%ents; ]>
Blocking Command This document specifies an XMPP protocol extension for communications blocking that is intended to be simpler than privacy lists (XEP-0016). &LEGALNOTICE; 0191 Draft Standards Track Standards XMPP Core XMPP IM XEP-0030 None None blocking &stpeter; 1.2rc2 in progress, last updated 2012-06-22 psa

Changed the title and rearranged several sections.

1.1 2007-02-15 psa

Further clarified relationship to privacy lists.

1.0 2006-11-21 psa

Per a vote of the XMPP Council, advanced status to Draft; also modified namespace to use XMPP URN.

0.5 2006-11-06 psa

Modified message handling to recommend returning service-unavailable error.

0.4 2006-11-06 psa

Added push notifications (a la roster pushes).

0.3 2006-10-16 psa

Specified relationship to privacy lists, JID matching rules, server handling of outbound presence on block and unblock, handling of directed presence, syntax of block element.

0.2 2006-08-30 psa

Added implementation notes regarding polite blocking and filtering of search results; recommended retrieval of block list after authentication; defined protocol flow for unblocking all contacts.

0.1 2006-08-16 psa

Initial version.

0.0.2 2006-08-10 psa

Added block list retrieval use case; modified block and unblock syntax to use item child element.

0.0.1 2006-08-09 psa

First draft.

&rfc3921; includes an XMPP protocol extension for communications blocking, which has since been moved to &xep0016;. Unfortunately, because the privacy lists extension is quite complex, it has not been widely implemented in servers and has been implemented virtually not at all in clients. This is problematic, since the ability to block communications with selected users is an important feature for an instant messaging system (and is required by &rfc2779;). However, the full power of privacy lists is not needed in order to block communications, so this document proposes a simpler blocking protocol that meets the requirement specified in RFC 2779 and can be implemented more easily in XMPP clients and servers.

The requirements for communications blocking are straightforward:

  1. A user must be able to block communications with a specific contact.
  2. A user should be able to determine which contacts are blocked.
  3. A user should be able to unblock communications with a specific contact.

In order for a client to discover whether its server supports the protocol defined herein, it MUST send a &xep0030; information request to the server:

]]>

If the server supports the protocol defined herein, it MUST return a feature of "urn:xmpp:blocking":

... ... ]]>

In order for a client to request a user's list of blocked contacts (e.g., in order to determine whether to unblock a contact), it shall send an IQ-get with no 'to' address (thus handled by the user's server) containing a <blocklist/> element qualified by the 'urn:xmpp:blocking' namespace:

]]>

If the user has any contacts in its blocklist, the server MUST return an IQ-result containing a <blocklist/> element that in turn contains one child <item/> element for each blocked contact:

]]>

If the user has no contacts in its blocklist, the server MUST return an IQ-result containing an empty <blocklist/> element:

]]>

A client SHOULD retrieve the block list after authenticating with its server and before completing any blocking or unblocking operations.

In order for a user to block communications with a contact, the user's client shall send an IQ-set with no 'to' address (thus handled by the user's server) containing a <block/> element qualified by the 'urn:xmpp:blocking' namespace, where the JID to be blocked is encapsulated as the 'jid' attribute of the <item/> child element:

]]>

If the server can successfully process the block command, it MUST return an IQ-result:

]]>

The server MUST also send an IQ-set to all of the user's resources that have requested the blocklist, containing the blocked item(s):

]]>

If the <block/> element does not contain at least one <item/> child element, the server MUST return a &badrequest; error. The <block/> element MAY contain more than one <item/> child. Other standard XMPP stanza errors also apply; see &xmppcore; and &xep0086;.

When the user blocks communications with the contact, the user's server MUST send unavailable presence information to the contact (but only if the contact is allowed to receive presence notifications from the user in accordance with the rules defined in RFC 3921).

Once the user has blocked communications with the contact, the user's server MUST NOT deliver any XML stanzas from the contact to the user. The block remains in force until the user subsequently unblocks commmunications with the contact (i.e., the duration of the block is potentially unlimited and applies across sessions).

If the contact attempts to send a stanza to the user (i.e., an inbound stanza from the user's perspective), the user's server shall handle the stanza according to the following rules:

  • For presence stanzas (including notifications, subscriptions, and probes), the server MUST NOT respond and MUST NOT return an error.
  • For message stanzas, the server SHOULD return an error, which SHOULD be &unavailable;.
  • For IQ stanzas of type "get" or "set", the server MUST return an error, which SHOULD be &unavailable;. IQ stanzas of other types MUST be silently dropped by the server.

If the foregoing suggestions are followed, the user will appear offline to the contact.

