%ents; The XML-RPC Specification"> ] >
Jabber Object Access Protocol (JOAP) The Jabber Object Access Protocol, or JOAP, defines a mechanism for creating Jabber-accessible object servers, and manipulating objects provided by those servers. It is intended for development of business applications with Jabber. &LEGALNOTICE; 0075 Deferred Standards Track Standards None None None N/A Evan Prodromou evan@prodromou.san-francisco.ca.us EvanProdromou@jabber.org 0.3 2003-05-22 esp For consistency, renamed hyphenated elements 'new-address' and 'return-type' to 'newAddress' and 'returnType' respectively. Added 'desc' element for human-readable descriptions to object servers and classes. Changed the 'writeable' [sic] attribute to the more correct 'writable'. Added experimental namespace recommendation in XMPP Registrar section. 0.2 2003-03-05 esp Added a schema and DTD, a number of new examples, and ensured that all examples validate against the DTD and schema. 0.1 2003-01-28 esp Initial version (unpublished).

This document defines the Jabber Object Access Protocol (JOAP) as an extension to the Jabber protocol. It outlines the addressing scheme and IQ stanzas that comprise the protocol as well as the data types that the protocol models. Example applications are discussed, as well as security considerations.

Jabber has a number of attractive features that give it an advantage over existing frameworks for building multi-tier applications, such as the Simple Object Access Protocol (SOAP) or Java 2, Enterprise Edition (J2EE). Among these are:

For existing Jabber development efforts, there are significant advantages to building applications within a JOAP framework. It should go without saying that, for developers creating business applications on top of Jabber, a uniform object access protocol provides significant advantage for cross-product integration.

In addition, implementers of special-purpose components, such as multi-user chat servers or whiteboarding components, can use an object-server interface to allow fine-grained control of the implementations, especially where such control is not specified by the applicable Jabber protocol.

JOAP has the following design goals:

The following are non-goals:

The JOAP interface is made up of three key parts:

This section describes the various entities in the JOAP universe. Some entities are directly addressable with Jabber IDs (JIDs), as described below. Others are not considered outside of their enclosing entities.

An object server component is a Jabber component that provides object services. It is addressed like any other Jabber component, i.e., with a DNS hostname or pseudo-hostname. Some examples would be:

  • payroll.example.com - A payroll application server.
  • jukebox.example.com - An MP3 jukebox server.

An object server has zero or more attributes, methods, and classes.

A class is a category of object instances. It defines the structure and interface of these instances. Each class is addressed using the class name as the node identifier, and the object server as the domain identifier. Class names must conform to the node identifier restrictions defined for XMPP. Class names must also be unique, regardless of case, within an object server.

For example:

  • Employee@payroll.example.com - An employee class at the payroll.example.com server.
  • Song@jukebox.example.net - A song class on the jukebox server.
  • Board@circuit-design.example.com - A class for circuit boards.
  • Board@surf-shop.example.net - A class for surfboards -- distinct from above class!

Beside uniqueness and XMPP compliance, no further requirements are made on class names. However, good design suggests mnemonic names.

Classes define the attributes and methods of their instances. In addition, they can have attributes and methods of their own. Finally, classes can have superclasses, which indicate an inheritance structure as well as implementation of a defined interface.

JOAP allows for no relative addressing of classes. Classes are always referred to by their full address (node identifier plus domain identifier).

An instance is a collection of data with identity, state, and behavior. Each instance is a member of a class, which defines the attributes (data) and methods (behavior) of the instance itself.

An instance is addressed using the node plus server that identifies its class, as well as a unique string that occupies the resource identifier section of the Jabber ID. The resource is only unique over the space of the corresponding class. Some example instance addresses:

  • Room@hotel.example.com/103 - Room 103 in the Example Hotel.
  • Element@periodic-table.example.net/103 - Element 103 (rutherfordium) in the periodic table.
  • Employee@payroll.example.com/JohnSmith - An employee named "John Smith".
  • Customer@videorental.example.net/JohnSmith - A customer named "John Smith" (not necessarily the same person as the above employee!).

