Message Archive Management

%ents; ]>

Message Archive Management This document defines a protocol to query and control an archive of messages stored on a server. &LEGALNOTICE; 0313 Experimental Standards Track Standards XMPP Core XEP-0030 XEP-0059 XEP-0297 mam http://www.xmpp.org/schemas/archive-management.xsd &mwild; &ksmith; 0.3 2014-08-14 ka/ks

Fetching current preferences, switch to iq-set for searching, switch to using a data form, describe how to fetch that form, remove the archived element and use a sentinel message instead of iq reply.

0.2 2013-05-31 mw

Document the ability to page through results by message UIDs, define the <archived/> element, and various minor improvements.

0.1 2012-04-18 mw

Initial version, to much rejoicing.

It is a common desire for users of XMPP to want to store their messages in a central archive on their server. This feature allows them to record conversations that take place on clients that do not support local history storage, to synchronise conversation history seamlessly between multiple clients, to read the history of a MUC room, or to view old items in a pubsub node.

As this extension aims to make things easy for client developers, some research was made into the way clients handle history today. The resulting protocol was designed to allow for the following primary usage scenarios:

Automatic history synchronization between multiple clients.
Calendar-based on-demand display of historic messages in a client that doesn't keep local history.
So-called 'infinite' scrollback, whereby a client automatically fetches and displays historical messages naturally in the message log as the user scrolls back in time.

Another extension for archiving already exists in XMPP, &xep0136;). However implementation experience has shown that the protocol defined therein supports rather more functionality than is typically needed for the above uses, and is significantly more effort to implement.

This specification aims to define a much simpler and modular protocol for working with a server-side message store. Through this it is hoped to boost implementation and deployment of archiving in XMPP. It should be noted that (although not required) a server is free to implement XEP-0136 alongside this protocol if it so chooses, though a mapping between both protocols is beyond the scope of this specification.

Notable functionality in XEP-0136 that is intentionally not defined by this specification for simplicity:

Support for 'collections'. Few clients even support this concept for local history storage, and it is possible to apply the logic for splitting a stream of messages into conversations on the client-side, thus greatly simplifying the protocol.
Support for uploading to the archive. On the assumption that a server automatically archives messages to and from the client, it is typically rare for a client to end up with messages that are not already in the archive. Uploading could be useful for bootstrapping an empty archive however, and may be defined in a future specification if there is demand for such functionality.
Support for 'off the record' chats (OTR; not to be confused with the encryption algorithm of the same name). This allowed complex negotiation for either the user or contact to command specific conversations to bypass the archive. In reality the archiving behaviour of a contact's server cannot be enforced (they could ignore the OTR request and archive the messages anyway without your consent) so this specification does not try and regulate that. Equivalent functionality can be implemented with server logic for not including encrypted or specially-tagged messages in the archive (out of scope for this specification).
Support per-session configuration. This feature was deemed unnecessary for the majority of implementations, and hence the configuration protocol in this specification is much simplified, which allows for a simple user interface in clients. Advanced configuration however may be performed through ad-hoc commands depending on the server implementation.

An archive contains a collection of messages relevant to a particular XMPP address, e.g. a user, MUC, pubsub node, server. Note: while a service might have many "archives" as defined here (one per JID capable of being queried) this is a conceptual distinction, and a server is not bound to any particular implementation or arrangement of data stores.

Exactly which messages a server archives is up to implementation and deployment policy, but it is expected that all messages that hold meaningful content, rather than state changes such as Chat State Notifications, would be archived. Rules are specified later in this document.

A stored message consists of at least the following pieces of information:

A timestamp of when the message was sent (for an outgoing message) or received (for an incoming message).
The remote JID that the stanza is to (for an outgoing message) or from (for an incoming message).
A server-assigned UID that MUST be unpredictable and unique within the archive.
The message stanza itself. The entire original stanza SHOULD be stored, but at a minimum only the &BODY; tag MUST be preserved (ie. the server might, at its discretion, strip certain extensions from messages before storage).

Note that 'incoming' and 'outgoing' messages are viewed within the context of the archived JID, rather than the system as a whole. For example, if romeo@montegue.lit sent a message to juliet@capulet.lit, it would be an outgoing message in the context of archiving for Romeo, and an incoming message in the context of archiving for Juliet.

