> message can be sent at the same time by both parties or a new session started while one is already running. Implementations of this specification MUST implement the following solutions to solve this. (This is loosely based upon section 7.2.16 of &xep0166;.)

+

It is possible that a <propose/> message can be sent at the same time by both parties or a new session started while one is already running. Implementations of this specification SHOULD implement the following solutions to solve this. (This is loosely based upon section 7.2.16 of &xep0166;.)

-

In this case (e.g. no party answered the <propose/> message yet) the lower of the two session IDs MUST overrule the other action, where by "lower" is meant the session ID that is sorted first using "i;octet" collation as specified in Section 9.3 of &rfc4790; (in the unlikely event that the random session IDs are the same, the action sent by the lower of the JabberIDs MUST overrule the other action). The party that receives the <propose/> action with the lower of the two session IDs MUST respond with an <accept/> or <reject/> mesage like it would normally do for a <propose/> message, and the party that receives the <propose/> action with the higher of the two session IDs MUST return a <reject/> message to the other party with a <tie-break/> child element alongside of a <reason/> element carrying the condition <expired/>.

- In this case (e.g. no party answered the <propose/> message yet) the lower of the two session IDs MUST overrule the other action, where by "lower" is meant the session ID that is sorted first using "i;octet" collation as specified in Section 9.3 of &rfc4790; (in the unlikely event that the random session IDs are the same, the action sent by the lower of the JabberIDs MUST overrule the other action).

+

The party that receives the <propose/> action with the lower of the two session IDs MUST send a <retract/> message for the higher session ID to the other party with a <tie-break/> child element alongside of a <reason/> element carrying the condition <expired/> and then eventually respond with an <proceed/> or <reject/> mesage like it would normally do for a received <propose/> message.

+

The party that receives the <propose/> action with the higher of the two session IDs MUST return a <reject/> message to the other party with a <tie-break/> child element alongside of a <reason/> element carrying the condition <expired/>.

+ - + @@ -290,7 +312,7 @@ - + @@ -300,7 +322,21 @@ - + + + + Tie-Break + + + + + + + + + Tie-Break @@ -314,21 +350,21 @@ - + ]]> -

If (from the perspective of the responder of the new session) there is already a session to the bare-jid of the initiator active (e.g. call already accepted but no <finish/> element received by the responder so far), the old session MUST be deemed an orphan and terminated by the responder of the new session in favor of the new one. The responder MUST transparently accept the new session and finish the old one, because it can be assumed that this new session is a transparent continuation of the old one.

-

She does so by first accepting the new session (sending an <accept/> message like she would do normally) and then sending a <finish/> message including a child element whose to-attribute refers to the old Jingle session id and including a <reason/> condition of <expired/>.

-

That makes it possible for the initiator of the new session to transparently switch devices (e.g. migrate the call to a new device) or resume an alreay running session after a sudden connectivity/power loss.

+

If (from the perspective of the responder of the new session) there is already a session to the bare-jid of the initiator active (e.g. call already accepted but no <finish/> element received by the responder so far), the old session MUST be deemed an orphan and terminated by the responder of the new session in favor of the new one. The responder SHOULD transparently accept the new session and finish the old one, because it can be assumed that this new session is a transparent continuation of the old one.

+

The responder does so by sending a <finish/> message including a <reason/> condition of <expired/> and having a <migrated> child element whose to-attribute refers to the new Jingle session id, and accepting the new session by sending an <proceed/> message like they would do normally.

+

That makes it possible for the initiator of the new session to transparently switch devices (e.g. migrate the call to a new device) or resume a still running session after a sudden connectivity/power loss.

- + @@ -338,7 +374,7 @@ - + @@ -348,42 +384,48 @@ - + - + + + - - - - - - - - + Session migrated - + + + + + + + - + + + + Success + + @@ -391,7 +433,12 @@ - + + + + Success + + @@ -401,13 +448,13 @@

Participants MUST use &xep0280; and &xep0313; to make sure all devices of initiator and responder receive all messages exchanged by this protocol. Without &xep0280; implementations would need to send copies of outgoing messages to their own bare jid, to inform their own devices about an event (like it was done with the <accept/> message in the old urn:xmpp:jingle:jingle-message:0 specification).

-

In a &xep0313; (or &xep0198;) catchup scenario client developers MAY choose to not show an "incoming call" UI upon receiving a <propose/> message because they could receive another message for the same Jingle session id later in the catchup process invalidating the <propose/> received before. Showing the "incoming call" UI as soon as receiving an <accept/> might comprise bad UX.

+

In a &xep0313; (or &xep0198;) catchup scenario client developers MAY choose to not show an "incoming call" UI upon receiving a <propose/> message because they could receive another message for the same Jingle session id later in the catchup process invalidating the <propose/> received before. Showing the "incoming call" UI as soon as receiving a <propose/> might comprise bad UX.

In the rare case of missing <finish/> elements from both initiator and responder, sessions SHOULD be considered terminated after an appropriate timeframe (for example 24 hours) and indicated so in the UI.

All 'id' attributes MUST be globally unique to make sure they do not collide, and therefore it is RECOMMENDED to use UUIDv4.

 -

Because exchanging messages with other entities is effectively is a presence leak, an XMPP client that implements the receiving side of this specification MUST disable sending of accept messages by default and MUST enable the feature only as a result of explicit user confirmation. Such confirmation can be provided per request, by automatically allowing requests received from Jingle initiators in the responder's contact list, or through some other suitable means as long as sending accept messages does not occur by default.

-

Because sending of reasons other than the default ones (e.g. <cancel/> for <retract/>, <busy/> or <expired/> for <reject/> and <success/> or <expired/> for <finish/>) may leak privacy related information the user does not want to leak, sending of those non-default reasons should be carefully considered by client developers.

+

Because exchanging messages with other entities is effectively a presence leak, an XMPP client that implements the receiving side of this specification MUST disable sending of accept messages by default and MUST enable the feature only as a result of explicit user confirmation. Such confirmation can be provided per request, by automatically allowing requests received from Jingle initiators in the responder's contact list, or through some other suitable means as long as sending accept messages does not occur by default.

+

Because sending of reasons other than the default ones (e.g. <cancel/> for <retract/>, <busy/> or <expired/> for <reject/> and <success/> or <expired/> (or <connectivity-error/>) for <finish/>) may leak privacy related information the user does not want to leak, sending of those non-default reasons should be carefully considered by client developers.

Thanks to Lance Stout, Holger Weiß and Daniel Gultsch for their feedback.

@@ -419,7 +466,7 @@

This specification defines the following XML namespace:

    -
  • urn:xmpp:jingle:jingle-message:1
    • +
  • urn:xmpp:jingle:jingle-message:0

The ®ISTRAR; includes the foregoing namespace to the registry located at &NAMESPACES;, as described in Section 4 of &xep0053;.

 @@ -427,6 +474,9 @@ &NSVER; + +

Versions 0.4 and 0.5 of this specification define more or less the same protocol in the namespace urn:xmpp:jingle:jingle-message:1 (but in many places using MUST rather than SHOULD and removing <proceed/> in favor of <accept/>). To provide for greater backwards compatibility, version 0.6 of this document switched back to the old urn:xmpp:jingle:jingle-message:0 namespace. Future updates requiring a namespace bump should therefore directly bump the namespace version to :2 ans skip :1.

+ @@ -434,8 +484,8 @@