Privacy lists, as specified in &xep0016;, are represented in this format by including a <query/> element qualified by the 'jabber:iq:privacy' namespace as a child of the <user/> element. This element should contain all privacy lists associated with the user. A default privacy list, if set, is specified by including a <default/> element as a child of the <query/> element.
+ +Each <user/> element SHOULD contain pending incoming subscription requests associated with the user's account. Incoming subscription requests are represented by including <presence/> elements qualified by the 'jabber:client' namespace with the 'type' attribute set to a value of 'subscribe' as children of the <user/> element.
+ +At any point in the file, an exporting server may put an XInclude <include/> element, to split the data into several files. An importing server MUST support <include/> elements having an 'href' attribute containing a relative URI, having no 'parse' attribute, and having no 'xpointer' attribute; it MAY support other kinds of <include/> elements.
+An exporting server may split the data in several files by using the XInclude <include/> element. An importing server MUST support <include/> elements having an 'href' attribute containing a relative URI, having no 'parse' attribute, and having no 'xpointer' attribute; it MAY support other kinds of <include/> elements. An exporting server SHOULD NOT include and an importing server SHOULD NOT process <include/> elements which are decendents, but not children of the <user/> element (since these may be part of user data).
If an exporting server chooses to split the data into several files, it SHOULD use the following scheme:
@@ -296,7 +350,8 @@Exported data files are to be handled with care, since they contain data that users expect to be protected, in particular passwords. An exporting server SHOULD make sure that the generated file is not accessible to unauthorized persons, e.g. by enforcing strict file permissions.
+Exported data files are to be handled with care, since they contain data that users expect to be protected, in particular passwords. An exporting server SHOULD make sure that the generated file is not accessible to unauthorized persons, e.g. by enforcing strict file permissions.
+XInclude <include/> elements which are indirect descendents of the <user/> element SHOULD be treated as opaque user data, and SHOULD NOT be processed.