Besides uniqueness within a class, and compliance with the rules for resource identifiers in the XMPP standard, there are no further requirements on instance identifiers in JOAP. In particular, the instance identifier is opaque -- that is, no further information about the state of the object can or should be discerned from the identifier. What visible part of the instance, if any, makes up the unique resource identifier is implementation dependent.

That said, it is recommended that the instance identifier be persistent through the life of the instance. In addition, using mnemonic identifiers can greatly enhance the usability of JOAP objects.

As with other resource identifiers, instance identifiers are case-sensitive.

The instance identifier roughly corresponds to a primary key in a relational database, and for object servers that provide access to relational databases, it is recommended to use the primary key of a table as the instance identifier. For tables with a compound key, a comma (',') dash ('-'), or other non-alphanumeric character can be used to separate parts of the key for better readability. For example:

  • Date@calendar.example.net/2003-01-26 -- The date January 26th, 2003.
  • City@canada.example.com/Montréal,QC -- The city of Montréal, in the province of Québec.

JOAP allows for no relative addressing of instances. Instances are always referred to using their full address (node identifier plus domain identifier plus resource identifier).

An attribute is a unit of state that makes up part of an object server, instance, or class. Each attribute has a name and a type.

Attribute names must be strings of characters containing only the characters [a-zA-Z0-9_]. The first character must be an underscore or alphabetic character. This requirement is intended to allow easy mapping of attributes in JOAP to attributes of objects in client programming languages. The restriction is the lowest common denominator for variable names in most modern programming languages.

Attributes cannot be addressed individually. Attributes are manipulated by sending JOAP messages to the object that owns them.

A method is a unit of behavior that makes up part of an object. Methods in JOAP are compatible with &xmlrpc;, as specified in &xep0009;. In particular, methods have a name, a return type, and 0 or more parameters, each of which has a type.

The one exception to XML-RPC compatibility is that method names for JOAP are restricted to the characters [a-zA-z0-9_]. This is to avoid conceptual mismatch in programming languages where the other three characters allowed by XML-RPC, namely ".", ":", and "/", are used to separate class or instance names from methods.

Methods cannot be directly addressed using JOAP. Methods are described and executed by sending messages to the object server, class, or instance that owns them.

The range of JOAP data types is borrowed directly from XML-RPC.

The scalar types include the following:

  • int or i4: a 32-bit signed integer
  • boolean: a one-digit integer representing "true" (1) or "false" (0)
  • string: a string of characters
  • double: double-precision signed floating-point number
  • datetime.iso8601: a date value, in ISO 8601 format
  • base64: binary data, base64-encoded for transmission

Instance addresses are a special type of string used for referring to instance objects. They can be passed as parameters to methods, or set as attribute values.

If a value can contain an object instance, its type is the address of a class. The address of any object instance that is an instance of that class, or any of its subclasses, can be used in that value.

For example, if Boxcar@trainset.example.com is a subclass of Car@trainset.example.com, then Boxcar@trainset.example.com/569 can be used as a method parameter, or set as an attribute, where Car@trainset.example.com is the defined type.

Because addresses are used for instance values, all methods involving instances are implicitly pass-by-reference. If a pass-by-value functionality is needed, a struct (see below) should be used instead.

Note that attribute and method param types can use classes and instances from other object servers (that is, with different domain identifiers). For instance, an Employee@payroll.example.com class could have an attribute of type Job@hr.example.com.

There are two compound types defined in XML-RPC.

An array is an ordered list of values. An array can contain values of any type, including other compound types.

In JOAP, as with XML-RPC, it is not possible to address, set, or delete elements of an array. To set values in an array, the entire new array must be specified.

A struct is a set of name-value pairs organized into a logical grouping. A struct can contain values of any type, including other compound types.

In JOAP, as with XML-RPC, it is not possible to address, set, or delete elements of a struct. To set values in an struct, the entire new struct must be specified.

