A user may retrieve his or her own vCard by sending XML of the following form to his or her own JID (the 'to' attibute SHOULD NOT be included):
-A user may retrieve his or her own vCard by sending XML of the following form to his or her own JID (the 'to' attibute MUST NOT be included):
+The server should then return the vCard to the user:
-A user may update his or her vCard by sending an IQ of type "set" to the server, following the format in the previous use case.
-If a user attempts to perform an IQ set on another user's vCard, the server MUST return a 403 "Forbidden" error.
+A user may publish or update his or her vCard by sending an IQ of type "set" to the server, following the format in the previous use case.
+The server then returns an IQ-result (or an IQ-error).
+Notice that the previous IQ-set included only one changed element (the <DESC/> element). Currently there is no method for partial updates of a vCard, and the entire vCard must be sent to the server in order to update any part of the vCard.
+If a user attempts to perform an IQ set on another user's vCard (i.e., by setting a 'to' address to a JID other than the sending user's bare JID), the server MUST return a 403 "Forbidden" error.
A user may view another user's vCard by sending an IQ of type "get" to the other user's bare JID. A compliant server MUST return the vCard to the requestor and not forward the IQ to the requestee's connected resource.
+A user may view another user's vCard by sending an IQ of type "get" to the other user's bare JID.
The server should then return the other user's vCard to the requestor:
+In accordance with &xmppcore;, a compliant server MUST respond on behalf of the requestor and not forward the IQ to the requestee's connected resource.
Note: The use of vCards is not limited to accounts associated with human users. For example, an XMPP server could itself have a vCard that defines the server's hosting organization, physical location, and relevant contact addresses.
There are no security features or concerns related to this proposal.
+The vCard information published to one's Jabber server is world-readable; therefore, users should exercise due caution when determining what information to include (e.g., street addresses, personal telephone numbers, or email addresses).
This document requires no interaction with &IANA;.