A server MAY impose limits on the size of an individual archive. For example a server might begin to discard old messages once the archive reaches a certain size, or only keep messages until they reach a certain age. The UIDs of deleted messages MUST NOT be reused for new messages.

There is no restriction on which services can expose archives, although only user, MUC and pubsub node archives are discussed here.

The most typical address is that of a user's own bare JID, within which those messages sent to or from that user's account would generally automatically be stored by the server. The collection is ordered chronologically by the time each message was sent/received.

Servers that expose archive messages on behalf of local users MUST expose these archives to the user on the user's bare JID

A MUC service allowing MAM queries for a room MUST expose the MAM archive on the room's bare JID

A pubsub service allowing MAM queries for a node's data MUST expose this for queries addressed to the pubsub service

While this document talks about 'clients' and 'servers', as these are the common cases, the querying entity (referred to as a 'client') need not be an XMPP client as defined by RFC6120, but could potentially be any type of entity, and the queried entity (referred to as a 'server') need not be an XMPP server as defined by RFC6120, although access controls might prohibit any given entity from being able to access an archive.

An entity is able to query (subject to appropriate access rights) an archive for all messages within a certain timespan, optionally restricting results to those to/from a particular JID. To allow limiting the results or paging through them a client may use &xep0059;, which MUST be supported by both the client and the server.

A query consists of an &IQ; stanza of type='set' addressed to the account or server entity hosting the archive, with a 'query' payload. On receiving the query, the server pushes to the client a series of messages from the archive that match the client's given criteria, and finally returns a &MESSAGE; with a <fin/> tag to indicate that the query is completed.

The final &MESSAGE; response MUST include an RSM <set/> element indicating the UID of the first and last message of the (possibly limited) result set. This allows clients to accurately page through messages.

]]>

To ensure that the client knows when the results are complete, the server MUST send a <fin> message. The client can optionally include a 'queryid' attribute in their query, which allows the client to match results to their initiating query, and if present in the client's query the server MUST include it in the <fin> response.

When querying a pubsub node's archive, the 'node' attribute is added to the <query> element.

]]>

By default all messages match a query, and filters are used to request a subset of the archived messages. Filters are specified in a &xep0004; data form included with the query. The hidden FORM_TYPE field MUST be set to this protocol's namespace, 'urn:xmpp:mam:0'. Three further fields are defined by this XEP and MUST be supported by servers, though all of them are optional for the client. These fields are:

start
end
with

Other fields may be used, but are not defined in this document - the naming of new fields MUST be consistent with the format defined in &xep0068;. Servers MUST NOT mark any fields in the form as being required (i.e. with the data forms <required/> element), regardless of whether they are defined in this document or elsewhere.

If a 'with' field is present in the form, it contains a JID against which to match messages. The server MUST only return messages if they match the supplied JID. A message in a user's archive matches if the JID matches either the to or from of the message. An item in a pubsub or MUC archive matches if the publisher of the item matches the JID; note that this should only be available to entities that would already have been allowed to know the publisher of the events (e.g. this could not be used by a visitor to a semi-anonymous MUC).

If the 'with' field's value is the bare JID of the archive, the server must only return results where both the 'to' and 'from' match the bare JID (either as bare or by ignoring the resource), as otherwise every message in the archive would match

If 'with' is omitted, the server MUST match all messages in the selected timespan with the query, regardless of the to/from addresses on each message.

urn:xmpp:mam:0 juliet@capulet.lit ]]>

If (and only if) the supplied JID is a bare JID (i.e. no resource is present), then the server SHOULD return messages if their bare to/from address for a user archive, or from address otherwise, would match it. For example, if the client supplies a 'with' of "juliet@capulet.lit" a query to their own archive would also match messages to or from "juliet@capulet.lit/balcony" and "juliet@capulet.lit/chamber".

The 'start' and 'end' fields, if provided, MUST contain timestamps formatted according to the DateTime profile defined in &xep0082;

The 'start' field is used to filter out messages before a certain date/time. If specified, a server MUST only return messages whose timestamp is equal to or later than the given timestamp.

