%ents; ]>
Personal Eventing via Pubsub This document specifies XMPP semantics for using the publish-subscribe protocol to broadcast state change events associated with an instant messaging and presence account. &LEGALNOTICE; 0163 Draft Standards Track Standards JIG Council XMPP Core XMPP IM JEP-0030 JEP-0060 JEP-0115 pep &stpeter; Kevin Smith kevin@kismith.co.uk kevdadrum@jabber.ex.ac.uk 1.0 2006-09-20 psa

Per a vote of the Jabber Council, advanced status to Draft.

 0.15 2006-08-30 psa

Added the deliver_notifications and send_last_published_item configuration options to the recommended defaults.

 0.14 2006-08-02 psa

Changed various recommended defaults from SHOULD to MUST; corrected several errors in the text and examples.

 0.13 2006-08-01 psa

Recommended node creation with default configuration on initial publish; corrected several errors and clarified several points in the text.

 0.12 2006-08-01 psa

Simplified the subscription process using XMPP presence and entity capabilities.

 0.11 2006-07-20 psa

Clarified rules regarding number of notifications and when to generate notifications; corrected several errors in the text and examples.

 0.10 2006-07-07 psa

Updated to reflect version 1.8 of JEP-0060.

 0.9 2006-06-15 psa

Updated to reflect use of data forms in JEP-0060.

 0.8 2006-04-10 psa

Clarified terminology and defaults.

 0.7 2006-04-10 psa

Specified that notifications are to be sent from bare JID, not full JID.

 0.6 2006-04-10 psa

Updated to reflect pubsub changes; clarified business rules for generation of notifications and cancellation of subscriptions.

 0.5 2006-03-09 psa

Modified roster groups example to use jabber:x:data; added note about advertising client support for PEP.

 0.4 2006-02-02 psa/ks

Specified rules for generation of notifications, including use of presence in determining address of intended recipient for notifications and sending of last published item on receipt of presence information; changed name to Personal Eventing Protocol; specified service discovery identity of pubsub/pep; removed section on service types; added Kevin Smith as co-author.

 0.3 2006-01-30 psa

Specified that a service may enforce additional privacy and security policies; specified that an account owner must always be allowed to subscribe and to retrieve items; specified that an implementation should enforce access modifications resulting from roster state changes.

 0.2 2006-01-11 psa

Updated to reflect proposed JEP-0060 modifications.

 0.1 2005-11-02 psa

Initial JEP version.

 0.0.2 2005-10-25 psa

Added more details and examples.

 0.0.1 2005-10-24 psa

First draft.

The XMPP &jep0060; extension ("pubsub") can be used to broadcast state change events associated with a Jabber/XMPP account or user, such as those described in &jep0080;, &jep0107;, &jep0108;, and &jep0118;. Currently, many "extended presence" formats are sent using the &PRESENCE; stanza type; however, this overloads presence, results in unnecessary presence traffic, and does not provide fine-grained control over access. The use of publish-subscribe rather than presence is therefore preferable. However, the full, generic pubsub protocol is often thought of as complicated and therefore has not been widely implemented. To make publish-subscribe functionality more accessible (especially to instant messaging and presence applications that conform to &xmppim;), this document defines simplified protocol semantics that can be followed by instant messaging client and server developers, hopefully resulting in the deployment of personal eventing services across the Jabber/XMPP network.

Note: This document does not show error flows related to the various publish-subscribe use cases referenced herein, since they are exhaustively defined in JEP-0060. The reader is referred to JEP-0060 for all relevant protocol details related to the XMPP publish-subscribe extension.

Personal eventing via pubsub ("PEP") is based on six principles:

  1. Every account a pubsub service.
  2. One publisher per node.
  3. One node per namespace.
  4. Use presence.
  5. Notifications are filtered based on expressed interests.
  6. Smart defaults.

These principles are described more fully below.

When a user creates an account (or has an account provisioned) at a Jabber/XMPP server that supports PEP, the server associates a virtual pubsub service with the account. This greatly simplifies the task of discovering the account owner's personal pubsub nodes, since the root pubsub node simply is the account owner's bare JID (&BAREJID;). This assumption also simplifies publishing and subscribing.

There is no need for multiple publishers to a PEP service, since by definition the service generates information associated with only one entity. The owner-publisher for every node is the bare JID of the account owner.

There is only one publish-subscribe node associated with any given payload type (XML namespace) for the account owner (e.g., there is one pubsub node for geolocation events, one node for tune events, and one node for mood events). This simplifies node creation, discovery, publishing, and subscribing.

Although generic publish-subscribe services do not necessarily have access to presence information about subscribers, PEP services are integrated with presence in the following ways:

  • Each messaging and presence account simply is a virtual publish-subscribe service.
  • The default access model is "presence".
  • A contact's subscription to an account owner's personal eventing data is normally handled via the existence of an XMPP presence subscription.
  • Services take account of subscriber presence in the generation of notifications. This works only if the subscription state is "both" (see RFC 3921).

