No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

xep-0134.xml 17KB

  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <!DOCTYPE xep SYSTEM 'xep.dtd' [
  3. <!ENTITY % ents SYSTEM 'xep.ent'>
  4. %ents;
  5. ]>
  6. <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
  7. <xep>
  8. <header>
  9. <title>XMPP Design Guidelines</title>
  10. <abstract>This document defines best practices for the intelligent design of Jabber protocols and other XMPP extensions.</abstract>
  12. <number>0134</number>
  13. <status>Active</status>
  14. <type>Informational</type>
  15. <sig>Standards</sig>
  16. <approver>Council</approver>
  17. <dependencies/>
  18. <supersedes/>
  19. <supersededby/>
  20. <shortname>N/A</shortname>
  21. &stpeter;
  22. <revision>
  23. <version>1.1</version>
  24. <date>2004-12-09</date>
  25. <initials>psa</initials>
  26. <remark>Revised text regarding recommended stanza sizes.</remark>
  27. </revision>
  28. <revision>
  29. <version>1.0</version>
  30. <date>2004-10-22</date>
  31. <initials>psa</initials>
  32. <remark>Per a vote of the Jabber Council, advanced status to Active.</remark>
  33. </revision>
  34. <revision>
  35. <version>0.3</version>
  36. <date>2004-09-29</date>
  37. <initials>psa</initials>
  38. <remark>Added note about presence vs. pubsub.</remark>
  39. </revision>
  40. <revision>
  41. <version>0.2</version>
  42. <date>2004-08-31</date>
  43. <initials>psa</initials>
  44. <remark>Added references to several additional RFCs and XEPs.</remark>
  45. </revision>
  46. <revision>
  47. <version>0.1</version>
  48. <date>2004-04-28</date>
  49. <initials>psa</initials>
  50. <remark>Initial version.</remark>
  51. </revision>
  52. </header>
  53. <section1 topic='Introduction' anchor='intro'>
  54. <p>The Extensible Messaging and Presence Protocol (XMPP) provides a solid, flexible foundation for a wide variety of applications on top of XMPP's core XML streaming technology. With the advancement of &xmppcore; and &xmppim; within the Internet Standards Process, interest in building XMPP-based applications and extensions has accelerated even further. Unfortunately, not everyone who wants to build public or private XMPP extensions is familiar with the key design criteria that motivated the original developers of the Jabber technologies or that guide successful XMPP-based protocol design today. Thus there is value in attempting to translate the often-implicit knowledge held by long-time Jabber developers and protocol designers into more explicit policies and principles to which others can adhere. (For more general insights into Internet protocol design, see &rfc3117;.) The end result of explicating "The Jabber Way" will hopefully be a wider and deeper understanding of good protocol design practices within the Jabber/XMPP community.</p>
  55. </section1>
  56. <section1 topic='Guidelines' anchor='guidelines'>
  57. <section2 topic='XMPP is Sacred' anchor='xmpp'>
  58. <p><em>Background</em></p>
  59. <p>When the &XSF; submitted the <cite>XMPP Core</cite> and <cite>XMPP IM</cite> specifications to the &IETF;, it ceded change control over the core XML streaming technology developed by the Jabber community. However, the XSF has reserved the right to define extensions to XMPP; furthermore, that right is not exclusive to the XSF, since anyone can define their own public or private extensions to XMPP. These extensions are usually in the form of structured XML data that is qualified by a unique namespace other than those currently reserved by the IETF or the XSF.</p>
  60. <p><em>Meaning</em></p>
  61. <p>When we say that "XMPP is Sacred", we mean that good protocol design must work within the context of XMPP and not require changes to the core protocols. For one thing, any such changes would need to be pursued within the IETF. Further, the core semantics most likely provide everything that a protocol designer needs. If you think that you need to define a new kind of top-level stanza (other than &MESSAGE;, &PRESENCE;, and &IQ;) or a new value of the 'type' attribute for any stanza kind, then you need to think again. Treat XMPP as a transport layer and build extensions on top of that layer (among other things, this implies that you must not modify the foundation when you are working on higher-level structures, for example by adding elements and attributes to the XMPP schemas on the theory that if applications will ignore them; define your own extensions in a separate namespace). A further implication of respecting XMPP is using structured data formats (e.g., applications of &w3xml; rather than binary or plaintext formats) whenever possible. Finally, as explained in <cite>XMPP Core</cite>, the &PRESENCE; stanza exists to broadcast network and communications availability only; for more advanced information publishing, use &xep0060;.</p>
