diff --git a/xep-0404.xml b/xep-0404.xml index ca914c6c..af387221 100644 --- a/xep-0404.xml +++ b/xep-0404.xml @@ -37,6 +37,17 @@ MIX-ANON &ksmithisode; &skille; + + 0.2.0 + 2018-06-05 + sek +

+ Remove vCard (now in MIX-PRESENCE); + Update PM rules; + Reflect changes in MIX-CORE and MIX-PRESENCE; + New JID map format; +

+
0.1.0 2018-05-21 @@ -65,8 +76,8 @@

&xep0369; exposes participant JIDs to other participants, and so messages can always be sent directly. When JIDs are hidden this is no longer possible. - Private messages MAY be sent to channel participants if allowed by channel policy. Private messages are - addressed to the user's bare proxy JID determined from the participants node, and routed by the MIX to the user's bare real JID, where standard distribution rules will apply. + Private messages MAY be sent to channel participants if allowed by channel policy. Private messages are switched through the channel to hide addressing. +

@@ -100,12 +111,13 @@

- MUC hides real JIDs by using Nicks to identify room occupants. This has problems with Nick changing and with multiple active clients for the same user. MIX identifies channel participants by a proxy JID, which is an anonymized stable JID format identifier for each participant. In &xep0369;, the participants node provides a mapping from the proxy JID to the real JID. To hide JIDs, this specification makes two key changes + MUC hides real JIDs by using Nicks to identify room occupants. This has problems with Nick changing and with multiple active clients for the same user. MIX identifies channel participants by Stable Participant ID. In &xep0369;, the users JID is in the participants node and is shared in messages and presence. To hide JIDs, this specification makes three key changes

  1. The requirement to include real JID in the participants list is relaxed for channels that are not "JID Visible". For a "JID Hidden" channel, real JIDs MUST NOT be included in the participants list. For a "JID Maybe Visible" channel, real JIDs will be included in the participants node according to participant preference.
  2. +
  3. JIDs are not shared in messages and presence.
  4. In presence messages, the client resource is anonymized, to prevent leakage of information through the resource.
@@ -116,7 +128,7 @@ This change means that the client will not be able to determine real JID of the

- It is important that MUC owners and administrators are able to see the real JIDs of participant. For this reason, a MIX channel following this specification MUST hold a JID Map node, which gives a mapping between proxy JID and real JID. + It is important that MUC owners and administrators are able to see the JIDs of participant. For this reason, a MIX channel following this specification MUST hold a JID Map node, which gives a mapping between Stable Participant ID and JID.

@@ -132,16 +144,16 @@ This change means that the client will not be able to determine real JID of the

When JIDs are being hidden, the resource of the full JIDs stored in the presence node MUST also be anonymized using a similar mechanism. - First the bare JID in presence is a proxy JID, as defined in &xep0369;. Where the JID is not being hidden, the resource is simply the resource of the clients full JID. Where the JID is hidden, the resource is replaced with a generated value. For example, 'hag66@shakespeare.example/UUID-a1j/7533' in the channel coven might have a proxy JID of '123456#coven@mix.shakespeare.example/789'. There is no client visible mapping of proxy full JIDs maintained as this is not needed. The MIX channel will need to maintain a mapping, to support directly addressing clients, such as for client to client disco#info queries. While an full proxy JID is held in the presence node, the mapping to real JID MUST NOT be changed. When adding a client to the presence node, the server MAY add the same anonymized JID as used before by that client, or it MAY create a different anonymized JID. + Where the JID is not being hidden, the resource is simply the resource of the clients full JID. Where the JID is hidden, the resource is replaced with a generated value. For example, 'hag66@shakespeare.example/UUID-a1j/7533' in the channel coven might have an encoded JID of '123456#coven@mix.shakespeare.example/789'. There is no client visible mapping maintained, as this is not needed. The MIX channel will need to maintain a mapping, to support directly addressing clients, such as for client to client disco#info queries. While an encoded JID is held in the presence node, the mapping to real JID MUST NOT be changed. When adding a client to the presence node, the server MAY add the same anonymized JID as used before by that client, or it MAY create a different anonymized JID.

-

This specification defines a JID Map node, so that administrators can see real JIDs for JID Hidden channels.

+

This specification defines a JID Map node, so that administrators can see JIDs for JID Hidden channels.

