%ents; ]>
Personal Eventing via Pubsub This document specifies XMPP semantics for using the publish-subscribe protocol to broadcast state change events associated with an instant messaging and presence account. &LEGALNOTICE; 0163 Draft Standards Track Standards JIG Council XMPP Core XMPP IM XEP-0030 XEP-0060 XEP-0115 pep &stpeter; &ksmith; 1.1 2007-09-26 psa

In accordance with XMPP Council consensus (1) explicitly defined auto-create, auto-subscribe, filtered-notifications, and last-published features, (2) moved them to XEP-0060, and (3) added appropriate references to XEP-0060 throughout; also added friendly but non-normative How It Works section and removed references to private data storage; updated to reflect changes to entity capabilities and pubsub.

1.0 2006-09-20 psa

Per a vote of the Jabber Council, advanced status to Draft.

0.15 2006-08-30 psa

Added the deliver_notifications and send_last_published_item configuration options to the recommended defaults.

0.14 2006-08-02 psa

Changed various recommended defaults from SHOULD to MUST; corrected several errors in the text and examples.

0.13 2006-08-01 psa

Recommended node creation with default configuration on initial publish; corrected several errors and clarified several points in the text.

0.12 2006-08-01 psa

Simplified the subscription process using XMPP presence and entity capabilities.

0.11 2006-07-20 psa

Clarified rules regarding number of notifications and when to generate notifications; corrected several errors in the text and examples.

0.10 2006-07-07 psa

Updated to reflect version 1.8 of XEP-0060.

0.9 2006-06-15 psa

Updated to reflect use of data forms in XEP-0060.

0.8 2006-04-10 psa

Clarified terminology and defaults.

0.7 2006-04-10 psa

Specified that notifications are to be sent from bare JID, not full JID.

0.6 2006-04-10 psa

Updated to reflect pubsub changes; clarified business rules for generation of notifications and cancellation of subscriptions.

0.5 2006-03-09 psa

Modified roster groups example to use jabber:x:data; added note about advertising client support for PEP.

0.4 2006-02-02 psa/ks

Specified rules for generation of notifications, including use of presence in determining address of intended recipient for notifications and sending of last published item on receipt of presence information; changed name to Personal Eventing Protocol; specified service discovery identity of pubsub/pep; removed section on service types; added Kevin Smith as co-author.

0.3 2006-01-30 psa

Specified that a service may enforce additional privacy and security policies; specified that an account owner must always be allowed to subscribe and to retrieve items; specified that an implementation should enforce access modifications resulting from roster state changes.

0.2 2006-01-11 psa

Updated to reflect proposed XEP-0060 modifications.

0.1 2005-11-02 psa

Initial version.

0.0.2 2005-10-25 psa

Added more details and examples.

0.0.1 2005-10-24 psa

First draft.

Personal eventing provides a way for a Jabber/XMPP user to send updates or "events" to other users, who are typically contacts in the user's roster. An event can be anything that a user wants to make known to other people, such as those described in &xep0080;, &xep0107;, &xep0108;, and &xep0118;. While the XMPP &xep0060; extension ("pubsub") can be used to broadcast such events associated, the full pubsub protocol is often thought of as complicated and therefore has not been widely implemented. Instead, many "extended presence" formats are currently sent using the &PRESENCE; stanza type; unfortunately, this overloads presence, results in unnecessary presence traffic, and does not provide fine-grained control over access. The use of publish-subscribe rather than presence is therefore preferable. To make publish-subscribe functionality more accessible (especially to instant messaging and presence applications that conform to &xmppim;), this document defines a simplified subset of pubsub that can be followed by instant messaging client and server developers to more easily deploy personal eventing services across the Jabber/XMPP network. We label this subset "Personal Eventing via Pubsub" or PEP.

Note: Any use cases not described herein are described in XEP-0060. Also, this document does not show error flows related to the generic publish-subscribe use cases referenced herein, since they are exhaustively defined in XEP-0060. The reader is referred to XEP-0060 for all relevant protocol details related to the XMPP publish-subscribe extension. This document merely defines a "subset" or "profile" of XMPP publish-subscribe.