  62. <p><em>Examples</em></p>
  63. <p>A good example of honoring the XMPP specifications is &xep0126;; while the Jabber community had informally defined &lt;presence type='invisible'/&gt; at one point, that protocol was abandoned in favor of an XMPP-compliant approach. Another example is &xep0071;, which re-uses &w3xhtml; (a structured format that shares with XMPP a common root in XML) rather than &rtf; (an unstructured format that does not derive from XML). Further examples are the "extended presence" specifications (see &xep0119;), which are built on top of XEP-0060 rather than overloading the &PRESENCE; stanza.</p>
  64. </section2>
  65. <section2 topic='Keep Clients Simple' anchor='simple'>
  66. <p><em>Background</em></p>
  67. <p>Almost all Jabber technologies are implemented in a client-server architecture. While that's not necessary (and there do exist some peer-to-peer applications of XMPP), it usually makes good sense. Among other things, a client-server architecture has enabled the Jabber community to force most of the complexity onto servers and components, thus keeping clients relatively simple. This principle has served the Jabber community well since the very beginning, and forms an important basis for further innovation.</p>
  68. <p><em>Meaning</em></p>
  69. <p>The principle of "keep clients simple" has many implications, among them:</p>
  70. <ul>
  71. <li>Don't multiply protocols beyond necessity (the more protocols you define, the harder it is to write a client).</li>
  72. <li>Degrade gracefully so that simpler or older clients can still participate in the network.</li>
  73. <li>If intensive processing is required, make a server or component do it.</li>
  74. <li>Don't force additional requirements (such as XSLT processors) onto clients unless absolutely necessary.</li>
  75. </ul>
  76. <p><em>Examples</em></p>
  77. <p>One good example of keeping clients simple is the presence stanza: the client has only to send &PRESENCE; and the server takes care of presence probes, broadcasts, and appropriate routing decisions. Another example is &xep0045;: although the protocol involves some complexity, it was written so that older clients can join and participate in MUC rooms even if they don't understand the more advanced MUC extensions.</p>
  78. </section2>
  79. <section2 topic='Re-Use Existing Protocols' anchor='reuse'>
  80. <p><em>Background</em></p>
  81. <p>The Jabber community has been developing wire protocols for XML streaming, presence, and instant messaging since 1999. In that time, members of the community have defined a number of building blocks that can be used as the basis for further development. Furthermore, many smart people have created open protocols within other standards development organizations, including the IETF, the &W3C;, &OASIS;, the &ITU;, and the &DUBLINCORE;.</p>
  82. <p><em>Meaning</em></p>
  83. <p>Good protocol designers "stand on the shoulders of giants" by re-using protocols that have been defined within the XSF and within other standards development organizations. That does not mean we don't define new protocols, because sometimes that is necessary. However, we are aware of work completed by others and we make use of it, especially when that work is outside the Jabber community's core competence areas (e.g., security or multimedia data formats rather than XML streaming, presence, and real-time messaging). Furthermore, the XSF prefers to re-use open protocols wherever possible. Finally, just as with XMPP, so also with XMPP extensions defined through the XSF: do not modify existing schemas (e.g., adding new elements and attributes) except through the XMPP extension process; instead, define extensions in a separate namespace).</p>
  84. <p><em>Examples</em></p>
