%ents; ]>
Ad-Hoc Commands This document defines an XMPP protocol extension for advertising and executing application-specific commands, such as those related to a configuration workflow. Typically the commands contain data forms (XEP-0004) in order to structure the information exchange. &LEGALNOTICE; 0050 Draft Standards Track Standards XMPP Core XEP-0004 XEP-0030 commands http://www.xmpp.org/schemas/commands.xsd &linuxwolf; 1.2.3 2019-03-26 XEP Editor (jsc) Fix typo in example (mode => runlevel) 1.2.2 2016-12-03 XEP Editor (ssw, fs) Mark 'note' element's 'type' attribute as optional in the schema. Introduce 'Acknowledgements' section. 1.2.1 2015-10-15 XEP Editor (mam) Corrected text regarding "xml:lang" is an attribute not an element (Christian Schudt). 1.2 2005-06-30 psa Corrected typos and other small errors. 1.1.1 2004-01-02 lw Cleaned up errors in schema; added more clarifications about actions 1.1 2003-12-30 lw More strict usage of the terms "requester" and "responder"; added explicit flow-control information; cleaned up i18n and l10n based on IETF efforts 1.0 2003-05-19 psa Per a vote of the Jabber Council, advanced status to Draft. 0.13 2003-04-28 lw More clarity on security; added notes about i18n and l10n; included xml:lang in XML-Schema. 0.12 2003-04-22 lw Fixed typos; removed references to &PRESENCE;; added more security condiderations; added notes about <command/> child precedence. 0.11 2003-02-20 lw Created XML Schema. 0.10 2003-02-20 lw Relaxed and clarified <command/> payload requirements; Fixed minor errors in examples. 0.9.1 2003-02-12 lw Fixed disco examples to reflect specification text. 0.9 2003-02-09 lw Added "Implementation Notes" section; Removed syntax requirements for disco <item/> "node" attributes; Added "disclaimer" with regards to "node" values; Added clarifications regarding predefined/required commands; Added clarifications for command payloads; Added clarifications for command success versus failure; Added clarifications on "sessionid"; Fixed "x:data" errors. 0.8 2003-01-26 lw Fixed minor grammatical errors; Changed some MUSTs to SHOULDs. 0.7 2003-01-22 lw Added disco node syntax for commands; Expanded "XMPP Registrar" section. 0.6 2003-01-21 lw Consistency in the usage of the "x-commands" short name; Added "Discovering Support" usecase; made other disco usage more "disco-like". 0.5 2003-01-18 lw Fixed minor errors; Removed "complete" action value from <command/>; Removed <list/> in favor of disco. 0.4 2002-11-05 lw Fixed minor errors with examples; Changed position of DTD to be more consistent with other XEPs by this author; Added details for "disco" support; Added section on "Security Considerations", "IANA Considerations", and "JANA Considerations". 0.3 2002-10-11 lw Fixed minor errors with examples; Changed from using <query/> and <x/> to <list/> for command lists; Made the "cancel" use-case more explicit. 0.2 2002-10-10 lw Changed namespace from "jabber:x:commands" to "http://jabber.org/protocol/commands"; Changed execution to use <iq/> instead of any packet element; Changed execution to contain extensions; Reorganized for better clarity; Corrected spelling and grammar errors. 0.1 2002-10-08 lw Initial release.

This document specifies an XMPP protocol extension that enables an entity to initiate a command session where there is no preferred namespace. It also specifies a protocol extension for describing the types of ad hoc sessions, similar in concept to a menu.

The motivation for such a protocol comes from the desire to expand Jabber technologies outside the domain of instant messaging. Similar to web applications, these "Jabber applications" are systems in which, via a compliant Jabber client, a user (or automated process) can interact with the application. The client need not be specially-written in order to take advantage of this Jabber application.

This mechanism allows for a larger base of Jabber entities to participate as part of larger application architectures. Although specialized clients would be preferred in many environments, this protocol allows for applications to have a wider audience (i.e., any compliant Jabber client).

The namespace governing this protocol is "http://jabber.org/protocol/commands" (hereafter referred to as x-commands). This namespace relies on the &IQ; element for execution, and can use the &MESSAGE; element for announcing command lists. This protocol depends on &xep0030; for reporting and announcing command lists. This namespace is intended to complement &xep0004; (jabber:x:data), but is not necessarily dependent upon it.