This section provides a friendly introduction to personal eventing via pubsub (PEP).

Imagine that you are a Shakespearean character named Juliet and that you want to generate events about what music you're listening to, which anyone may see as long as they are authorized to see your online/offline presence (i.e., a pubsub access model of "presence").

We assume that you have three contacts with the following relationship to you:

  1. benvolio@montague.lit, who has no subscription to your presence
  2. nurse@capulet.lit, who has a bidirectional subscription to your presence and who is in your "Servants" roster group
  3. romeo@montague.lit, who has a bidirectional subscription to your presence and who is in your "Friends" roster group

We also assume that your server (capulet.lit) supports PEP and that your client discovered that support when you logged in.

Now you start playing a song on your music playing software. Your client captures that "event" and publishes it to your server:

Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 ]]>

Note the following about your publish request:

  1. It is sent with no 'to' address (see Every Account a Pubsub Service).
  2. It specifies a node of "http://jabber.org/protocol/tune" (see One Node per Namespace).

If all goes well (see Publishing Events), everyone who is interested in what you are listening to will receive notification of the event:

Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 ]]>

Because PEP services must send notifications to the account owner, you too receive the notification at each of your resources (here "balcony" and "chamber").

Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 ]]>

But how do Romeo and the Nurse tell your server that they are interested in knowing what you're listening to? In generic pubsub they typically need to explicitly subscribe to your "http://jabber.org/protocol/tune" node. That may still be necessary for open access model nodes in PEP if another user does not send you presence, such as benvolio@montague.lit in our scenario. But PEP services support two special features:

  1. "auto-subscribe" -- because they are subscribed to your presence, they automatically receive your events (see Use Presence).
  2. "filtered-notification" -- they can include some special flags in their &xep0115; information to specify which event types (payloads) they want to receive (see Filtered Notifications).
]]>

Your server knows to send tune information to Romeo because when the server unpacks the value of the 'ver' attribute ("054H4A7280JuT6+IroVYxgCAjZo=") in accordance with XEP-0115, it discovers that Romeo's client advertises a service discovery feature of "http://jabber.org/protocol/tune+notify", where the "+notify" suffix indicates interest in receiving notifications related to the protocol that precedes the suffix. The server can verify this support if needed by sending a service discovery request to Romeo's full JID, where the response would be as follows:

]]>

Naturally your server doesn't need to send out a disco#info request every time, since it will quickly create a large cache of 'ver' values.

So that's the general idea.

Personal eventing via pubsub ("PEP") is based on the following principles:

  1. Every account a pubsub service.
  2. One publisher per node.
  3. One node per namespace.
  4. Use presence.
  5. Filter notifications based on expressed interest.
  6. Smart defaults.

These principles are described more fully below.

When a user creates an account (or has an account provisioned) at a Jabber/XMPP server that supports PEP, the server associates a virtual pubsub service with the account. This greatly simplifies the task of discovering the account owner's personal pubsub nodes, since the root pubsub node simply is the account owner's bare JID (&BAREJID;). This assumption also simplifies publishing and subscribing.

There is no need for multiple publishers to a PEP service, since by definition the service generates information associated with only one entity. The owner-publisher for every node is the bare JID of the account owner.

There is only one publish-subscribe node associated with any given payload type (XML namespace) for the account owner (e.g., there is one pubsub node for geolocation events, one node for tune events, and one node for mood events). This simplifies node creation, discovery, publishing, and subscribing.

Although generic publish-subscribe services do not necessarily have access to presence information about subscribers, PEP services are integrated with presence in the following ways:

  • Each messaging and presence account simply is a virtual publish-subscribe service.
  • The default access model is "presence".
  • A contact's subscription to an account owner's personal eventing data is automatically created because the contact has an XMPP presence subscription (the "auto-subscribe" feature).
  • Services take account of subscriber presence in the generation of notifications. This works only if the subscription state is "both" (see RFC 3921).
  • A service automatically sends notifications to all of the account owner's connected resources.