- +
JID Map'urn:xmpp:mix:nodes:jidmap'For storing a list of bare proxy JIDs from the participants node with a 1:1 mapping to the corresponding real JIDs.AutomaticPubSub
JID Map'urn:xmpp:mix:nodes:jidmap'For storing a list of Stable Participant IDs from the participants node with a 1:1 mapping to the corresponding JIDs.AutomaticPubSub
@@ -149,12 +161,12 @@ This change means that the client will not be able to determine real JID of the -

The JID Map node is used to associate a proxy bare JID to its corresponding real bare JID. It is a PubSub node with the 'node' attribute set to 'urn:xmpp:mix:nodes:jidmap'. The JID Map node MUST have one entry for each entry in the Participants node. This value is added when a user joins the channel and is removed when the user leaves the channel. - Each item is identified by proxy bare JID, mapping to the real bare JID. This node is used to give administrator access to real JIDs and participant access to real JIDs in jid-visible channels. This node MUST NOT be modified directly using pubsub. - In JID Visible channels, all participants MAY subscribe to this node. In JID Hidden and JID Maybe Visible channels, only administrators can subscribe. The JID Map node is a permanent node with one item per participant. Information is stored in a <participant/> element qualified by the 'urn:xmpp:mix:anon:0' namespace. The real JID is stored in a <jid/> child element of the <participant/> element.

+

The JID Map node is used to associate a Stable Participant ID to its corresponding bare JID. It is a PubSub node with the 'node' attribute set to 'urn:xmpp:mix:nodes:jidmap'. The JID Map node MUST have one entry for each entry in the Participants node. This value is added when a user joins the channel and is removed when the user leaves the channel. + Each item is identified by Stable Participant ID mapping to the bare JID. This node is used to give administrator access to JIDs. This node MUST NOT be modified directly using pubsub. + Only administrators can subscribe to this node. The JID Map node is a permanent node with one item per participant. Information is stored in a <participant/> element qualified by the 'urn:xmpp:mix:anon:0' namespace. The real JID is stored in a <jid/> child element of the <participant/> element.

- + hecate@mix.shakespeare.example @@ -337,85 +349,35 @@ This change means that the client will not be able to determine real JID of the

- Private Messages are used to provide communication with another channel participant through the MIX channel, where the initiating user does not the real JID of the channel participant. A channel MAY support use of Private Messages. Private messages are standard XMPP messages and MUST NOT be groupchat. A message goes through a number of stages with different addressing. This is set out in the following table. + Private Messages are used to provide communication with another channel participant through the MIX channel, where the initiating user does not know the real JID of the channel participant. A message is addressed to the channel using the encoded JID of the client to which the message is being sent. This is shown in the following example.

- - - - - - - - - -
MessageFromTo
First Message from Client to MIX ChannelFull JID of initiator's clientProxy bare JID of responder
First Message from MIX Channel to responder's serverProxy full JID of initiator's clientBare JID of responder
First Message from responder's server to one or more of the responder's clientsProxy full JID of initiatorFull JID of responder's client
Messages from responder's client to MIX ChannelFull JID of responder's clientProxy full JID of initiator's client
Messages from MIX channel to initiator's clientProxy full JID of responder's clientFull JID of initiator's client
Messages from initiator's client to MIX ChannelFull JID of initiator's clientProxy full JID of responder's client
Message from MIX Channel to responder's clientProxy full JID of initiator's clientFull JID of responder's client
+ + + Private meeting about Macbeth??? + +]]> + +

+ The MIX channel will then process the message, to send to the real JID of the recipient. An encoded JID is used to identify the message sender. +

+ + + Private meeting about Macbeth??? + +]]> +

Private Messages MAY be archived using MAM by the XMPP servers associated with initiator and responder. Private Messages MUST NOT be archived by the MIX channel.

- -

A client MAY request the vCard of a channel participant where the participant's real JID is not known, by sending a request through the channel. The MIX channel MAY pass this request on or MAY block it. vCard requests MAY use &xep0054; (vcard-temp) or &xep0292; (vCard4 over XMPP). The MIX channel does not process the vCard requests, but simply relays them on to real bare JID of the target. A MIX service MAY choose to relay one or both protocols. Where a MIX service relays one or both of these protocols, each protocol relayed MUST be advertised as a feature of the MIX service. In the following example, using vcard-temp, the requesting client sends a message to the bare proxy JID of the channel participant for which the vCard is desired.

- - - -]]> -

The MIX channel MAY pass on the vCard request or MAY reject with an error, dependent on channel policy. The MIX service will then address the vCard request to the user's server (using bare JID) using a full proxy JID to hide the requester.

- - - -]]> -

- The user's server, on behalf of the user, MAY send a response or reject with an error. The user's server will send the vCard back to the channel. -

- - - Peter Saint-Andre - - Saint-Andre - Peter - - - stpeter - http://www.xmpp.org/xsf/people/stpeter.shtml - - - -]]> -

- The MIX channel will then send the vCard response to the requesting client on behalf of the client sending the response. -

- - - Peter Saint-Andre - - Saint-Andre - Peter - - - stpeter - http://www.xmpp.org/xsf/people/stpeter.shtml - - -]]> -
- +