These uses of presence simplify the task of developing compliant clients (cf. &jep0134;).

By default, the existence of an XMPP presence subscription is used to establish a PEP subscription to the account owner's personal eventing data. In order to filter which notifications are sent by the PEP service, the contact's client includes extended &jep0115; information in the presence notifications it sends to the account owner, and the PEP service sends only those notifications that match the contact's expressed notification preferences.

Most pubsub configuration options and metadata are not needed for personal eventing. Instead, PEP services offer smart defaults to simplify node creation and management.

This document illustrates PEP through a series of examples that use the following scenario:

  1. An owner-publisher juliet@capulet.com who publishes the following information:

    1. Tune information that anyone may see (i.e., an access model of "open")
    2. Activity information that only subscribers to her presence may see (i.e., an access model of "presence")
    3. Geolocation information that only contacts in her "Friends" group may see (i.e., an access model of "roster" with a group of "Friends")
    4. Bookmark information that only the account owner may see (i.e., an access model of "whitelist")

    Note: A PEP node with an access model of "whitelist" and no entities on the whitelist effectively results in a node that enables private data storage; for details, see the Private Data Storage section of this document.

  2. Three users who have the following relationship to Juliet:

    1. benvolio@montague.net, who has no subscription to Juliet's presence
    2. nurse@capulet.com, who has a bidirectional subscription to Juliet's presence and who is in the "Servants" group in Juliet's roster
    3. romeo@montague.net, who has a bidirectional subscription to Juliet's presence and who is in the "Friends" group in Juliet's roster

The examples shown in the following sections walk through the protocol flows for node creation, discovery, publishing, and subscribing.

Naturally, before an account owner attempts to complete any PEP use cases, its client SHOULD determine whether the account owner's server supports PEP; to do so, it MUST send a &jep0030; information request to the server:

]]>

If a server supports PEP, it MUST return an identity of "pubsub/pep" (as well as a list of the namespaces and other features it supports, including all supported JEP-0060 features):

... ]]>

When an account owner attempts to publish an item to a PEP node and that node does not already exist, the PEP service MUST automatically create the node with default configuration. This similar to the room creation process in JEP-0045: Multi-User Chat. However, if the account owner wishes to create a node with a configuration other than the default (e.g., a node with an access model of "open", "roster", or "whitelist"), the account owner MUST follow the node creation protocol specified in JEP-0060.

For example, Juliet would send the following stanzas in order to create the nodes mentioned above:

http://jabber.org/protocol/pubsub#node_config ]]> My nurse's birthday! ]]> http://jabber.org/protocol/pubsub#node_config ]]> http://jabber.org/protocol/pubsub#node_config ]]>

A contact MAY send service discovery requests to the account owner's bare JID (&BAREJID;). Although this is not necessary in order to subscribe to the account owner's personal eventing data (as explained in the following section), it is shown here to further illustrate the role of access models.

First, benvolio@montague.net sends a disco#info request to juliet@capulet.com:

]]>

If Juliet's server supports PEP (thereby making juliet@capulet.com a virtual pubsub service), it MUST return an identity of "pubsub/pep":

... ]]>

Second, benvolio@montague.net sends a disco#items request to juliet@capulet.com:

]]>

The account owner's server MUST check the access model for each of the account owner's PEP nodes and MUST return as service discovery items only those nodes to which the contact is allowed to subscribe or from which the contact is allowed to retrieve items without first subscribing.

Therefore, in this case, the server would return only the "http://jabber.org/protocol/tune" node (since it has an open access model and the contact does not have a presence subscription to the account owner's presence):

]]>

Next, nurse@capulet.com sends a disco#items request to juliet@capulet.com:

]]>

However, in this case, the server would return the "http://jabber.org/protocol/tune" node (open access model) and the "http://jabber.org/protocol/activity" node (presence access model):

]]>

Finally, romeo@montague.net sends a disco#items request to juliet@capulet.com:

]]>

In this case, the server would return the "http://jabber.org/protocol/tune" node (open access model) and the "http://jabber.org/protocol/activity" node (presence access model) and the "http://jabber.org/protocol/geoloc" node (roster access model):

]]>

If an entity is not subscribed to the account owner's presence, it MUST subscribe to a node using the protocol defined in JEP-0060. For instance, here is how benvolio@montague.net would subscribe Juliet's tune information:

]]>

However, when a contact is affiliated with the account owner through a presence subscription, PEP greatly simplifies the subscription process. This is done by associating the presence subscription with a pubsub subscription to the account owner's root collection node (i.e., bare JID), with a subscription_type of "items" and a subscription_depth of "all".