Support of x-commands implies support for "jabber:x:data" (although this requirement may be replaced and/or amended with a requirement to support &xep0020; by performing the appropriate negotations before executing commands). x-commands provides a bootstrap for performing ad-hoc "jabber:x:data" processes, while the data itself is conveyed using "jabber:x:data".

The x-commands namespace is not designed to replace machine-to-machine oriented RPC systems such as &xep0009;, where the two entities fully understand the command's purpose and behavior prior to execution. x-commands is oriented more for human interaction, where the user agent (such as a compliant Jabber client) most likely has no prior knowledge of the command's purpose and behavior.

To determine if an entity supports x-commands, the requester uses Service Discovery. The requester makes an "#info" query to the responder. If supported, the responder includes a <feature/> with the "var" of "http://jabber.org/protocol/commands".

]]> ... ... ]]>

To find what commands an entity provides, the requester uses Service Discovery. Each command is a node of the responder, under the fixed node "http://jabber.org/protocol/commands" (for which the service discovery identity category is "automation" and type is "command-list"). Use of a fixed node for all commands of an entity allows for immediate retrieval of commands.

Each command is a disco item. The node attribute of <item/> identifies the command, and the name attribute is the label for the command.

The requester retrieves the list of commands by querying for the responder's items for the node "http://jabber.org/protocol/commands":

]]> ]]>

The result can then be used by the client to populate a menu, a dialog of buttons, or whatever is appropriate to the current user interface. The responder is not required to send the same list of commands to all requesters.

If additional information about a command is desired, the requester queries for disco information on the command node:

]]> ]]>

A responder MUST at least provide <identity category='automation' type='command-node'/> and <feature var='http://jabber.org/protocol/commands'/>, and SHOULD include <feature var='jabber:x:data'/>. It is not required to support additional information about a command. If the command is not available to the requester, the responder SHOULD respond with a 403 "Forbidden" error.

In some cases, a responder entity may find it appropriate to automatically push this information (e.g. a subscribed entity becomes available). In this case, the entity sends a &MESSAGE; containing the proper disco#items &QUERY;:

Service Controls ]]>

The only portion required is <query xmlns='http://jabber.org/protocol/disco#items'/>. Any other information (such as the <subject/> in the foregoing example) is OPTIONAL.

To execute a command, the requester sends an &IQ; containing the command to execute:

]]>

The requester MAY include the "action='execute'", although this is implied.

If the command does not require any user interaction (returns results only), the responder sends a packet similar to the following:

Available Services httpd off off on on postgresql off off on on jabberd off off on on ]]>

The above example shows the command execution resulting in a "jabber:x:data" form. It is also possible that one or more URLs (specified via &xep0066;) could be returned.

If the command requires more interaction, the responder sends a result &IQ; that contains the command information and the form to be filled out:

]]> Configure Service Please select the service to configure. ]]>

The <command/> SHOULD include an <actions/> element, which specifies the details of what the allowed actions are for this stage of execution. Each element within <action/> matches a possible value for the <command/> element's "action" attribute. The "execute" attribute defines which of the included actions is considered the equivalent to "execute" for this stage. In the above example, the only allowed action is to progress to the next stage, which is also the default.

Note: The "execute" action (not the attribute) is ambiguous and may have undefined behaviour in some implementations. Relying on the specific behavior of the execute action is discouraged, especially in cases where the "complete" action is not allowed and the "execute" attribute is not specified (see also Command Actions.

The requester then submits the form, maintaining the command node and sessionid:

httpd ]]>

The responder then provides the next stage's form in the result Note that the second stage can be reverted to the first stage or completed (signaled by the inclusion of the <prev/> and <complete/> elements), and that the default action is to complete execution (signaled by the "execute" attribute's value of "complete").:

Configure Service Please select the run modes and state for 'httpd'. 3 5 off ]]>

The requester then submits the second stage's form, again maintaining the node and sessionid:

3 on ]]> Service 'httpd' has been configured. ]]>

If the requester wishes to revert to the previous stage, it sends an &IQ; with the command's node and sessionid, and "action='prev'":

]]>

If the responder accepts this, it responds with the previous stage's command The responder MAY present "remembered" field values, but doing so is OPTIONAL.:

Configure Service Please select the service to configure. httpd ]]>

In the case where a command has multiple stages, the requester may wish to cancel at some point. To cancel, the requester sends the continuing command request with an "action='cancel'":

]]>

This enables the responder to free any resources allocated during the process. The responder MUST reply with the success of the command:

]]>

All commands used in the above examples are for illustrative purposes only. There are no predefined or required commands.

