This document defines the Jabber Object Access Protocol (JOAP) as an extension to the Jabber protocol. It outlines the addressing scheme and IQ stanzas that comprise the protocol as well as the data types that the protocol models. Example applications are discussed, as well as security considerations.
Jabber has a number of attractive features that give it an advantage over existing frameworks for building multi-tier applications, such as the Simple Object Access Protocol (SOAP) or Java 2, Enterprise Edition (J2EE). Among these are:
For existing Jabber development efforts, there are significant advantages to building applications within a JOAP framework. It should go without saying that, for developers creating business applications on top of Jabber, a uniform object access protocol provides significant advantage for cross-product integration.
In addition, implementers of special-purpose components, such as multi-user chat servers or whiteboarding components, can use an object-server interface to allow fine-grained control of the implementations, especially where such control is not specified by the applicable Jabber protocol.
JOAP has the following design goals:
The following are non-goals:
The JOAP interface is made up of three key parts:
This section describes the various entities in the JOAP universe. Some entities are directly addressable with Jabber IDs (JIDs), as described below. Others are not considered outside of their enclosing entities.
An object server component is a Jabber component that provides object services. It is addressed like any other Jabber component, i.e., with a DNS hostname or pseudo-hostname. Some examples would be:
An object server has zero or more attributes, methods, and classes.
A class is a category of object instances. It defines the structure and interface of these instances. Each class is addressed using the class name as the node identifier, and the object server as the domain identifier. Class names must conform to the node identifier restrictions defined for XMPP. Class names must also be unique, regardless of case, within an object server.
For example:
Beside uniqueness and XMPP compliance, no further requirements are made on class names. However, good design suggests mnemonic names.
Classes define the attributes and methods of their instances. In addition, they can have attributes and methods of their own. Finally, classes can have superclasses, which indicate an inheritance structure as well as implementation of a defined interface.
JOAP allows for no relative addressing of classes. Classes are always referred to by their full address (node identifier plus domain identifier).
An instance is a collection of data with identity, state, and behavior. Each instance is a member of a class, which defines the attributes (data) and methods (behavior) of the instance itself.
An instance is addressed using the node plus server that identifies its class, as well as a unique string that occupies the resource identifier section of the Jabber ID. The resource is only unique over the space of the corresponding class. Some example instance addresses:
Besides uniqueness within a class, and compliance with the rules for resource identifiers in the XMPP standard, there are no further requirements on instance identifiers in JOAP. In particular, the instance identifier is opaque -- that is, no further information about the state of the object can or should be discerned from the identifier. What visible part of the instance, if any, makes up the unique resource identifier is implementation dependent.
That said, it is recommended that the instance identifier be persistent through the life of the instance. In addition, using mnemonic identifiers can greatly enhance the usability of JOAP objects.
As with other resource identifiers, instance identifiers are case-sensitive.
The instance identifier roughly corresponds to a primary key in a relational database, and for object servers that provide access to relational databases, it is recommended to use the primary key of a table as the instance identifier. For tables with a compound key, a comma (',') dash ('-'), or other non-alphanumeric character can be used to separate parts of the key for better readability. For example:
JOAP allows for no relative addressing of instances. Instances are always referred to using their full address (node identifier plus domain identifier plus resource identifier).
An attribute is a unit of state that makes up part of an object server, instance, or class. Each attribute has a name and a type.
Attribute names must be strings of characters containing only
the characters [a-zA-Z0-9_]. The first character must be an
underscore or alphabetic character.
Attributes cannot be addressed individually. Attributes are manipulated by sending JOAP messages to the object that owns them.
A method is a unit of behavior that makes up part of an object. Methods in JOAP are compatible with &xmlrpc;, as specified in &jep0009;. In particular, methods have a name, a return type, and 0 or more parameters, each of which has a type.
The one exception to XML-RPC compatibility is that method
names for JOAP are restricted to the characters
[a-zA-z0-9_].
Methods cannot be directly addressed using JOAP. Methods are described and executed by sending messages to the object server, class, or instance that owns them.