Structs are useful mainly for groupings of data that do not have independent identity or behavior. Where an object needs identity or behavior, an instance should be used instead of a struct.

Types are specified by a string name of the type. This can be one of the XML-RPC types described above, or a class address.Implementers can determine if a specified type is valid by checking it against a list of the XML-RPC types. If it does not match, it should be checked to see if matches the syntax for a class address (node identifier plus domain identifier). Otherwise, it is not a valid type.

This section defines the Jabber stanzas that make up the JOAP protocol.

Each stanza is an information query (IQ). Except for method calls, the stanzas are all in the 'jabber:iq:joap' namespace. Each of the following sections describes a stanza in that namespace, herein called a "verb". The verbs allow basic access to object servers, classes, and instances.

Not all verbs can be sent to all JOAP entities. The appropriate JOAP entity a verb should be addressed to is noted under the description of the verb.

The <describe> verb requests the interface -- that is, methods, attributes, and classes -- of a given object server or class. The IQ type is "get".

The <describe> verb is useful for creating wrapper classes in JOAP clients, either at runtime or at compile time. It can also be used for object browsers, or for client programs to ascertain that the interface they assume for an object is still valid.

<describe> verbs can be sent to object servers, classes, and instances. Each will return different data.

  • Object servers return zero or more descriptive texts, zero or more attribute definitions, zero or more method definitions, zero or more class names, and a timestamp.
  • Classes return zero or more descriptive texts, zero or more attribute definitions, zero or more method definitions, and a timestamp.
  • Instances return the exact results of sending the <describe> method to their class. This is for convenience only; it is preferable to send <describe> to the class directly.

Each object description can contain one or more strings of descriptive text. This is to indicate the purpose and usage of the object in human-readable form.

Multiple descriptions are allowed in the hope that they will be used to describe the attribute in multiple languages (differentiated using the xml:lang attribute).

Attribute definitions have the following parts:

  • A name, which is a legal attribute name as described above.
  • A type, which is a legal JOAP type as described above.
  • A flag indicating if the attribute is an attribute of the class itself, or of individual instances.
  • A flag indicating if the attribute is writable.
  • A flag indicating if the attribute is required.
  • One or more strings of descriptive text, to indicate the purpose and usage of this attribute. Multiple descriptions are allowed in the hope that they will be used to describe the attribute in multiple languages (differentiated using the 'xml:lang' attribute).

The attribute definitions returned to a client should include only attributes the user is authorized to access.

Method definitions have the following parts:

  • A name, which is a legal method name as described above.
  • A return type, which is a legal JOAP type as described above.
  • A flag indicating if the method is a method of the class itself, or of individual instances.
  • Zero or more parameters, each of which has a name, a type, and one or more strings of descriptive text.
  • One or more strings of descriptive text, indicating the use and behavior of this method.

The method definitions returned to a client should include only methods the user is authorized to access.

Classes, in superclass definitions and object server interfaces, are always referred to by their full address.

The timestamp is a date-time value in ISO 8601 format, UTC. The timestamp indicates the last time an interface was changed, if that information is available.

The main point of describing the superclasses a class has is to allow clients to make typing distinctions: that is, to determine if a class presents a given interface, or may be provided as a parameter or attribute in another JOAP call.

The list of superclasses given in a class description is flat, not hierarchical. No provision is made to indicate which of a class's superclasses are superclasses of each other, nor is there any implied precedence order in the order of the classes in the returned description.

In addition, no provision is made to define which superclass actually implements any methods or attributes defined.

When a class receives a <describe> verb, it must return all its superclasses, including multiple ancestors. It must as well return all the attributes and methods that it responds to, including those defined in its superclasses. This is called a "flattened" description of the class. Flattening the class interface reduces the need for making multiple "describe" verb calls just to find the interface for one class.

The following examples illustrate the use of the <describe> verb. All extended examples in this document refer to a particular object domain, based on a fictional model train set. A UML description of the object domain is available in Appendix D.