If omitted, the server SHOULD assume the value of 'start' to be equal to the date/time of the earliest message stored in the archive.

Conversely, the 'end' field is used to exclude from the results messages after a certain point in time. If specified, a server MUST only return messages whose timestamp is equal to or earlier than the timestamp given in the 'end' field.

If omitted, the server SHOULD assume the value of 'end' to be equal to the date/time of the most recent message stored in the archive.

urn:xmpp:mam:0 2010-06-07T00:00:00Z 2010-07-07T13:23:54Z ]]> urn:xmpp:mam:0 2010-08-07T00:00:00Z ]]>

Finally, in order for the client or server to limit the number of results transmitted at a time a server MUST support &xep0059; and MUST support the paging mechanism defined therein. A client MAY include a <set/> element in its query.

For the purposes of this protocol, the UIDs used by RSM correspond with the UIDs of the stanzas stored in the archive.

urn:xmpp:mam:0 2010-08-07T00:00:00Z 10 ]]>

To conserve resources, a server MAY place a reasonable limit on how many stanzas may be pushed to a client in one request. Whether or not the client query included a <set/> element, the server MAY simply return its limited results, modifying the <set/> element it returns appropriately.

28482-98726-73623 09af3-cc343-b409f 20 ]]>

The <first> and <last> elements specify the UID of the first and last returned results (not necessarily of all the messages that matched the query, if the results have been limited).

The RSM <count> element and the 'index' attribute on the RSM <first> element are optional, but servers SHOULD include them. Please refer to the RSM specification for more information surrounding their meaning and use.

Having previously made a query that returned results limited by the server (as described above), a client can re-send the same request and receive the next 'page' of results. It does this by including a <set> element with its request, containing an <after/> with the UID of the last message it received from the previous query.

urn:xmpp:mam:0> 2010-08-07T00:00:00Z 10 09af3-cc343-b409f ]]>

Note: There is no concept of an "open query", and servers MUST be prepared to receive arbitrary page requests at any time.

When the results returned by the server are complete (that is: when they are the last page of the result set), the server MUST include a 'complete' attribute on the <fin> element, with a value of 'true'. If it is not the last page of the result set, the server MUST either omit the 'complete' attribute, or give it a value of 'false'.

23452-4534-1 390-2342-22 16 ]]>

Sometimes (e.g. due to network or storage partitioning, or other transient errors) the server might return results to a client that are unstable (e.g. they might later change in sequence or content). In such a situation the server MUST stamp the <fin> element with a 'stable' attribute with a value of 'false'. If the server knows that the data it's serving are stable it MUST either stamp a 'stable' attribute with a value of 'true', or no such attribute. An example of when unstable might legitimately be returned is if the MAM service uses a clustered data store and a query covers a time period for which the data store has not yet converged; it the server could return best-guess results and tell the client that they may be unstable. A client SHOULD NOT cache unstable results long-term without later confirming (by reissuing appropriate queries) that they have become stable.

In order for the client find out about additional fields the server might support, it can send an iq stanza of type='get' addressed to the archive like this:

urn:xmpp:mam:0 ]]>

If it understands any of the additional fields, it can use them in subsequent queries.

urn:xmpp:mam:0 Where arth thou, my Juliet? {http://jabber.org/protocol/mood}mood/lonely ]]>

Note that as the 'with', 'start' and 'end' fields MUST be implemented by servers, clients are able to submit forms using combinations of only these fields without needing to first fetch the form from the server and the types of these fields MUST be 'jid-single', 'text-single' and 'text-single' respectively. A server MUST NOT rely on a client having first requested the form before submitting queries

The server responds to the archive query by transmitting to the client all the messages that match the criteria the client requested, subject to implementation limits. The results are sent as individual stanzas, with the original message encapsulated in a <forwarded/> element as described in &xep0297;.

The result messages MUST contain a <result/> element with an 'id' attribute that gives the current message's archive UID. If the client gave a 'queryid' attribute in its initial query, the server MUST also include that in this result element.

The <result/> element contains a <forwarded/> element which SHOULD contain the original message as it was received, and SHOULD also contain a <delay/> element qualified by the 'urn:xmpp:delay' namespace specified in &xep0203;. The value of the 'stamp' attribute MUST be the time the message was originally received by the forwarding entity.