The range of JOAP data types is borrowed directly from XML-RPC.
The scalar types include the following:
Instance addresses are a special type of string used for referring to instance objects. They can be passed as parameters to methods, or set as attribute values.
If a value can contain an object instance, its type is the address of a class. The address of any object instance that is an instance of that class, or any of its subclasses, can be used in that value.
For example, if Boxcar@trainset.example.com is a subclass of Car@trainset.example.com, then Boxcar@trainset.example.com/569 can be used as a method parameter, or set as an attribute, where Car@trainset.example.com is the defined type.
Because addresses are used for instance values, all methods involving instances are implicitly pass-by-reference. If a pass-by-value functionality is needed, a struct (see below) should be used instead.
Note that attribute and method param types can use classes and instances from other object servers (that is, with different domain identifiers). For instance, an Employee@payroll.example.com class could have an attribute of type Job@hr.example.com.
There are two compound types defined in XML-RPC.
An array is an ordered list of values. An array can contain values of any type, including other compound types.
In JOAP, as with XML-RPC, it is not possible to address, set, or delete elements of an array. To set values in an array, the entire new array must be specified.
A struct is a set of name-value pairs organized into a logical grouping. A struct can contain values of any type, including other compound types.
In JOAP, as with XML-RPC, it is not possible to address, set, or delete elements of a struct. To set values in an struct, the entire new struct must be specified.
Structs are useful mainly for groupings of data that do not have independent identity or behavior. Where an object needs identity or behavior, an instance should be used instead of a struct.
Types are specified by a string name of the type. This can be
one of the XML-RPC types described above, or a class
address.
This section defines the Jabber stanzas that make up the JOAP protocol.
Each stanza is an information query (IQ). Except for method calls, the stanzas are all in the 'jabber:iq:joap' namespace. Each of the following sections describes a stanza in that namespace, herein called a "verb". The verbs allow basic access to object servers, classes, and instances.
Not all verbs can be sent to all JOAP entities. The appropriate JOAP entity a verb should be addressed to is noted under the description of the verb.
The <describe> verb requests the interface -- that is, methods, attributes, and classes -- of a given object server or class. The IQ type is "get".
The <describe> verb is useful for creating wrapper classes in JOAP clients, either at runtime or at compile time. It can also be used for object browsers, or for client programs to ascertain that the interface they assume for an object is still valid.
<describe> verbs can be sent to object servers, classes, and instances. Each will return different data.
Each object description can contain one or more strings of descriptive text. This is to indicate the purpose and usage of the object in human-readable form.
Multiple descriptions are allowed in the hope that they will be used to describe the attribute in multiple languages (differentiated using the xml:lang attribute).
Attribute definitions have the following parts:
The attribute definitions returned to a client should include only attributes the user is authorized to access.
Method definitions have the following parts:
The method definitions returned to a client should include only methods the user is authorized to access.
Classes, in superclass definitions and object server interfaces, are always referred to by their full address.
The timestamp is a date-time value in ISO 8601 format, UTC. The timestamp indicates the last time an interface was changed, if that information is available.
The main point of describing the superclasses a class has is to allow clients to make typing distinctions: that is, to determine if a class presents a given interface, or may be provided as a parameter or attribute in another JOAP call.
The list of superclasses given in a class description is flat, not hierarchical. No provision is made to indicate which of a class's superclasses are superclasses of each other, nor is there any implied precedence order in the order of the classes in the returned description.
In addition, no provision is made to define which superclass actually implements any methods or attributes defined.
When a class receives a <describe> verb, it must
return all its superclasses, including multiple
ancestors. It must as well return all the attributes and
methods that it responds to, including those defined in
its superclasses. This is called a "flattened"
description of the class.
The following examples illustrate the use of the <describe>
verb.
To describe a server, the JOAP client sends this stanza.
The object server returns this response:
To describe the Car@trainset.example.com class, the JOAP client sends this stanza to the class for boxcars.
The class returns this stanza to the JOAP client.
To describe an instance, the JOAP client sends this stanza to a particular track segment.