To describe a server, the JOAP client sends this stanza.

]]>

The object server returns this response:

This server provides classes for managing a virtual remote train set. logLevel i4 Verbosity level for access logging. startLogging boolean Start logging activity on this server. Returns true for success and false for an error. stopLogging boolean Stop logging activity on this server. Returns true for success and false for an error. Train@trainset.example.com Car@trainset.example.com Caboose@trainset.example.com Engine@trainset.example.com Boxcar@trainset.example.com PassengerCar@trainset.example.com Building@trainset.example.com TrackSegment@trainset.example.com Switch@trainset.example.com Station@trainset.example.com 2003-01-07T20:08:13Z ]]>

To describe the Car@trainset.example.com class, the JOAP client sends this stanza to the class for boxcars.

]]>

The class returns this stanza to the JOAP client.

A Car in the trainset that can be used to ship cargo. trackingNumber i4 Tracking number for this car. contents string Contents of the boxcar. nextTrackingNumber i4 The next available tracking number. Car@trainset.example.com 2003-01-07T20:08:13Z ]]>

To describe an instance, the JOAP client sends this stanza to a particular track segment.

]]>

The instance returns this stanza to the JOAP client.

A length of track in the trainset which can be connected to a previous and next length of track. previous TrackSegment@trainset.example.com Previous segment of track. next TrackSegment@trainset.example.com Next segment of track. 2003-01-07T20:08:13Z ]]>

The <read> verb allows clients to retrieve the values of attributes of an object server, class, or instance. The client can specify which attributes to return; if no attributes are specified, then all attributes are returned. This allows clients to cheaply retrieve meta-information about an instance that may have exceptionally large data, such as bin64-encoded file data.

The <read> verb uses the "get" IQ type.

A timestamp, in ISO 8601 format, UTC, can be added to the results of a <read>. The timestamp indicates the last time any of an object's attribute values have changed (not just the requested ones). The timestamp can be used, for example, to implement object caching on the client side.

The following are some common error codes may be generated in response to a <read> verb.

  • 404 (Not Found): The object addressed does not exists.
  • 403 (Forbidden): The user is not authorized to read attributes of this object, or not authorized to read the specified attributes of this object.
  • 406 (Not Acceptable): The client sent an <read> verb specifying attributes that are not defined for the class.

This section gives some examples of using the <read> verb.

A client would send the following stanza to an instance to read its attributes:

]]>

In return, the instance would send this stanza to the client:

name Paddington Station size length 4 width 3 previous TrackSegment@trainset.example.com/334 next TrackSegment@trainset.example.com/271 ]]>

To read only specified attributes of an instance, the client would send this stanza:

location cars ]]>

In return, the instance would send this stanza to the client:

location Station@trainset.example.com/Paddington cars Engine@trainset.example.com/14 PassengerCar@trainset.example.com/112 PassengerCar@trainset.example.com/309 BoxCar@trainset.example.com/212 Caboose@trainset.example.com/9 ]]>

The <add> verb is used to create a new instance of a JOAP class. The verb is sent to the JOAP class, which returns the address of the newly-created instance.

Within each <add> verb the client must include attribute values for each required, writable attribute of the class.

The IQ is of type "set".

The following are some common error codes may be generated in response to an <add> verb.

  • 404 (Not Found): The class for which an instance is to be instantiated does not exists.
  • 403 (Forbidden): The user is not authorized to instantiate an instance of this class.
  • 405 (Not Allowed): The client sent an <add> verb to something that isn't a class.
  • 406 (Not Acceptable): The client sent an <add> verb containing attributes that are not writable, or without all required, writable attributes, or with attributes that are not defined for the class, or with attribute values that are of the wrong type.

To create a new PassengerCar, the client would send the following stanza to the PassengerCar class:

passengers 38 ]]>

The class would return the following response:

PassengerCar@trainset.example.com/866 ]]>

Note that the class created a new instance identifier, 866, for the new instance. Further communications from the client would use the full instance address returned.

