%ents; ]>
Multi-User Chat Light This specification provides a presence-less standard for Multi-User Chats. Its feature set is a response to mobile XMPP applications needs and specific environment. This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF). Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation. ## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ## In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages. This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <http://xmpp.org/extensions/ipr-policy.shtml> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA). xxxx ProtoXEP Standards Track Standards Council XMPP Core XMPP IM XEP-0004 XEP-0030 XEP-0045 XEP-0313 NOT_YET_ASSIGNED Piotr Nosek piotr.nosek@erlang-solutions.com 0.0.1 2015-10-29 PN

First full version.

Classic Multi-User chat, as described in XEP-0045, adds an IRC-like functionality to XMPP. It distinguishes between the affiliation list and the occupant list, where the latter is based on presences routed to the room from the client resource. While perfectly sufficient for desktop applications and relatively stable network connection, it does not exactly meet the challenges the mobile world is facing. Modern mobile applications do not rely on presence information, as it can frequently change. The expected user experience not only differs from IRC model, but also uses only a small subset of XEP-0045 features. The service described in this specification attempts to provide a complete solution for all common use cases of mobile groupchats.

The list below contains the high-level features required from a new variant of MUC

  1. The service allows any user to create a room for group communication.
  2. Users cannot join rooms on their own. They have to be added by the room owner or (if configured by service administrator) any other occupant.
  3. Only the owner can remove other occupants from the room.
  4. Every occupant can leave the room.
  5. A user may block the attempts of being added to the specific room or by specific user.
  6. The message sent in the room is always broadcasted to every occupant.
  7. The full occupant list is always available to all occupants.
  8. Occupant is always visible on the list, even if it does not have any resources online.
  9. Occupants can only have two affiliations: owner and member.
  10. There must be at most one owner in the room (the service can choose to treat all users equally).
  11. If the room becomes empty, it is destroyed.
  12. Occupants cannot hide behind nicks. Their real bare JID is always visible to everyone
  13. No exchange of any &PRESENCE; stanza inside the room.
  14. The user MUST be able to retrieve the list of rooms he or she occupies.
  15. The owner can modify the room configuration at any time; members may also be allowed to set configuration.
  16. All occupants can get the full room configuration at any time.
  17. Room history is available only in Message Archive Management.

An entity often discovers a MUC service by sending a Service Discovery items ("disco#items") request to its own server.

]]>

The server then returns the services that are associated with it.

]]>

An entity may wish to discover if a service implements the Multi-User Chat protocol; in order to do so, it sends a service discovery information ("disco#info") query to the MUC service's JID.

]]>

The service MUST return its identity and the features it supports.

]]>

The service discovery items ("disco#items") protocol enables an entity to query a service for a list of associated items, which in the case of a chat service would consist of the specific chat rooms the entity occupies.

]]>

The service MUST return a full list of the rooms the entity occupies. The server SHOULD include room name and version in each item.

]]>

If the full list of rooms is large (see XEP-0030 for details), the service MAY return only a partial list of rooms. If it does so, it MUST include a <set/> element qualified by the 'http://jabber.org/protocol/rsm' namespace (as defined in &xep0059;) to indicate that the list is not the full result set.

alls-well-that-ends-well@muclight.shakespeare.lit henry-the-fifth@muclight.shakespeare.lit 37 ]]>

Every occupant in the room MAY broadcast messages to other occupants. In order to do so, the client MUST send a groupchat message to the room bare JID.

The room automatically assumes that occupants' nicks are equal to their bare JIDs. MUC light is designed for applications where it is not important to hide behind nicknames. On the contrary - it is up to th client to replace pure JIDs with user-friendly names like phone numbers or full names if necessary.

Room MUST route all messages of type 'groupchat'.

Harpier cries: 'tis time, 'tis time. ]]> Harpier cries: 'tis time, 'tis time. ]]>

The service MAY allow room occupants to set the room subject by changing "subject" configuration field. A standard configuration stanza is used in this case. Subject change is announced like an ordinary configuration change.

To be or not to be? asdfghj000 asdfghj To be or not to be? asdfghj000 asdfghj To be or not to be? ]]>

Room occupant may request room information (configuration and/or occupants list) by information version. It is up to service to define the version string, the only requirement for it is to be unique per room. Please note there are no separate versions for configuration and occupant list alone.

If the server side version does not match the one provided by the client (or if the client does not provide one, i.e. 'version' element is empty), the service MUST respond with a current version string and full configuration and/or occupant list.

If the version strings match, server MUST reply with an empty result.