The archive results MUST be sorted in chronological order, both within the returned results and within the ordering of RSM such that if a client were to request the first 10 stanzas in an archive, then use RSM to request the next 10 stanzas, using the 'after' attribute of the 10th stanza in the first results, the 20 received stanzas would be receiving in chronological order.

Call me but love, and I'll be new baptized; Henceforth I never will be Romeo. What man art thou that thus bescreen'd in night so stumblest on my counsel? ]]>

Different entities will have different requirements for which data are stored, as might different deployments. This section provides general rules within which a server will act. While there may be local policy restrictions that prevent archiving of some aspects discussed here, this is a RECOMMENDED baseline. A server MAY implement any subset of possible archives for JIDs it controls (although it MUST advertise support only for those JIDs that support it).

No requirements are placed on how a server implements its storage beyond that it has to store data sufficient to be able to comply with this document. When this document describes storage requirements (e.g. MUST NOT store more than one copy...), it refers to what would appear to have been stored in order to satisfy the query.

If an entity (user's server, MUC room, pubsub node, ...) rejects an incoming message (such as from an occupant not allowed to send messages to the room, a user not authorized to publish to a pubsub node, a contact blocked by the user etc.) that message should not appear in the archive for the entity that rejected it - the archive should represent what logical entities (MUC occupants, users, pubsub subscribers...) would have received, and so only contain messages accepted for delivery to such entities.

A user archive is anticipated to provide the user with the ability to access their prior conversations. To this end, a server SHOULD include in a user archive all of the messages a user sends or receives of type 'normal' or 'chat' that contain a <body> element. A server SHOULD also include messages of type 'groupchat' that have a <body>, but where such history is accessible through another method (e.g. through an archive on the MUC JID), a server MAY exclude these from the archive. A server MAY include additional non-conversation messages. A server MAY include messages of type 'headline', but this is not generally suggested.

At a minimum, the server MUST store the <body> elements of a stanza. It is suggested that other elements that are used in a given deployment to supplement conversations (e.g. XHTML-IM payloads) are also stored. Other elements MAY be stored.

If a server supports mechanisms that multiply copies of a stanza (e.g. Carbons, or forking a stanza to a bare JID), it MUST store such a staza within a given archive only once, irrespective of multiple connected clients receiving copies

A MUC archives allows a user to view the conversation within a room. All messages sent to the room that contain a <body> element SHOULD be stored, as should subject change stanzas, apart from those messages that the room rejects.

A MUC archive MUST store each message only once (not, for example, every copy sent out to an occupant).

When sending out the archives to a requesting client, the 'to' of the forwarded stanza MUST be empty, and the 'from' MUST be the occupant JID of the sender of the archived message.

A MUC archive MUST NOT include 'private message' results (those sent directly between occupants, not shared in the room) in the results

A PubSub service offering MAM SHOULD store each of the items published to each node. When responding to MAM requests it MUST construct the message stanza within the <forwarded> element in the same manner as the notifications sent to subscribers for the item, except that specifying the 'from' 'to' and 'id' attributes are OPTIONAL.

Soliloquy

To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them?

tag:denmark.lit,2003:entry-32397 2003-12-13T18:30:02Z 2003-12-13T18:30:02Z ]]> The IDs used within an archive MUST be unique per item stored and MUST NOT be reused, even if the original item with a given ID has since been removed from the archive. If a server provides multiple archives (e.g. many user archives, or many MUC archives), the IDs do not need to be unique across all of these archives unless the server also allows a single query to be run across multiple archives (e.g. searching of all MUC rooms), discussion of which is beyond the scope of this document. These IDs are strings that servers may construct in any manner, and clients must treat as opaque strings (e.g. is no requirement for them to be numeric, sequenced or GUIDs).

Depending on implementation and deployment policies, a server MAY allow the user to have control over the server's archiving behaviour. This specification defines a basic protocol for this, and also allows a server to offer more advanced configuration to a user.