Consider the following presence subscription exchange:

]]>

For PEP purposes, this is equivalent to the following pubsub subscription exchange:

http://jabber.org/protocol/pubsub#subscribe_options items all ]]>

Note: Automated pubsub subscriptions MUST be based on the JID contained in the 'from' address of the presence subscription request, which for IM contacts will be a bare JID (&BAREJID;).

An account owner publishes an item to a node by following the protocol specified in JEP-0060:

Gerald Finzi Introduction (Allegro vigoroso) Music for "Love's Labors Lost" (Suite for small orchestra) 1 255 ]]>

As a result, the account owner's server generates notifications and sends them to all subscribers who have requested or are interested in the data as described in the Contact Notification Filtering and Generating Notifications sections of this document.

The server MUST set the 'from' address on the notification to the bare JID (&BAREJID;) of the account owner (in this example, "juliet@capulet.com"). When sending notifications to an entity that has a presence subscription to the account owner, the server SHOULD include an &jep0033; "replyto" extension specifying the publishing resource (in this example, "juliet@capulet.com/balcony"); this enables the subscriber's client to differentiate between information received from each of the account owner's resources (for example, different resources may be in different places and therefore may need to specify distinct geolocation data). However, a server MUST NOT include the "replyto" address when sending a notification to an entity that does not have a presence subscription to the account owner. In addition, any errors related to the notification MUST be directed to the JID of the 'from' address on the notification (i.e., the bare JID) so that bounce processing can be handled by the PEP service rather than by the publishing client.

Assuming that all three entities previously mentioned would receive the notifications, the PEP service would generate the following stanzas:

Gerald Finzi Introduction (Allegro vigoroso) Music for "Love's Labors Lost" (Suite for small orchestra) 1 255 Gerald Finzi Introduction (Allegro vigoroso) Music for "Love's Labors Lost" (Suite for small orchestra) 1 255
Gerald Finzi Introduction (Allegro vigoroso) Music for "Love's Labors Lost" (Suite for small orchestra) 1 255
]]>

Note the 'to' addresses: the notification to Benvolio is addressed to "benvolio@montague.net" (bare JID) since the PEP service does not have presence information about the subscriber, whereas the notifications to the Nurse and to Romeo are addressed to the full JIDs of those subscribers.

A contact may not want to receive notifications for all payload types. A contact SHOULD signal its preferences to the account owner's server by including JEP-0115 information that specifies the namespaces for which the contact wishes to receive notifications (if any).

In order to make this possible, all possible payload namespaces can be appended with the string "+notify" to indicate that the contact wishes to receive notifications for the payload format. Thus if Romeo wants to receive notifications for activity data and geolocation data but not tune data, his client would advertise support for the following namespaces in the disco#info results it sends: Including, say, the 'http://jabber.org/protocol/geoloc' namespace indicates that the client understands the geolocation namespace, whereas including the 'http://jabber.org/protocol/geoloc+notify' namespace indicates that the client wishes to receive notifications related to geolocation.

  • http://jabber.org/protocol/activity+notify
  • http://jabber.org/protocol/geoloc+notify

This set of namespaces would then be advertised as a JEP-0115 "ext" value, such as the following:

]]>

Note: In JEP-0115, the "ext" values are opaque strings with no semantic meaning.

It is the responsibility of the account owner's server to cache JEP-0115 information (including "ext" values and their associated namespaces). When the server receives presence from a contact, it MUST check that presence information for entity capabilities data and correlate that data with the desired namespaces for the contact's client. The server MUST NOT send notifications related to any data formats that the contact's client has not asked for via the relevant "namespace+notify" disco#info feature. This enables a client to turn off all notifications (e.g., because of bandwidth restrictions) and to easily receive all desired data formats simply by adding support for the appropriate "namespace+notify" combination in its disco#info results and client capabililies. However, it also implies that a client can request notifications only on a global basis and cannot request, say, mood information only from certain contacts in the user's roster. Community consensus is that this is an acceptable tradeoff. Also, note that this works only if the account owner has a presence subscription to the contact and the contact has a presence subscription to the account owner.

Some examples may help to illustrate the concept of notification filtering. Here we show presence generated by two of the contacts listed above (benvolio@montague.net does have any presence subscriptions to or from juliet@capulet.com and therefore is not involved in these protocol flows).

]]>

We assume that Juliet's server doesn't know anything about these capabilities, so it sends service discovery information requests to each of the clients on Juliet's behalf (realistically, the capulet.com server will quickly build up a cache of client capabilities, with the result that it will not need to send these service discovery requests):

]]> ]]>

Now we revisit account owner publication and server generation of notifications, with filtering enabled because the server has caps information:

  • If Juliet publishes a tune item to the open-access "http://jabber.org/protocol/tune" node, her server will send notifications to <benvolio@montague.net> (bare JID) and to <nurse@capulet.com/chamber> (full JID) but not to <romeo@montague.net/orchard>.