The instance returns this stanza to the JOAP client.
The <read> verb allows clients to retrieve the values
of attributes of an object server, class, or instance. The
client can specify which attributes to return; if no
attributes are specified, then all attributes are
returned.
The <read> verb uses the "get" IQ type.
A timestamp, in ISO 8601 format, UTC, can be added to the results of a <read>. The timestamp indicates the last time any of an object's attribute values have changed (not just the requested ones). The timestamp can be used, for example, to implement object caching on the client side.
The following are some common error codes may be generated in response to a <read> verb.
This section gives some examples of using the <read> verb.
A client would send the following stanza to an instance to read its attributes:
In return, the instance would send this stanza to the client:
To read only specified attributes of an instance, the client would send this stanza:
In return, the instance would send this stanza to the client:
The <add> verb is used to create a new instance of a JOAP class. The verb is sent to the JOAP class, which returns the address of the newly-created instance.
Within each <add> verb the client must include attribute values for each required, writable attribute of the class.
The IQ is of type "set".
The following are some common error codes may be generated in response to an <add> verb.
To create a new PassengerCar, the client would send the following stanza to the PassengerCar class:
The class would return the following response:
Note that the class created a new instance identifier, 866, for the new instance. Further communications from the client would use the full instance address returned.
The <edit> verb is used to update the attributes of an object. The name and new value of each attribute that is to be updated is listed in the <edit> verb.
The IQ is of type "set".
Leaving a given attribute out of an <edit> verb does not indicate that the attribute should be set to an undefined or default value. The new values of attributes that are left out is implementation-dependent; in general, though, they should remain unchanged, if possible.
If the results of an <edit> verb have content, it
will contain the new address of the instance that was
updated. The new address should be used henceforth by the
client.
The following error codes may be generated in response to a <edit> verb.
To change the number of passengers in a PassengerCar, the client would send the following stanza to the instance:
The client would return the following stanza:
If a client wanted to change the name of a Building, it would send the following stanza to the instance:
The results would be as follows:
Note that the instance indentifier, and thus the instance address, of the instance has changed. The from part of the IQ, however, contains the old address.
The <delete> verb is used to delete an instance. The IQ is of type "set". The <delete> stanza has no sub-elements.
Only instances can be deleted. Classes and object servers cannot be deleted. After an instance is deleted, it is no longer addressable.
A given user may not be able to delete a particular instance.
The following error codes may be generated in response to a <delete> verb.
To delete an instance, a client would send the following stanza:
The instance would return this stanza:
If the user is not authorized to delete the instance, it would return this error:
The <search> verb allows rudimentary searching and listing of instances in a class. The IQ is of type "get".
The client sends a <search> verb to the class, specifying the attributes that are search criteria and values to search for. The class returns a list of the addresses of matching instances.
Multiple attributes are logically AND'd; that is, resulting instances must match all of the attribute values.
How attribute values are specified for matching depends on the type of the attribute.
Classes should return all instances of the class that are on the same object server (that is, which have the same domain identifier in their address) and that match the search criteria. This includes instances of subclasses of the class.
Whether a class returns instances of subclasses that reside
on other object servers is implementation-dependent.
Classes cannot be searched on attributes that are defined only in subclasses; for example, a search for the attribute "contents" sent to the Car@trainset.example.com class should result in a 406 (Not Acceptable) error.
The semantics of an empty <search> verb is to request all instances of a class. This provides a listing or browsing functionality.
The following error codes may be generated in response to a <search> verb.
To search for Boxcar instances carrying coal, the client would send the following stanza to the Boxcar class:
The Boxcar class would return a list of all matching instances:
To get a list of all Building instances, the client would send an empty <search> verb, as follows:
The Building class would return the following stanza:
Note that the class returns instances of subclasses, as well as direct instances of the class.
Method calls in JOAP are simply XML-RPC calls, as defined in
JEP-0009.
Method names must be the exact method name as returned by <describe>. No class or instance identifier prefix (with "." or ":") is used.