Only room occupants can get room information.

abcdefg ]]> abcdefg 123456 A Dark Cave ]]> abcdefg 123456 user1@shakespeare.lit user2@shakespeare.lit user3@shakespeare.lit ]]>

Room occupants may request both lists (configuration + occupants) with a single request.

abcdefg 123456 A Dark Cave user1@shakespeare.lit user2@shakespeare.lit user3@shakespeare.lit ]]>

Every occupant is allowed to leave the room at any time. It is done by modifying own affiliation.

crone1@shakespeare.lit crone1@shakespeare.lit 1111111 aaaaaaa crone1@shakespeare.lit 1111111 aaaaaaa crone1@shakespeare.lit ]]>

A user MAY choose to automatically deny being added to the room. All stanzas must be directed to MUC Light service. User MAY send more than one item in a single request and mix both 'user' and 'room' elements.

If the occupant tries to add another user to the room, and this user has set a blocking policy, the server MUST ignore the attempt. No error is returned, this user is simply skipped when processing affiliation change query.

crone1@shakespeare.lit crone3@shakespeare.lit crone3@shakespeare.lit crone3@shakespeare.lit ]]>

In order to get the current blocking list in MUC Light service, the client sends an empty IQ get query with a proper namespace.

The list includes only items with a 'deny' action, since the 'allow' behaviour is default for MUC Light and is only used for the list modification.

coven@muclight.shakespeare.lit hag77@shakespeare.lit ]]>

In order to block a room, a query must contain at least one 'room' item with a 'deny' action and room bare JID in the content.

coven@muclight.shakespeare.lit chapel@shakespeare.lit ]]>

In order to block a room, a query must contain at least one 'user' item with a 'deny' action and user bare JID in the content.

hag66@shakespeare.lit hag77@shakespeare.lit ]]>

In order to cancel a blocking, a query must contain at least one 'room' or 'user' item with an 'allow' action and an appriopriate bare JID in the content.

Unblocking a JID that is not blocked does not trigger any error. The server MUST return empty IQ result in such case.

coven@muclight.shakespeare.lit hag66@shakespeare.lit ]]>

A room is created by submitting a dedicated stanza. The client application should pick random room node name, since human-readable room name is in configuration.

For rules that apply to the configuration options, please see "Setting room configuration" chapter.

The client MAY include initial configuration and occupant list (the list MUST NOT include the creator). The server MAY allow sending incomplete configuration form. In such case the server MUST use default values for missing fields. The server MAY enforce a minimal occupant list length.

The service MAY either give the creator the 'owner' or 'member' status. In the latter case all users are equal.

Upon room creation success, the service MUST reply with an empty IQ result.

The following rules (similar to the ones relevant to the affiliation change request) apply to the occupant list:

  • 'none' affiliation cannot be used.
  • All user bare JIDs must be unique
  • At most one owner can be chosen. In such case the room creator will become "just" a 'member'.

After the room is created (but before receiving IQ result), new occupants (including creator) receive &MESSAGE; from the room with their affiliations (stanza MUST include only recipient's affiliation) and initial room version. <prev-version /> element MUST NOT be included.

A Dark Cave user1@shakespeare.lit user2@shakespeare.lit aaaaaaa crone1@shakespeare.lit aaaaaaa user1@shakespeare.lit aaaaaaa user2@shakespeare.lit ]]>

If a client would like to avoid a room JID conflict, it MAY request creating a new room with a server-side generated name, that is verfied to be unique. In order to do so, the client MUST send a creation request to service JID, not room bare JID. The IQ result will originate from the new room bare JID

The messages with affiliation change notifications MUST have the same ID as IQ set and result.

Random Cave aaaaaaa crone1@shakespeare.lit ]]>

If the chosen room name already exists, the service MUST return 'conflict' error.

A Dark Cave ]]>

A room is automatically destroyed when its occupant list becomes empty or the room owner explicitly sends IQ with a room destroy request.

Before sending an IQ result, every occupant is notified that its affiliation has changed to 'none'. These notifications include &X; element qualified with "urn:xmpp:muclight:0#destroy" namespace.

Only the room owner is allowed to destroy it.

Room destruction notification SHOULD NOT contain version (or "prev-version" information).

crone1@shakespeare.lit hag77@shakespeare.lit hag88@shakespeare.lit ]]>

Only room owners can modify room configuration but the service MAY allow members to change it too.

All room occupants MUST be notified about a configuration change and both the new and old room version string (<version /> and <prev-version /> respectively).