  • If Juliet publishes an activity item to the presence-access "http://jabber.org/protocol/activity" node, her server will send notifications only to <nurse@capulet.com/chamber>.

  • If Juliet publishes a geolocation item to the roster-access "http://jabber.org/protocol/geoloc" node, her server will send notifications only to <romeo@montague.net/orchard>.

  1. If a subscriber subscribed using a full JID (&FULLJID;), domain identifier (&DOMAIN;), or domain plus resource (&DOMAINRES;), a PEP service MUST send one notification only, addressed to the subscribed JID.

  2. If a subscriber subscribed using a bare JID (&BAREJID;) and a PEP service does not have appropriate presence information about the subscriber, a PEP service MUST send at most one notification, addressed to the bare JID (&BAREJID;) of the subscriber, and MAY choose not to send any notification. (By "appropriate presence information" is meant an available presence stanza with non-negative priority and JEP-0115 data that indicates interest in the relevant data format.)

  3. If a subscriber subscribed using a bare JID (&BAREJID;) and a PEP service has appropriate presence information about the subscriber, the PEP service MUST send one notification to the full JID (&FULLJID;) of each of the subscriber's available resources that have specified non-negative presence priority and included JEP-0115 information that indicates an interest in the data format.

  1. When an account owner publishes an item to a node, a PEP service MUST generate a notification and send it to all appropriate subscribers (where the number of notifications is determined by the foregoing rules).

  2. When a PEP service receives initial presence information from a subscriber's resource with a non-negative priority and including JEP-0115 information that indicates an interest in the data format, it MUST generate a notification containing the last published item for that node and send it to the newly-available resource.

  3. As an exception to the foregoing MUST rules, a PEP service MUST NOT send notifications to a subscriber if the user has blocked the subscriber from receiving all or any kinds of stanza (presence, message, IQ, or any combination thereof) using communiations blocking as specified in XMPP IM.

As described in the Generating Notifications section of this document, a PEP service MUST send the last published item to all new subscribers and to all newly-available resources for each subscriber. That is, the default value of the "pubsub#send_last_published_item" node configuration field must be "on_sub_and_presence"; this behavior essentially mimics the functionality of presence as defined in XMPP IM.

]]> ]]> Gerald Finzi Introduction (Allegro vigoroso) Music for "Love's Labors Lost" (Suite for small orchestra) 1 255 ]]>

As noted, PEP services may be used to implement private data storage, such as defined in &jep0049;. A future version of this document will specify this usage in more detail.

A PEP service MUST:

  • Support the node discovery, node creation, node deletion, publish item, subscribe, unsubscribe, and item retrieval use cases specified in JEP-0060.
  • Support the "owner" and "subscriber" affiliations.
  • Support the "presence" access model and set it to the default.
  • Support the "open", "roster", and "whitelist" access models.
  • Treat the account owner's bare JID (&BAREJID;) as a collection node (i.e., as the root collection node for the account's virtual pubsub service).
  • Deliver payloads (if included) in all notifications.
  • Send the last publish item as described above.
  • Support the 'deliver_notifications' and 'send_last_published_item' configuration options.

A PEP service MAY support other use cases, affiliations, access models, and features, but such support is OPTIONAL.

In order to ensure appropriate access to information published at nodes of type "presence" and "roster", a PEP service MUST re-calculate access controls when:

  1. A presence subscription state changes (e.g., when a subscription request is approved).
  2. A roster item is modified (e.g., when the item is moved to a new roster group).

If the modification results in a loss of access, the service MUST cancel the entity's subscription. In addition, the service MAY send a message to the (former) subscriber informing it of the cancellation (for information about the format of messages sent to notify subscribers of subscription cancellation, see the "Notification of Subscription Denial or Cancellation" section of JEP-0060).

A PEP service MAY enforce additional privacy and security policies when determining whether an entity is allowed to subscribe to a node or retrieve items from a node; however, any such policies shall be considered specific to an implementation or deployment and are out of scope for this document.

This JEP requires no interaction with &IANA;.

The ®ISTRAR; includes a category of "pubsub" in its registry of Service Discovery identities (see &DISCOCATEGORIES;); as a result of this JEP, the Registrar includes a type of "pep" to that category.

The registry submission is as follows:

pubsub pep A personal eventing service that supports the publish-subscribe subset defined in JEP-0163. JEP-0163 ]]>

Because Personal Eventing via Pubsub simply reuses the protocol specified in JEP-0060, a separate schema is not needed.

The authors wish to thank the participants in the XMPP Interoperability Testing Event held July 24 and 25, 2006, who provided valuable feedback that resulted in radical simplification of the protocol.