Note, also, that the addressee of the method call, that is, the object that defines the method, is not specified as a parameter of the method, as it is in some programming languages. The addressee of the method is implicit in the address to which the method was sent.
To start the event log on the train set server, the client would send the following stanza:
The object server would respond with the following results:
To retrieve the next available Car tracking number, the client would send the following stanza to the Car class:
The class would respond with the following results:
To make a Switch change to a different track segment, the client would send the following stanza to the instance:
The instance would respond with the following results:
A simple application server can be provided using JOAP. This is merely the degenerate case of an object server that provides only methods and attributes, with no classes.
A more complex example would be an interface to a relational database server, such as Oracle, PostgreSQL, or mySQL. The object server would represent a single database within the database server. Each table in the database would be represented by a class with no class attributes or methods. Each row in the database would be an instance of its table's class, with attributes but no methods.
A distributed n-tier application can be built fairly directly with JOAP. N-tier applications are usually defined as having three main segments:
With JOAP, application developers can create the last two segments with a JOAP interface. User-interface clients can use JOAP to access and manipulate the business objects in a business object server. In turn, the business objects can use JOAP to manipulate underlying database objects in the data storage layer (perhaps implemented using a relational database interface, as defined above).
Jabber protocols typically define a base set of functionality
for a component to provide. Implementers often want to provide
specialized, fine-grained control of the component that is not
part of the core functionality of a component. For example,
the implementer may wish to allow administrators to get
metrics on a component, enable or review logs, note error
situations, or configure the component remotely.
A component can provide an additional JOAP interface, along with its regular protocol-specific interface, to enable this kind of control functionality. Implementers can in this way provide implementation-specific functionality in an open way.
For example, if conference.example.com is a MUC component, control.conference.example.com might be a JOAP component with access to the internal data structures of the MUC component. A conference room addressed in the MUC component as ModelTrains@conference.example.com might be addressed in the JOAP component as Room@control.conference.example.com/ModelTrains.
There are a number of existing distributed object systems, such as SOAP, CORBA, distributed OLE, Enterprise Java Beans, etc.
It would be reasonable to create gateways for these object systems or object servers implementing their protocols using JOAP. JOAP could also be used to allow disparate object systems to communicate through a common protocol.
To follow.
This section describes some security considerations for implementers of JOAP.
No provision is made for authentication of users to the object server. Jabber users authenticate to a login server before they are able to send any Jabber stanzas.
Authorization for users to access and manipulate objects and attributes in JOAP is fine-grained; object servers can return error codes to indicate a lack of authorization for any given attribute, object, or method.
No provision is made to define a user's authorization for an object, attribute, or method. Implicit authorization is outlined with the results of the <describe> verb.
No provision is made in the JOAP protocol for providing privacy and confidentiality in JOAP conversations. This is left up to existing, more general Jabber protocols and extensions.
Confidentiality from external, non-Jabber observers can be obtained using transport-layer security (TLS) in all legs of the Jabber path -- from client to server to (potentially) another server to the object server component.
Maintaining confidentiality against observers in the Jabber pathway -- for example, servers relaying JOAP stanzas -- requires using end-to-end encryption.
Due to the nature of the JOAP addressing scheme, however, perfect confidentiality cannot be preserved. Even if the contents of an IQ packet are encrypted, the address of the object the packet is sent to -- e.g., Tips@whistleblower.example.org/NuclearRegulatoryInfractions -- will reveal some information about the JOAP conversation which could be harmful to the user.
This JEP requires no interaction with the IANA.
This protocol defines one new namespace, 'jabber:iq:joap'.
Experimental implementations of this protocol should use the namespace 'http://www.jabber.org/jeps/jep-0075.html#0.3' to avoid conflicts with future versions.
The following glossary collects some definitions of terms used in this document.
The following is an XML Schema for JOAP.
]]>
The following is a document-type description (DTD) for JOAP.
]]>
Because JOAP requires some significant examples to define the protocol, an example domain was developed to provide consistency. Readers familiar with UML may find the following diagram useful to illustrate some of the fine points of JOAP listed above.