Each command is identified by its 'node' attribute. This matches the 'node' attribute from the service discovery <item/> element. Service Discovery requires that all 'node' values be unique within a given JID. This document requires that the 'node' value used in <command/> exactly match the value used in the <item/> element. It is the responsibility of the responder implementation to ensure each command's node is unique for their JID.

The execution of a command exists within the concept of a session. Each session is identified by the 'sessionid' attribute, and SHOULD be valid only between one requester/responder pair. The responder is responsible for determining the session lifetime, with some help from the requester.

The requester starts a new session for a command by simply sending a <command/> with the 'node' attribute (and optionally the 'status' attribute with a value of "execute"). Once the 'sessionid' attribute is given to the requester, it is the requester's responsibility to maintain it for the session's lifetime. A session ends when the responder sends a <command status='completed'/> or the requester sends a <command action='cancel'/> with the provided 'sessionid' value.

Once a session has ended, its 'sessionid' value SHOULD NOT be used again. It is the responder's responsibility to ensure that each 'sessionid' value is unique.

It may be possible for a requester to be executing more than one session of the same command with a given responder. If the responder does not allow more than one session of the same command with the same requester, the responder MUST return a ¬allowed; error (see &xep0086;).

The result for each stage (other than the last) of a command's execution SHOULD include an <actions/> element. The user-agent can use this information to present a more-intelligent user interface, such as a "druid" or "wizard".

For a user-agent, a typical interpretation of the <actions/> information (or lack thereof) would be the following:

  1. The action "cancel" is always allowed.
  2. If there is no <actions/> element, the user-agent can use a single-stage dialog or view.
    • The action "execute" is equivalent to the action "complete".
  3. If there is an <actions/> element, the user-agent usually uses a multi-stage dialog or view, such as a wizard.
    • The action "execute" is equivalent to the action specified in the "execute" attribute. If the "execute" attribute is absent, it defaults to "next". A form which has an <actions/> element and an "execute" attribute which evaluates (taking the default into account if absent) to an action which is not allowed is therefore invalid.
    • The "prev" action is typically the "back" or "previous" button or option in a wizard. If <prev/> is not contained by the <actions/>, it is disabled.
    • The "next" action is typically the "next" button or option in a wizard. If <next/> is not contained by the <actions/>, it is disabled.
    • The "complete" action is typically the "finish" or "done" button or option in a wizard. If <complete/> is not contained by the <actions/>, it is disabled.
    • If the <actions/> possesses the "execute" attribute, that value is the default button or option. If the <actions/> does not possess the "execute" attribute, there is no default button or option.
    • As the "execute" command is equivalent to another command ("next" in the absence of an "execute" attribute), it is not suggested that a user-agent shows both the "execute" and the command that "execute" is an alias of in their interface.

Responders SHOULD use the following guidelines when providing <actions/>:

  • The "execute" attribute SHOULD NOT specify a value that does not match one of the allowed actions.
  • As user-agents treat the absence of an "execute" attribute as equivalent to "next", when the <actions/> element is provided, it is invalid to return a command that has no "execute" attribute, an actions element, and no <next/> action

On its own, the <command/> has very little usefulness. It relies on its payload to give full meaning to its use. The payload can be elements in any namespace that makes sense and is understood (such as "jabber:x:data"), and/or one or more <note/> elements. Any namespaced elements can be used within a <command/>. The only limitations are that the elements not require certain parent elements (such as &IQ;), or specifically allow for <command/> qualified by the "http://jabber.org/protocol/commands" namespace as a possible parent element.