These uses of presence simplify the task of developing compliant clients (cf. &xep0134;).

By default, the existence of an XMPP presence subscription is used to establish a PEP subscription to the account owner's personal eventing data. In order to filter which notifications are sent by the PEP service, the contact's client includes extended &xep0115; information in the presence notifications it sends to the account owner. Because the PEP service supports the "filtered-notifications" feature, it sends only those notifications that match the contact's expressed notification preferences.

Most pubsub configuration options and metadata are not needed for personal eventing. Instead, PEP services offer smart defaults to simplify node creation and management.

An account owner publishes an item to a node by following the protocol specified in XEP-0060:

Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 ]]>

If the node does not already exist, the PEP service MUST create the node. This "auto-create" feature (defined in XEP-0060) MUST be supported by a PEP service. (Naturally, the account owner's client MAY follow the node creation use case specified in XEP-0060 before attempting to publish an item.)

A PEP service SHOULD also support the "publish-options" feature defined in XEP-0060.

If the publication logic dictates that event notifications shall be sent, the account owner's server generates notifications and sends them to all appropriate entities as described in the Receiving Event Notifications section of this document, as well as to any of the account owner's available resources.

An entity shall receive event notifications if:

  1. The node has an open access model and the entity has explicitly or implicitly subscribed to the node as explained in XEP-0060.
  2. The entity shares presence with the account owner (see Presence Sharing), is authorized to receive events from the node in accordance with the node access model (see XEP-0060), and advertises an interest in the payload type (see Notification Filtering).
  3. The entity is the account owner itself, in which case the PEP service shall send notifications to all of the account owner's available resources (subject to notification filtering).

A PEP service MUST support the "auto-subscribe" feature defined in Section 10.1 of XEP-0060. This implies that when a user has an XMPP presence subscription to the account owner's presence, the user automatically also has a pubsub subscription account owner's root collection node (i.e., bare JID), with a subscription_type of "items" and a subscription_depth of "all".

A PEP service MUST support the "filtered-notifications" feature defined in Section 10.2 of XEP-0060. This implies that when an automatic subscriber can specify which event payloads it wants to receive by including appropriate feature bundles in the XEP-0115 information it broadcasts.

  1. The server MUST set the 'from' address on the notification to the bare JID (&BAREJID;) of the account owner (in these examples, "juliet@capulet.lit").

  2. Any errors generated by the recipient or the recipient's server in relation to the notification MUST be directed to the JID of the 'from' address on the notification (i.e., the bare JID) so that bounce processing can be handled by the PEP service rather than by the publishing client.

  3. When sending notifications to an entity that has a presence subscription to the account owner, the server SHOULD include an &xep0033; "replyto" extension specifying the publishing resource (in this example, "juliet@capulet.lit/balcony"); this enables the subscriber's client to differentiate between information received from each of the account owner's resources (for example, different resources may be in different places and therefore may need to specify distinct geolocation data). However, a server MUST NOT include the "replyto" address when sending a notification to an entity that does not have a presence subscription to the account owner.

  4. If the PEP service has presence information about the intended recipient, it SHOULD direct the notification(s) to the full JID(s) of the recipients (&FULLJID;); if the PEP service does not have presence information about a subscriber, it MUST address the notification to the subscriber's bare JID (&BAREJID;).

  1. If a subscriber subscribed using a full JID (&FULLJID;), domain identifier (&DOMAIN;), or domain plus resource (&DOMAINRES;), a PEP service MUST send one notification only, addressed to the subscribed JID.

  2. If a subscriber subscribed using a bare JID (&BAREJID;) and a PEP service does not have appropriate presence information about the subscriber, a PEP service MUST send at most one notification, addressed to the bare JID (&BAREJID;) of the subscriber, and MAY choose not to send any notification. (By "appropriate presence information" is meant an available presence stanza with non-negative priority and XEP-0115 data that indicates interest in the relevant data format.)

