From ea7d5986decc44eb129c904260bc53bfb2a6164e Mon Sep 17 00:00:00 2001
From: Peter Saint-Andre Specified use of publish-subscribe private information nodes as the preferred storage mechanism. For security reasons, actively discouraged use of the password element; specified use of publish-subscribe private information nodes as the preferred storage mechanism; cleaned up the text and examples. For ease-of-use in a Jabber client, it is desirable to have a way to store shortcuts to various services and resources (such as conference rooms and web pages) as 'bookmarks' that can be displayed in the user's client. Several Jabber clients have already agreed on and implemented a method to provide this service; that informal agreement is documented and expanded upon in this document. In particular, we introduce the 'storage' element (qualified by the 'storage:bookmarks' namespace) as a container for this sort of this data. While the <storage/> element can be stored using any XML storage mechanism, this document describes two such methods that are specific to XMPP. For ease-of-use in a Jabber client, it is desirable to have a way to store shortcuts to various services and resources (such as conference rooms and web pages) as "bookmarks" that can be displayed in the user's client. Several Jabber clients have already agreed on and implemented a method to provide this service; that informal agreement is documented and expanded upon in this document. In particular, we introduce the <storage/> element (qualified by the 'storage:bookmarks' namespace) as a container for this sort of this data. While bookmarks data can be stored using any XML storage mechanism, this document recommends one method that is specific to XMPP. A storage element marked by the storage:bookmarks namespace will contain a collection of child elements, each representing a 'bookmark' to be displayed in the client. At present, only two sub-elements are defined, 'conference' for conference rooms and 'url' for normal URLs. All elements under storage MUST allow a 'name' tag, which is the friendly name by which they will be displayed in the client. If an element lacks a 'name' tag, the client SHOULD generate an appropriate substitution based on the other available data. A storage element qualified by the 'storage:bookmarks' namespace may contain a collection of child elements, each representing a bookmark to be displayed in a client. At present, only two sub-elements are defined: <conference/> for bookmarking of &xep0045; rooms and <url/> for bookmarking of web pages. All child elements allow a 'name' attribute, which is the friendly name by which they will be displayed in the client. If an element lacks a 'name' attribute, the client SHOULD generate an appropriate substitution based on the other available data. One of the most common uses of bookmarks will likely be to bookmark conference rooms on various Jabber servers. It is this aspect of the bookmark system which is used today by existing clients. In addition to the required 'jid' attribute, the conference element also possesses an 'autojoin' attribute, which determines whether or not the client should automatically join that conference room on login; this attribute is of type xs:boolean (see &w3xmlschema2;) and the default value is "false". &BOOLEANNOTE; The conference element MAY also contain 'nick' and 'password' sub-elements; the XML character data from these elements should be used when joining the room from the bookmark. Password is, of course, important for joining potentially password-protected &xep0045; rooms. A common use case is bookmarking of multi-user chat rooms. A room is bookmarked using the <conference/> child element. The syntax is as follows. Note: The datatypes are as defined in &w3xmlschema2;. This bookmark would be displayed as 'Council of Oberon' and, if activated, would attempt to join the conference room 'council@conference.underhill.org' with nickname 'Puck' and password 'titania'. A bookmark set may contain any number of conference rooms. This bookmark would be displayed as 'Council of Oberon' and, if activated, would attempt to join the conference room 'council@conference.underhill.org' with nickname 'Puck'. Note: A bookmark set may contain any number of conference rooms. URLs are fairly simple, as they only need to store a URL and a title, and the client then can simply launch the appropriate browser. A URL element therefore only needs a 'url' tag in addition to the required 'name'.
+
+
+
+ Element or Attribute
+ Definition
+ Datatype
+ Inclusion
+
+
+ 'autojoin' attribute
+ Whether the client should automatically join the conference room on login.
+ boolean defaulting to false &BOOLEANNOTE;
+ OPTIONAL
+
+
+ 'jid' attribute
+ The JabberID of the chat room.
+ string
+ REQUIRED
+
+
+ 'name' attribute
+ A friendly name for the bookmark.
+ string
+ RECOMMENDED
+
+
+ <nick/> element
+ The user's preferred roomnick for the chatroom.
+ string
+ OPTIONAL
+
+
+ <password/> element
+ Unencrypted string for the password needed to enter a password-protected room. Use of this element is now deprecated for security reasons.
+ string
+ DEPRECATED
+
Attribute | +Definition | +Datatype | +Inclusion | +
---|---|---|---|
'name' attribute | +A friendly name for the bookmark. | +string | +RECOMMENDED | +
'url' attribute | +The HTTP or HTTPS URL of the web page. | +anyURI | +REQUIRED | +
When the user chooses a URL bookmark, the client should launch an appropriate browser or load the URL directly in the client (if the client is a web-client or includes web browsing functionality).
+This bookmark would be displayed in the client as 'Complete Works of Shakespeare' and would take the user to http://the-tech.mit.edu/Shakespeare/ if activated. A bookmark set can contain any number of urls.
+This bookmark would be displayed in the client as 'Complete Works of Shakespeare' and would take the user to <http://the-tech.mit.edu/Shakespeare/> when selected.
+Note: A bookmark set can contain any number of URLs.
@@ -113,7 +172,6 @@ autojoin='true' jid='theplay@conference.shakespeare.lit'>Security considerations related to object persistent via publish-subscribe are described in XEP-0060 and XEP-0223.
+As noted, use of the <password/> child of the <conference/> element is deprecated and discouraged, since the password could be discovered by a third party, e.g. an eavedropper (if channel encryption is not used) or a server administrator.