As a general rule, the payload is provided only by the responder. The primary exception to this rule is with the "jabber:x:data" extension (and other namespaces with similar semantics). In this case, if the responder provides a form to submit, the requester SHOULD respond with the submitted data (using the semantics from XEP-0004).

When the precedence of these payload elements becomes important (such as when both "jabber:x:data" and "jabber:x:oob" elements are present), the order of the elements SHOULD be used. Those elements that come earlier in the child list take precedence over those later in the child list. The requester SHOULD consider those elements qualified by the same namespace as having an equivalent precedence (such as if multiple "jabber:x:oob" elements are included).

When the payload is "jabber:x:data", there are certain conditions applied. The requester SHOULD NOT use a "jabber:x:data" type other than "submit". Responders SHOULD consider any <x type='cancel'/> to be <x type='submit'/>.

The status of command execution signals only if the command is executing, has been completed, or been canceled. If completed, the "status" attribute does not specify if it completed successfully or not. If a command completes but fails, the responder MUST include at least one <note type='error'/> with the <command status='completed'/> it returns.

The requester SHOULD provide its locale information using the "xml:lang" attribute on either the &IQ; (RECOMMENDED) or <command/> element. Each execution session (identified by the "sessionid" attribute) SHOULD use only one language/locale, and requesters and responders SHOULD assume the first language/locale specified applies. The responder SHOULD specify the language/locale with the every command session's response.

]]> Available Services httpd off off on on postgresql off off on on jabberd off off on on ]]>

Within the "http://jabber.org/protocol/commands" schema, the language/locale applies only to the human-readable character data for <info/> elements. It SHOULD also apply to all payload elements, appropriate to their respective specifications.

Responders MUST take this into consideration, and properly account for the language/locale settings within payloads. If the responder cannot accomodate the requested language/locale, it SHOULD respond with a <bad-request/> (<bad-locale/>) error condition.

]]> ]]>

The focal element in x-commands is <command/>. It is the element used to guide the process, and the element used to report command options.

Each <command/> contains attributes for a node, a "session id", an action type, a status type, and a language/locale specifier. A command MAY contain zero or more <note/> elements and MAY contain other namespaced elements as payload. Elements qualified by the "jabber:x:data" and "jabber:x:oob" namespaces are the typical payload.

The "node" attribute uniquely identifies the command. This attribute MUST be present.

The "sessionid" attribute helps to track a command execution across multiple stages. This attribute MUST be present for subsequent stages, and the responder SHOULD initialize (if not provided) or maintain this attribute. The value of this attribute MUST NOT be empty or null, but otherwise can be any string value. This value MUST be maintained by a requester while executing a command.

The "status" attribute describes the current status of this command. This value SHOULD be set only by the responder. If specified by the requester, the responder MUST ignore it. The value of "status" MUST be one of the following:

Status Description
executing The command is being executed.
completed The command has completed. The command session has ended.
canceled The command has been canceled. The command session has ended.

The "action" attribute specifies the action to undertake with the given command. This value SHOULD be set only by the requester. If specified by the responder, the requester MUST ignore it. The value of "action" MUST be one of the following:

Action Description
execute The command should be executed or continue to be executed. This is the default value.
cancel The command should be canceled.
prev The command should be digress to the previous stage of execution.
next The command should progress to the next stage of execution.
complete The command should be completed (if possible).

The "xml:lang" attribute specifies the language/locale this <command/> is intended for. This attribute MAY be specified by the requester to request a specific language/locale, and SHOULD be included by the responder to indicate the language/locale in use.

The children of a <command/> element (other than <actions/> and <note/>) pertain to the command's execution. The order of these elements denote their precedence, so that those elements earlier in the list have higher precedence.

The allowed actions for a particular stage of execution are provided by the <actions/> element. This element SHOULD be provided by the responder if the command's execution is not complete, and SHOULD NOT ever be provided by the requester. It contains a single attribute to specify what the "execute" action equals. It contains child elements to specify what the allowed actions are.

The "execute" attribute specifies what the action "execute" is equivalent to. In user-agent interfaces, this represents the default behavior. This attribute MAY be specified by the responder, and MUST equal one of the "action" attribute values for <command/>. The value of this attribute SHOULD match the local name of one of the contained child elements.