  3. If a subscriber subscribed using a bare JID (&BAREJID;) and a PEP service has appropriate presence information about the subscriber, the PEP service MUST send one notification to the full JID (&FULLJID;) of each of the subscriber's available resources that have specified non-negative presence priority and included XEP-0115 information that indicates an interest in the data format.

  1. When an account owner publishes an item to a node, a PEP service MUST generate a notification and send it to all appropriate subscribers (where the number of notifications is determined by the foregoing rules).

  2. When a PEP service receives initial presence information from a subscriber's resource with a non-negative priority and including XEP-0115 information that indicates an interest in the data format, it MUST generate a notification containing the last published item for that node and send it to the newly-available resource.

  3. As an exception to the foregoing MUST rules, a PEP service MUST NOT send notifications to a subscriber if the user has blocked the subscriber from receiving all or any kinds of stanza (presence, message, IQ, or any combination thereof) using communiations blocking as specified in XMPP IM.

As mentioned, a PEP service MUST send the last published item to all new subscribers and to all newly-available resources for each subscriber, including the account owner itself. (That is, the default value of the "pubsub#send_last_published_item" node configuration field must be "on_sub_and_presence"; this behavior essentially mimics the functionality of presence as defined in XMPP IM.)

]]> ]]> Gerald Finzi 255 Music for "Love's Labors Lost" (Suite for small orchestra) Introduction (Allegro vigoroso) 1 ]]>

A PEP service MUST:

A PEP service MAY support other use cases, affiliations, access models, and features, but such support is OPTIONAL.

Naturally, before an account owner attempts to complete any PEP use cases, its client SHOULD determine whether the account owner's server supports PEP; to do so, it MUST send a &xep0030; information request to the server:

]]>

If a server supports PEP, it MUST return an identity of "pubsub/pep" (as well as a list of the namespaces and other features it supports, including all supported XEP-0060 features):

... ]]>

A contact MAY send service discovery requests to the account owner's bare JID (&BAREJID;). If the contact already has a subscription to the account owner's presence, this is not necessary in order to receive notifications from the account owner via personal eventing. However, a user without a presence subscription needs to do so in order to discover if the account owner is a virtual pubsub service and to discover the account owner's eventing nodes. The relevant protocol flows are demonstrated in XEP-0060.

Note: When returning disco#info results, the account owner's server MUST check the access model for each of the account owner's PEP nodes and MUST return as service discovery items only those nodes to which the contact is allowed to subscribe or from which the contact is allowed to retrieve items without first subscribing.

In order to ensure appropriate access to information published at nodes of type "presence" and "roster", a PEP service MUST re-calculate access controls when:

  1. A presence subscription state changes (e.g., when a subscription request is approved).
  2. A roster item is modified (e.g., when the item is moved to a new roster group).

If the modification results in a loss of access, the service MUST cancel the entity's subscription. In addition, the service MAY send a message to the (former) subscriber informing it of the cancellation (for information about the format of messages sent to notify subscribers of subscription cancellation, see the "Notification of Subscription Denial or Cancellation" section of XEP-0060).

A PEP service MAY enforce additional privacy and security policies when determining whether an entity is allowed to subscribe to a node or retrieve items from a node; however, any such policies shall be considered specific to an implementation or deployment and are out of scope for this document.

This document requires no interaction with &IANA;.

The ®ISTRAR; includes a category of "pubsub" in its registry of Service Discovery identities (see &DISCOCATEGORIES;); as a result of this document, the Registrar includes a type of "pep" to that category.

The registry submission is as follows:

pubsub pep A personal eventing service that supports the publish-subscribe subset defined in XEP-0163. XEP-0163 ]]>

Because Personal Eventing via Pubsub simply reuses the protocol specified in XEP-0060, a separate schema is not needed.

The authors wish to thank the participants in the XMPP Interoperability Testing Event held July 24 and 25, 2006, who provided valuable feedback that resulted in radical simplification of the protocol.

Thanks also to the many members of the standards@xmpp.org discussion list who patiently suffered through seemingly endless discussion of the auto-create and publish-and-configure features.