"version" and "prev-version" configuration field names are NOT ALLOWED - they are reserved for room versioning.

The service MAY allow the client to set the configuration fields with any name but it is NOT RECOMMENDED.

The Data Forms are not used for the configuration. Instead, the config fields are encoded in XML elements with names equal to the key and content equal to the value.

A Darker Cave zaqwsx zxcvbnm A Darker Cave zaqwsx zxcvbnm A Darker Cave ]]>

The server SHOULD accept incomplete (i.e. delta) configuration forms. In such case, values of the missing fields SHOULD be preserved.

The occupant list is modified by a direct affiliation change. Following rules apply:

  1. There are only 3 affiliations.
    • owner - can do everything in the room
    • member - can send messages to the room and if the service allows it, can also change configuration or change others' affiliations
    • none - not in the room; it's a keyword for marking a user for removal from room
  2. Every occupant can change its own affiliation to none in order to leave the room.
  3. The only way to join the room is being added by other occupant.
  4. The owner can change affiliations at will.
  5. If the owner leaves, the server MAY use any strategy to choose a new one.
  6. The room can have at most one owner. Giving someone else the 'owner' status effectively causes the current one to lose it.
  7. Owner can choose a new owner when leaving by including both 'none' and 'owner' items in affiliation change request.
  8. Every user JID can be used in the request at most once.
  9. A single request MAY change multiple affiliations.
  10. All changes must be meaningful, e.g. setting member's affiliation to 'member' is considered a bad request.
  11. Server MAY allow members to add new members but they still cannot make anyone an 'owner' or remove other users from the room.

On success the server will reply with result IQ with all changed items. BEFORE returning the IQ result, the service MUST route a message with affiliation change to all relevant users.

Newcomers, i.e. users that were not occupants before the change, SHOULD receive only their own affiliation and SHOULD NOT receive <prev-version /> element.

The notifications must include both the new and old room version (<version /> and <prev-version /> respectively) string (except for the ones directed to users that have been removed from the room).

The notifications contain a list of items. The item list may be different from the list in IQ set, because some of the changes may require additional operations, e.g. choosing new owner when the old one leaves. Users, that are still in the room after change, will receive full change list. Users, that have been removed from the room with the request, will get only one item: themselves with affiliation 'none'.

hag66@shakespeare.lit hag77@shakespeare.lit hag88@shakespeare.lit njiokm qwerty crone1@shakespeare.lit hag66@shakespeare.lit hag77@shakespeare.lit hag88@shakespeare.lit qwerty hag66@shakespeare.lit njiokm qwerty crone1@shakespeare.lit hag66@shakespeare.lit hag77@shakespeare.lit hag88@shakespeare.lit hag88@shakespeare.lit ]]>

The service MAY add user's rooms to its roster. It allows the client to skip separate Disco request to the service. Roster items with rooms MUST belong to the group "urn:xmpp:muclight:0" (MUC Light namespace) and include <version> element. Their subscription type MUST be 'to'.

urn:xmpp:muclight:0 1234345 ]]>

This section defines the rules for archiving MUC Light events and messages. Stanzas described in the subsections below MUST be archived by the server. The stanzas not included here MUST NOT be archived.

The &MESSAGE; element inside <forwarded> MUST include "from" attribute and MUST NOT include "to" attribute. "id" SHOULD be archived as well.

In case of regular groupchat messages, "from" attribute MUST consist of a room full JID with sender bare JID in the resource part. As for room notification, e.g. create event, "from" MUST be equal to room bare JID.

Examples below use MAM v0.4 protocol. Archive can be fetched only from a specific room, the client MUST NOT query MUC Light service directly.

Message from a user MUST be archived with all child elements.

Welcome! bat-wing ]]>

Every archived affiliation change notification MUST include <version> element and MUST NOT contain <prev-version> element.

b9uf13h98f13 hag66@shakespeare.lit user1@shakespeare.lit user2@shakespeare.lit ]]>

Room creation is archived as an affiliation change that includes ALL initial occupants (including the room creator).

If a client sends a stanza to the room, that it does not occupy, the service MUST reply with the 'item-not-found' error.

hag66@shakespeare.lit ]]> Harpier cries: 'tis time, 'tis time. ]]>

The service MUST ignore all &PRESENCE; stanzas sent by the client.

If service receives a stanza with invalid syntax, it MUST reply with a 'bad-request' error.

hag66@shakespeare.lit ]]> Harpier cries: 'tis time, 'tis time. ]]>

If the request sender does not have sufficient privileges (but is a room occupant), the service MUST reply with a 'not-allowed' error.