The child elements contained by <action/> specify the allowed actions. The name of each child element MUST be one of the following:

  • prev
  • next
  • complete

Notes about the current status of commands are provided by <note/> elements. This element contains information about current conditions in a command sequence. This element has an attribute that defines the type of note. The body of a <note/> should contain a user-readable text message.

The "type" attribute specifies the severity of the note. This attribute is OPTIONAL, and implies "info" if not present. The value of this attribute MUST be one of the following:

Type Description
info The note is informational only. This is not really an exceptional condition.
warn The note indicates a warning. Possibly due to illogical (yet valid) data.
error The note indicates an error. The text should indicate the reason for the error.

To simplify the discussion on error conditions, this document uses the following mapping between namespace URIs and namespace prefixes This mapping is provided solely for the purpose of simplifying this discussion.:

Prefix URI
xmpp urn:ietf:params:xml:ns:xmpp-stanzas
cmd http://jabber.org/protocol/commands

Below are the possible errors that can occur during execution.

Error Type General Condition Specific Condition Description
modify <xmpp:bad-request/> <cmd:malformed-action/> The responding JID does not understand the specified action.
modify <xmpp:bad-request/> <cmd:bad-action/> The responding JID cannot accept the specified action.
modify <xmpp:bad-request/> <cmd:bad-locale/> The responding JID cannot accept the specified language/locale.
modify <xmpp:bad-request/> <cmd:bad-payload/> The responding JID cannot accept the specified payload (e.g. the data form did not provide one or more required fields).
modify <xmpp:bad-request/> <cmd:bad-sessionid/> The responding JID cannot accept the specified sessionid.
cancel <xmpp:not-allowed/> <cmd:session-expired/> The requesting JID specified a sessionid that is no longer active (either because it was completed, canceled, or timed out).
cancel <xmpp:forbidden/> NONE The requesting JID is not allowed to execute the command.
cancel <xmpp:item-not-found/> NONE The responding JID cannot find the requested command node.
cancel <xmpp:feature-not-implemented/> NONE The responding JID does not support "http://jabber.org/protocol/commands".

Determining when a command can be executed based on permissions or rights is considered outside the scope of this document. Although such mechanisms are considered specific to the application and/or implementation of this document, future specifications may address these concerns.

When processing reported commands, the requester SHOULD consider any command node that does not match the JID of the responder to be suspicious, and ignore those command nodes. Responders MUST report their own command nodes only, and not the command nodes of other entities. This can help prevent limited cases of spoofing and "social engineering".

This document requires no interaction with &IANA;.

The ®ISTRAR; includes 'http://jabber.org/protocol/commands' in its registry of protocol namespaces.

The XMPP Registrar includes "automation" in its registry of Service Discovery categories for use for any entities and nodes that provide automated or programmed interaction. This category has the following types:

Type Description
command-list The node for a list of commands; valid only for the node "http://jabber.org/protocol/commands".
command-node A node for a specific command; the 'node' attribute uniquely identifies the command.

The registry submission is as follows:

automation The "automation" category consists of entities and nodes that provide automated or programmed interaction. command-list The node for a list of commands; valid only for the node "http://jabber.org/protocol/commands" XEP-0050 command-node A node for a specific command; the 'node' attribute uniquely identifies the command XEP-0050 ]]>

The XMPP Registrar includes "http://jabber.org/protocol/commands" in its registry of well-known Service Discovery nodes.

As authorized by &xep0147;, the XMPP Registrar maintains a registry of queries and key-value pairs for use in XMPP URIs (see &QUERYTYPES;).

The "command" querytype is defined herein for interaction with entities that support the ad-hoc command protocol, with keys of "action" and "node".

]]>

The following submission registers the "command" querytype.

command http://jabber.org/protocol/commands enables completion of ad-hoc commands XEP-0050 action the ad-hoc commands action type cancel a request to cancel processing of the command complete a request to complete processing of the command execute a request to execute the command (the default implied action) next a request to move to the next command in a series prev a request to move to the previous command in a series node the command node ]]>
The protocol documented by this schema is defined in XEP-0050: http://www.xmpp.org/extensions/xep-0050.html ]]>

Many thanks to Florian Schmaus, Christian Schudt and Anno van Vliet for their input and feedback on this specification.