  85. <p>Examples of re-using existing Jabber protocols include &xep0095; (which re-uses &xep0020;) and <cite>XEP-0126: Invisibility</cite> (which re-uses the privacy lists protocol defined in <cite>XMPP IM</cite>). Examples of re-using non-Jabber protocols include &xep0065; (which makes use of &rfc1928;) and &xep0127; (which defines a way to send &oasiscap; data via Jabber). Here again XEP-0071 provides an example: it re-uses XHTML 1.0 (an open protocol developed by a recognized standards development organization) rather than RTF (a closed protocol under the control of the Microsoft Corporation).</p>
  86. </section2>
  87. <section2 topic='Modular is Better' anchor='modular'>
  88. <p><em>Background</em></p>
  89. <p>Most Jabber implementations are built using modular architectures, wherein pieces of functionality are coded as separate components and then assembled into larger wholes, with core routing logic that integrates the system (examples include clients that enable the development of plugins and servers that enable the attachment of external components). We can view many Jabber protocols the same way: each one specifies a well-defined domain of functionality that is loosely connected to other domains and integrated by the core transport layer provided by XMPP.</p>
  90. <p><em>Meaning</em></p>
  91. <p>The best Jabber protocols are quite focused and provide limited but powerful functionality that can be applied in a specific domain or, sometimes, re-used by other Jabber protocols. Even if the domain is more complex, a protocol that addresses it needs to clearly define its scope, limit that scope as much as possible, and specify only the protocols necessary to meet the core requirements.</p>
  92. <p><em>Examples</em></p>
  93. <p>&xep0030; and &xep0004; are good examples of focused, single-purpose protocols. By contrast, <cite>Multi-User Chat</cite> is more complex, but it limits itself to the domain of text conferencing in the context of virtual rooms (e.g., it does not address service-level administration) and consists of separate namespaces for end-user, moderator, and room owner functionality. A good example of a protocol that is focused on a smaller domain is &xep0144;.</p>
  94. </section2>
  95. <section2 topic='Know Your Strengths' anchor='strengths'>
  96. <p><em>Background</em></p>
  97. <p>The core strength of Jabber technologies is the streaming of relatively small XML fragments between presence-aware network endpoints. As is usually the case, our greatest strength is also our greatest weakness. Thus XMPP is not optimized for binary data, large XML files, multimedia streaming, or other such applications.</p>
  98. <p><em>Meaning</em></p>
  99. <p>It's not a bad thing that we don't solve the problems of exchanging binary data, streaming multimedia, or transferring large XML files, because other protocols and technologies have addressed those domains. But it's important to recognize what we do well and what we don't. For example, sending base64-encoded binary data, streaming voice or video, or consistently large stanzas in the Jabber band
  100. <note>There are no hard-and-fast rules regarding a reasonable upper limit on the average XML stanza. (Note the use of both 'reasonable' and 'average' in that sentence.) In reality, there is a continuum of stanza sizes, and different sizes may be appropriate for different types of XMPP applications and deployments. While sending 2 gigabyte or 2 megabyte stanzas is wrong in the current context of Jabber technologies, we cannot legitimately say that a 2 kilobyte, 20 kilobyte, or even 200 kilobyte stanza is unreasonable. Is the stanza sent over an open network with current server implementations, or over a closed network with specially tuned servers and clients? Does the application generate one such stanza every second, every minute, every hour? Considerations of this kind help us determine if the use of XMPP is "reasonable" in some sense. However, when protocol extensions are defined in XMPP Extension Protocols, the XMPP Council will require clear explanation of design choices and reasonable stanza size limits if the extension will generally require what might be considered larger than normal stanzas.</note>
  101. is probably not a good idea, and applications that would depend on such behavior are better designed to communicate their data out of band.</p>
  102. <p><em>Examples</em></p>
  103. <p>&xep0096; is a good example of respecting the strengths and weaknesses of XMPP, since it specifies that going out of band is the preferred mechanism for bandwidth-heavy data transfers.</p>
  104. </section2>
  105. <section2 topic='Be Explicit' anchor='explicit'>
