moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

XEP-0379: Usability: moved Link-Validity, added Tagging

This commit is contained in:
Georg Lukas 2017-02-16 11:16:38 +01:00
parent 3cccbf5c00
commit c794c3a933
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
xep-0379.xml
View File

@ -307,12 +307,6 @@ https://juicyxmpp.example/i/#romeo@montague.net?preauth=1tMFqYDdKhfe2pwp;name=Ro
roster addition and manual subscription approval.
</p>
</section2>
<section2 topic='Invitation Link Validity' anchor='security_link'>
<p>The invitation link that is generated by Romeo's client is considered a
personal invitation link for a single person. This, and the fact that the
link can only be used once, should be indicated by the client to Romeo.
</p>
</section2>
<section2 topic='Interception of Links' anchor='security_intercept'>
<p>A Monkey-in-the-Middle attacker who gains access to the invitation link
can manipulate its fields or redeem the link themselves. However, this is
@ -352,6 +346,26 @@ https://juicyxmpp.example/i/#romeo@montague.net?preauth=1tMFqYDdKhfe2pwp;name=Ro
operators' approval.
</p>
</section2>
<section2 topic='Invitation Link Volatility' anchor='rules_volatile'>
<p>By default, Romeo's client should generate personal invitation links
that can only be redeemed once, and only for a limited time. This fact
SHOULD be indicated by the client UI to Romeo.</p>
<p>If a client allows customization of the validity time or the number of
uses for a given invitation token, it SHOULD provide clear language
to inidcate that.</p>
</section2>
<section2 topic='Tagging of Auto-Added Contacts' anchor='rules_group'>
<p>When a new contact is added automatically by the client, it SHOULD
indicate this fact to the user, and allow the user to rename / group
the contact appropriately. One possible way to achieve this is by
putting all auto-added contacts into a special roster group, and by
automatically removing this group on the first manual edit of the
contact.</p>
<p>In this case, the roster group should be named by the client according
to the user's locale settings. However, this approach might lead to
different clients using different group names, resulting in multiple
roster groups with the same goal.</p>
</section2>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>This document requires no interaction with &IANA;.</p>