The <edit> verb is used to update the attributes of an object. The name and new value of each attribute that is to be updated is listed in the <edit> verb.

The IQ is of type "set".

Leaving a given attribute out of an <edit> verb does not indicate that the attribute should be set to an undefined or default value. The new values of attributes that are left out is implementation-dependent; in general, though, they should remain unchanged, if possible.

If the results of an <edit> verb have content, it will contain the new address of the instance that was updated. The new address should be used henceforth by the client. This is to allow updates that alter the unique key or attribute of an instance that determine its instance identifier.

The following error codes may be generated in response to a <edit> verb.

  • 404 (Not Found): The object to be edited does not exists.
  • 403 (Forbidden): The user is not authorized to edit this object, or to change one of the attributes specified in the <edit> request.
  • 406 (Not Acceptable): The client sent an <edit> verb containing attributes that are not defined for the class, or with attribute values that are of the wrong type, or with attribute values that are outside the range for the attribute.

To change the number of passengers in a PassengerCar, the client would send the following stanza to the instance:

passengers 31 ]]>

The client would return the following stanza:

]]>

If a client wanted to change the name of a Building, it would send the following stanza to the instance:

name Smith Family Home ]]>

The results would be as follows:

Building@trainset.example.com/SmithFamilyHome ]]>

Note that the instance indentifier, and thus the instance address, of the instance has changed. The from part of the IQ, however, contains the old address.

The <delete> verb is used to delete an instance. The IQ is of type "set". The <delete> stanza has no sub-elements.

Only instances can be deleted. Classes and object servers cannot be deleted. After an instance is deleted, it is no longer addressable.

A given user may not be able to delete a particular instance.

The following error codes may be generated in response to a <delete> verb.

  • 404 (Not Found): The instance to be deleted does not exists.
  • 403 (Forbidden): The user is not authorized to delete this instance.
  • 405 (Not Allowed): The client sent a <delete> verb to an object server or class.

To delete an instance, a client would send the following stanza:

]]>

The instance would return this stanza:

]]>

If the user is not authorized to delete the instance, it would return this error:

You are not authorized to delete this instance. ]]>

The <search> verb allows rudimentary searching and listing of instances in a class. The IQ is of type "get".

The client sends a <search> verb to the class, specifying the attributes that are search criteria and values to search for. The class returns a list of the addresses of matching instances.

Multiple attributes are logically AND'd; that is, resulting instances must match all of the attribute values.

How attribute values are specified for matching depends on the type of the attribute.

  • For numeric types (<int>, <double>), <boolean>, and <dateTime.iso8601>, values match if they are exactly equal.
  • For <string> types, a search value matches an attribute value if it is a case-dependent substring of that value. For example, "hat" will match "hat", "that", and "real-time chat server".
  • For the <base64> type, a search value matches an attribute value if the base64-decoded value of the search value is an 8-bit clean substring of the base64-decoded attribute value. For example, "aGF0Cg==" ("hat") will match "cmVhbC10aW1lIGNoYXQK" ("real-time chat").
  • For instance addresses, a search value matches an attribute value if they are exactly equal.
  • For <struct> types, a search value matches an attribute value if each of its named members matches the corresponding named members in the attribute value, and has the same type.
  • For <array> types, a search value matches an attribute value if each of its members matches the corresponding members in the attribute value, in order, and has the same type.

Classes should return all instances of the class that are on the same object server (that is, which have the same domain identifier in their address) and that match the search criteria. This includes instances of subclasses of the class.

Whether a class returns instances of subclasses that reside on other object servers is implementation-dependent. This caveat is to allow different types of subclassing policies. Classes that define a well-known, standard interface -- for example, a class defined by a standards organization -- would probably not be "aware" of all instances of that class. However, it is conceivable to have a multi-tier business application where the object servers did know about other servers, their classes, and their instances.