If the user attempts to send an outbound stanza to the contact, the user's server MUST NOT route the stanza to the contact but instead MUST return a ¬acceptable; error containing an application-specific error condition of <blocked/> qualified by the 'urn:xmpp:blocking:errors' namespace:

Can you hear me now? ]]>

In order for a user to unblock communications with a contact, the user's client shall send an IQ-set with no 'to' address (thus handled by the user's server) containing an <unblock/> element qualified by the 'urn:xmpp:blocking' namespace, where the JID to be unblocked is encapsulated as the 'jid' attribute of the <item/> child element:

]]>

If the server can successfully process the unblock command, it MUST return an IQ-result:

]]>

The server MUST also send an IQ-set to all of the user's resources that have requested the blocklist, containing the unblocked item(s):

]]>

When the user unblocks communications with the contact, the user's server MUST send the user's current presence information to the contact (but only if the contact is allowed to receive presence notifications from the user in accordance with the rules defined in RFC 3921).

After the user has unblocked communications with the contact, the user's server MUST deliver any subsequent XML stanzas from the contact to the user.

In order for a user to unblock communications with all contacts, the user's client shall send an IQ-set with no 'to' address (thus handled by the user's server) containing an empty <unblock/> element qualified by the 'urn:xmpp:blocking' namespace:

]]>

If the server can successfully process the unblock command, it MUST return an IQ-result:

]]>

The server MUST also send an IQ-set to all of the user's resources that have requested the blocklist, containing notification of global unblocking:

]]>

Once the user has unblocked communications with all contacts, the user's server MUST deliver any XML stanzas from those contacts to the user.

When a server receives a block command from a user, it MAY cancel any existing presence subscriptions between the user and the blocked user and MAY send a message to the blocked user; however, it is RECOMMENDED to deploy so-called "polite blocking" instead (i.e., to not cancel the presence subscriptions or send a notification). Which approach to follow is a matter of local service policy.

A service MAY also filter blocking users out of searches performed on user directories (see, for example, &xep0055;); however, that functionality is out of scope for this specification.

The communications blocking protocol specified herein is intended to be a user-friendly "front end" to a subset of the functionality defined by the privacy lists protocol (XEP-0016). If a service deploys both privacy lists and the blocking command, the service MUST use the same back-end data store for both protocols. (Note: Wherever possible, this document attempts to define a protocol that is fully consistent with XEP-0016; if a particular aspect of functionality is not specified herein, the relevant text in XEP-0016 shall be taken to apply.)

When implementing both XEP-0191 and XEP-0016, a service SHOULD map the blocklist to the default privacy list, where each blocked JID is represented as a privacy list item of type "jid" and action "deny". An implementation MUST NOT block communications from one of a user's resources to another, even if the user happens to define a rule that would otherwise result in that behavior. If this is done and none of the user's clients ever use the privacy lists protocol, then the blocklist will always apply. This mapping has the following implications:

  1. If all of a user's clients always use the blocking command, then the default privacy list will be equivalent to the blocklist and the default privacy list will be a kind of "virtual list" (in the sense that it is never modified directly by any of the clients).

  2. If one of a user's clients uses privacy lists instead of blocklists and modifies the default privacy list by removing a blocked JID or blocking a new JID, then that change will be reflected in the blocklist.

  3. If one of a user's clients uses privacy lists and does anything but block or unblock a JID, then that change will not be reflected in the blocklist (since blocklists cannot represent anything except blocked JIDs).

  4. If one of a user's clients removes the default privacy list and substitutes a new list for the old list, the blocked JIDs in the new default privacy list (if any) will become the new blocklist.

  5. If one of a user's clients makes active something other than the default privacy list, the user may receive communications from contacts who are blocked in the default list.

Because of the potential for confusion between block lists and privacy lists, it is NOT RECOMMENDED for a client to request both the block list and privacy lists in the same session.

The priority of blocked (jid+deny) items in the privacy list SHOULD be such that they come first in the privacy list.

Matching of JIDs as specified in the 'jid' attribute of the <item/> element SHOULD proceed in the following order (this is consistent with XEP-0016):

  1. <user@domain/resource> (only that resource matches)
  2. <user@domain> (any resource matches)
  3. <domain/resource> (only that resource matches)
  4. <domain> (the domain itself matches, as does any user@domain or domain/resource)

If properly implemented, this protocol extension does not introduce any new security concerns above and beyond those defined in RFC 3920 and RFC 3921.

No interaction with &IANA; is required as a result of this specification.

The ®ISTRAR; includes 'urn:xmpp:blocking' and 'urn:xmpp:blocking:errors' in its registry of protocol namespaces (see &NAMESPACES;).

The protocol documented by this schema is defined in XEP-0191: http://www.xmpp.org/extensions/xep-0191.html ]]> The protocol documented by this schema is defined in XEP-0191: http://www.xmpp.org/extensions/xep-0191.html ]]>

Thanks to Valerie Mercier, Maciek Niedzielski, Kevin Smith, and Remko Tronçon for their feedback.