If the server supports and allows configuration of the preferences described below then it SHOULD implement the protocol defined in this section. This allows the user to retrieve and configure the following preferences:

A list of JIDs that should always have messages to/from archived in the user's store.
A list of JIDs that should never have messages to/from archived in the user's store.
The default archiving behaviour (for JIDs in neither of the above lists).

]]>

The server replies with the user's current archiving preferences. The <prefs> element MUST be present and contain the current default archiving policy. The <always> and <never> MUST also be present (even if empty), and contain a list of JIDs enclosed in <jid> elements.

]]>

It is also possible that the server may respond with a stanza error, for example the standard 'feature-not-implemented' (server does not support MAM configuration) defined in &rfc6120;.

]]>

To update the preferences, the client can simply send an iq stanza with a type of 'set':

romeo@montague.lit montague@montague.lit ]]>

The server then replies with the applied preferences (note that due to server policies these MAY be different to the preferences sent by the client):

romeo@montague.lit montague@montague.lit ]]>

It is also possible for the server to respond with an error, for example (but not limited to) the standard 'feature-not-implemented' (the server does not support configuration of preferences), 'forbidden' (the user is not authorized to change their preferences) or 'not-allowed' (the server generally does not allow changing of configuration preferences).

If a JID is in neither the 'always archive' nor the 'never archive' list then whether it is archived depends on this setting, the default.

The 'default' attribute of the 'prefs' element MUST be one of the following values:

'always' - all messages are archived by default.
'never' - messages are never archived by default.
'roster' - messages are archived only if the contact's bare JID is in the user's roster.

The <prefs/> element MAY contain an <always/> child element. If present, it contains a list of <jid/> elements, each containing a single JID. The server SHOULD archive any messages to/from this JID (see 'JID matching').

If missing from the preferences, <always/> SHOULD be assumed by the server to be an empty list.

The <prefs/> element MAY contain an <never/> child element. If present, it contains a list of <jid/> elements, each containing a single JID. The server SHOULD NOT archive any messages to/from this JID (see 'JID matching').

If missing from the preferences, <never/> SHOULD be assumed by the server to be an empty list.

In addition to this protocol, a server MAY offer more advanced configuration to the user through &xep0050;. Such an interface might, for example, allow the user to configure what types of messages to store, or set a limit on how long messages should remain in the archive.

If supported, such a configuration command SHOULD be presented on the well-defined command node of "urn:xmpp:mam#configure".

When comparing the message target JID against the user's roster (ie. when the user has set default='roster') the comparison MUST use the bare target JID (that is, stripped of any resource).

For matching against entries in either the 'allow' or 'never' lists, for each listed JID:

If the listed JID contains a resource, compare against the target JID as-is.
If the listed JID has no resource (it is a bare JID) then first strip any resource from the target JID prior to comparison.

For outgoing messages, the server MUST use the value of the 'to' attribute as the target JID.

For incoming messages, the server MUST use the value of the 'from' attribute as the target JID.

Clients can use &xep0334; for signaling that they do not wish some messages to be stored in the archive.

V unir avtug'f pybnx gb uvqr zr sebz gurve fvtug ]]>

If a server or other entity hosts archives and supports MAM queries, it MUST advertise the 'urn:xmpp:mam:0' feature in response to &xep0030; requests made to archiving JIDs (i.e. JIDs hosting an archive, such as users' bare JIDs):

]]> ... ... ]]>

An archive generally consists of private conversations, and so a server MUST adequately protect an archive from unauthorized third-party access. For example authorized parties for a user's archive would likely include just the user, and a MUC archive for a private room might be restricted to room members. An implementation MAY choose to allow access to any archive by server administrators. If a client requests access to an archive is does not have permissions for the server MUST return an iq with type error, and the error condition SHOULD be 'forbidden'.

A server SHOULD provide a mechanism for a user to disable archiving of messages with all or specific contacts, such as via the configuration protocol described in this document. This allows the user to prevent the archiving of potentially sensitive messages in the first place.

A server MAY automatically prevent certain sensitive messages from being archived. How such messages are identified is beyond the scope of this specification, but technologies such as &xep0258; may be used, for example.

Many thanks to Dave Cridland, Kim Alvefur, Yann Leboulanger and Lance Stout for their input and feedback on this specification.