Classes cannot be searched on attributes that are defined only in subclasses; for example, a search for the attribute "contents" sent to the Car@trainset.example.com class should result in a 406 (Not Acceptable) error.

The semantics of an empty <search> verb is to request all instances of a class. This provides a listing or browsing functionality.

The following error codes may be generated in response to a <search> verb.

  • 404 (Not Found): The class to be searched does not exists.
  • 403 (Forbidden): The user is not authorized to search this class.
  • 405 (Not Allowed): The client sent a <search> verb to an object server or instance.
  • 406 (Not Acceptable): The client sent an <search> verb containing attributes that are not defined for the class, or with attribute values that are of the wrong type.

To search for Boxcar instances carrying coal, the client would send the following stanza to the Boxcar class:

contents coal ]]>

The Boxcar class would return a list of all matching instances:

Boxcar@trainset.example.com/195 Boxcar@trainset.example.com/35 Boxcar@trainset.example.com/681 ]]>

To get a list of all Building instances, the client would send an empty <search> verb, as follows:

]]>

The Building class would return the following stanza:

Building@trainset.example.com/Courthouse Station@trainset.example.com/Paddington Station@trainset.example.com/GareDeLyon Building@trainset.example.com/SmithFamilyHome ]]>

Note that the class returns instances of subclasses, as well as direct instances of the class.

Method calls in JOAP are simply XML-RPC calls, as defined in XEP-0009.XEP-0009 leaves some open questions as to use of widely-defined extensions to the XML-RPC standard, such as the <nil> type. To call a method on an object, the client simply sends an XML-RPC message to that object. Method calls must match the parameters as defined in the method definition returned by the <describe> verb.

Method names must be the exact method name as returned by <describe>. No class or instance identifier prefix (with "." or ":") is used.

Note, also, that the addressee of the method call, that is, the object that defines the method, is not specified as a parameter of the method, as it is in some programming languages. The addressee of the method is implicit in the address to which the method was sent.

To start the event log on the train set server, the client would send the following stanza:

startLogging ]]>

The object server would respond with the following results:

1 ]]>

To retrieve the next available Car tracking number, the client would send the following stanza to the Car class:

nextTrackingNumber ]]>

The class would respond with the following results:

909 ]]>

To make a Switch change to a different track segment, the client would send the following stanza to the instance:

switchTo TrackSegment@trainset.example.com/119 ]]>

The instance would respond with the following results:

1 ]]>

A simple application server can be provided using JOAP. This is merely the degenerate case of an object server that provides only methods and attributes, with no classes.

A more complex example would be an interface to a relational database server, such as Oracle, PostgreSQL, or mySQL. The object server would represent a single database within the database server. Each table in the database would be represented by a class with no class attributes or methods. Each row in the database would be an instance of its table's class, with attributes but no methods.

A distributed n-tier application can be built fairly directly with JOAP. N-tier applications are usually defined as having three main segments:

  • A user-interface segment
  • A business-object segment, defining objects with business rules encoded into their behavior
  • A data-storage segment, handling basic storage of relatively unintelligent objects

With JOAP, application developers can create the last two segments with a JOAP interface. User-interface clients can use JOAP to access and manipulate the business objects in a business object server. In turn, the business objects can use JOAP to manipulate underlying database objects in the data storage layer (perhaps implemented using a relational database interface, as defined above).

Jabber protocols typically define a base set of functionality for a component to provide. Implementers often want to provide specialized, fine-grained control of the component that is not part of the core functionality of a component. For example, the implementer may wish to allow administrators to get metrics on a component, enable or review logs, note error situations, or configure the component remotely.Most Jabber components currently define Web interfaces, or command-line scripts, to perform this kind of control.

A component can provide an additional JOAP interface, along with its regular protocol-specific interface, to enable this kind of control functionality. Implementers can in this way provide implementation-specific functionality in an open way.