  106. <p><em>Background</em></p>
  107. <p>In the beginning was the code (mainly &jabberd;). Although code is explicit in its own way, not everyone reads code, and detailed specifications are necessary in order to make functionality reproducible in different codebases. The Jabber community has learned that lesson the hard way.</p>
  108. <p><em>Meaning</em></p>
  109. <p>Detailed, explicit specifications are good specifications. Define your terms. Use conformance terminology such as MUST and SHOULD rather than loose English words such as "does" and "will". Follow the &xep0143;. Specify error conditions. Include lots of examples. Restrict the allowable XML via schemas and datatypes as specified in &w3xmlschema1; and &w3xmlschema2;.</p>
  110. <p><em>Examples</em></p>
  111. <p><cite>XMPP Core</cite> and <cite>XMPP IM</cite> are large documents that define the Extensible Messaging and Presence Protocol in excruciating detail. Although such specifications are not fun to write, they provide a model for good protocol design and documentation.</p>
  112. </section2>
  113. <section2 topic='Stay Flexible' anchor='flexible'>
  114. <p><em>Background</em></p>
  115. <p>The need for explicit definition must be balanced against the need for flexibility. A completely rigid protocol may break under stress or when conditions change, whereas a more flexible protocol may bend and adapt. Knowing when to be explicit and when to be flexible is a key to good protocol design.</p>
  116. <p><em>Meaning</em></p>
  117. <p>In general, a protocol needs to define the skeleton of functionality, but not necessarily specific parameters or values to be used within a certain domain. In order to allow for growth and change, it often makes sense to specify that the &REGISTRAR; shall keep track of certain parameters and values, rather than to explicitly limit them in the protocol itself.</p>
  118. <p><em>Examples</em></p>
  119. <p>Whereas the old &xep0094; and &xep0011; protocols defined certain hardcoded values for entity types and categories, <cite>Service Discovery</cite> has left that function up to the XMPP Registrar. Similarly, &xep0095; defines a registry for its profiles, &xep0079; defines registries for processing conditions and actions, and a number of XMPP Extension Protocols register FORM_TYPE values as specified in &xep0068;.</p>
  120. </section2>
  121. <section2 topic='Privacy and Security Matter' anchor='privacy'>
  122. <p><em>Background</em></p>
  123. <p>Since the beginning, privacy and security have been important priorities within the Jabber community. That must not change.</p>
  124. <p><em>Meaning</em></p>
  125. <p>Good protocols respect the confidentiality of data generated or communicated by users and applications as well as the security of the system or network as a whole. Although privacy and security considerations have been dealt with at the core XMPP layer, application-level protocols must not compromise privacy and security. Attention to these matters, along with rigorous cross-area review and close scrutiny by protocol designers (in the form of the &COUNCIL; and &SSIG;), will help ensure that the protocols we develop will provide a strong foundation for communication over the Internet.</p>
  126. <p><em>Examples</em></p>
  127. <p>As is well-known, the presence subscription model developed by the Jabber community and specified in <cite>XMPP IM</cite> requires approval before a contact can view a user's presence. Similarly, Jabber has always included strong authentication methods, which have been further improved through the use of SASL (&rfc4422;).</p>
  128. </section2>
  129. </section1>
  130. <section1 topic='Security Considerations' anchor='security'>
  131. <p>There are no security features or concerns directly related to this proposal, which is informational in nature. However, as discussed above, protocols that are developed following these guidelines should appropriately address privacy and security considerations. Helpful guidelines for security in relation to Internet protocol design can be found in &rfc3552;.</p>
  132. </section1>
  133. <section1 topic='IANA Considerations' anchor='iana'>
  134. <p>This document requires no interaction with &IANA;.</p>
  135. </section1>
  136. <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
  137. <p>This document requires no interaction with the XMPP Registrar.</p>
  138. </section1>
  139. </xep>