It occurs in the following cases:

  • A member tries to change the configuration but the service is not configured to allow it. It does not apply to the subject change, although it has to be performed by sending &MESSAGE; with &SUBJECT;, not configuration &IQ;.
  • A member tries to change anyone's affiliation to 'none' or 'owner'.
  • A member tries to change someone's affiliation to 'member' but the service is not configured to allow it.
minion@shakespeare.lit ]]>

Some client-side developers might choose to use existing XEP-0045 Multi-User Chat implementations to interface with the new MUC Light. There may be various reasons to do so: using familiar protocol, avoiding additional implementation, quick prototyping etc. This section provides suggestions of mappings between XEP-0045 stanzas and the new ones described in this document.

Operations not described here SHOULD remain unmodified.

A Disco result MAY either include new <feature /> element with an "http://jabber.org/protocol/muc" namespace next to MUC Light one, or completely replace it, which is RECOMMENDED behaviour.

]]>

The room list MUST not include room versions.

]]>

Instead of distributing the configuration change notifications, the room MUST route &MESSAGE; with &SUBJECT; like a classic MUC would. The client MUST send classic message &SUBJECT; as well. The room SHOULD save new subject in the room configuration.

To be or not to be? To be or not to be? To be or not to be? ]]>

Room configuration is encoded in Data Form, that simulates XEP-0045 config form.

Getting room configuration does not benefit from room versioning.

Configuration for "coven" Room http://jabber.org/protocol/muc#roomconfig A Dark Cave To be or not to be? ]]>

User list is retrieved with affiliation IQ get.

]]>

There is no XEP-0045 equivalent for getting full room information

Leaving the room is performed by setting own affiliation to 'none'. The service uses &PRESENCE; to notify all occupants (and former occupant) about the change. &PRESENCE; to the leaving occupant MUST be of type "unavailable" and MUST include status code 321 (i.e. user leaving due to affiliation change).

]]>

Blocking functionality uses small subset of Privacy Lists protocol. Stanzas MUST be addressed to the server JID and.

The privacy list name MUST be equal to "urn:xmpp:muclight:0"

Obviously, this method won't work properly in XMPP Server Federation.

As opposed to XEP-0016, it is allowed to send "delta" privacy lists.

]]>

In order to block a room, the client MUST deny room bare JID in privacy list.

]]>

In order to block a room, the client MUST deny service JID with user's bare JID in resource.

]]>
]]>

Room is created in standard XEP-0045 way. Client MUST use nick equal to own bare JID.

Compatibility mode MUST NOT support unique room name generation.

]]>

If the client attempts to create a room that is already used, it will receive error &PRESENCE; informing that registration is required (like in case of members-only rooms in XEP-0045)

]]>

Classic XEP-0045 method is used but the service SHOULD NOT forward reason and alternate venue JID.

Some reason. ]]>

Room occupants can use standard XEP-0045 configuration modification method. The service MUST broadcast only the notification about configuration change with status code 104, so every occupant can retrieve new room configuration in separate request. The client is allowed to send config delta in a form.

http://jabber.org/protocol/muc#roomconfig A Darker Cave To be! ]]>

The service MUST send affiliation change notification to all participants. Leaving users MUST NOT receive any information except for their own "none" affiliation. New users MUST receive invitation message.

]]>

MUC Light service may be abused by malicious users, e.g. due to replicating single message for every room occupant. The list below contains suggested configurable limits that SHOULD be implemented.

The service features that might vary depending on specific application are included as well.

  • Maximal count of rooms the user occupies.
  • Blocking feature enabled/disabled.
  • XEP-0045 compatibility mode enabled/disabled.
  • Room creator's initial affiliation: owner/member.
  • Room configuration may be changed by owner/occupants.
  • New members can be invited by owner/occupants.
  • Maximal room size.

Since every user is allowed to create rooms in MUC Light, it is possible to achieve high ratio of messages delivered to the clients to messages sent by the clients with little effort. To mitigate or avoid this issue, the service MAY implement additional rules like limiting per-user room count or message rate in a room. Heuristic algorithms for analysing user behaviours MAY be used as well to monitor and detect potential attacks.

This document requires no interaction with &IANA;.

None.

]]> ]]> ]]> ]]> ]]> ]]>

Many thanks to Stefan Strigler for the long, initial brainstorm before creating MUC Light extension. I am also very grateful to ESL MongooseIM team for their input and sharing stories that helped in improving this specification.