For example, if conference.example.com is a MUC component, control.conference.example.com might be a JOAP component with access to the internal data structures of the MUC component. A conference room addressed in the MUC component as ModelTrains@conference.example.com might be addressed in the JOAP component as Room@control.conference.example.com/ModelTrains.

There are a number of existing distributed object systems, such as SOAP, CORBA, distributed OLE, Enterprise Java Beans, etc.

It would be reasonable to create gateways for these object systems or object servers implementing their protocols using JOAP. JOAP could also be used to allow disparate object systems to communicate through a common protocol.

To follow.

This section describes some security considerations for implementers of JOAP.

No provision is made for authentication of users to the object server. Jabber users authenticate to a login server before they are able to send any Jabber stanzas.

Authorization for users to access and manipulate objects and attributes in JOAP is fine-grained; object servers can return error codes to indicate a lack of authorization for any given attribute, object, or method.

No provision is made to define a user's authorization for an object, attribute, or method. Implicit authorization is outlined with the results of the <describe> verb.

  • For attributes, if a user is unauthorized to <read> the attribute, the object server should not return a definition of the attribute in the <describe> results.
  • If a user is unauthorized to <edit> an attribute, the object server should note that the the attribute is not writable in the <describe> results.
  • If a user is unauthorized to execute a method, the object server should not return a definition of the attribute in the <describe> results.
  • For classes that the user is not allowed to access at all, the object server should not return a reference to that class in the <describe> results for the object server.
  • For instances that the user is not allowed to access at all, the object server should not return references to that instance in <search> results.

No provision is made in the JOAP protocol for providing privacy and confidentiality in JOAP conversations. This is left up to existing, more general Jabber protocols and extensions.

Confidentiality from external, non-Jabber observers can be obtained using transport-layer security (TLS) in all legs of the Jabber path -- from client to server to (potentially) another server to the object server component.

Maintaining confidentiality against observers in the Jabber pathway -- for example, servers relaying JOAP stanzas -- requires using end-to-end encryption.

Due to the nature of the JOAP addressing scheme, however, perfect confidentiality cannot be preserved. Even if the contents of an IQ packet are encrypted, the address of the object the packet is sent to -- e.g., Tips@whistleblower.example.org/NuclearRegulatoryInfractions -- will reveal some information about the JOAP conversation which could be harmful to the user.

This document requires no interaction with the IANA.

This protocol defines one new namespace, 'jabber:iq:joap'.

Experimental implementations of this protocol should use the namespace 'http://www.xmpp.org/extensions/xep-0075.html#0.3' to avoid conflicts with future versions.

The following glossary collects some definitions of terms used in this document.

Object services
Modelling an object or collection of objects, and providing an interface to manipulate those objects to other entities.
Object server
A Jabber component that provides object services.
Class
A category of object instances that defines their structure and interface.
Instance
A collection of data with identity (address), state (attributes), and behavior (methods).
Attribute
A unit of state that makes up part of an object server, instance, or class.
Method
A unit of behavior.
Object
An object server, class, or instance.
User
A person or process that accesses object services through JOAP.
Client
The software or agent a user employs to access object services through JOAP.
Instance address
The full JID of an instance, e.g., Train@trainset.example.com/OrangeBlossomSpecial.
Instance identifier
The resource identifier part of an instance address. For example, in Train@trainset.example.com/OrangeBlossomSpecial, the instance identifier is OrangeBlossomSpecial.
Class address
The full JID of a class, e.g., Switch@trainset.example.com.
Class identifier
The node identifier part of a class address. For example, in Switch@trainset.example.com, the class identifier is Switch
Authentication
The act of determining that a user is who they say they are. In the Jabber world, this is done at login time.
Authorization
The act of determining whether a given user has the right to execute a particular action.

The following is an XML Schema for JOAP.

]]>

The following is a document-type description (DTD) for JOAP.

]]>

Because JOAP requires some significant examples to define the protocol, an example domain was developed to provide consistency. Readers familiar with UML may find the following diagram useful to illustrate some of the fine points of JOAP listed above.