No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

xep-0155.xml 47KB

  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <!DOCTYPE xep SYSTEM 'xep.dtd' [
  3. <!ENTITY % ents SYSTEM 'xep.ent'>
  4. %ents;
  5. ]>
  6. <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
  7. <xep>
  8. <header>
  9. <title>Stanza Session Negotiation</title>
  10. <abstract>This specification defines a method for formally negotiating the exchange of XML stanzas between two XMPP entities. The method uses feature negotiation forms sent via XMPP message stanzas to enable session initiation between entities that do not share presence information or have knowledge of full JabberIDs and therefore is also suitable for use across gateways to SIP-based systems. A wide range of session parameters can be negotiated, including the use of end-to-end encryption, chat state notifications, XHTML-IM formatting, and message archiving.</abstract>
  12. <number>0155</number>
  13. <status>Draft</status>
  14. <type>Standards Track</type>
  15. <sig>Standards</sig>
  16. <approver>Council</approver>
  17. <dependencies>
  18. <spec>XMPP Core</spec>
  19. <spec>XMPP IM</spec>
  20. <spec>XEP-0020</spec>
  21. <spec>XEP-0068</spec>
  22. </dependencies>
  23. <supersedes/>
  24. <supersededby/>
  25. <shortname>ssn</shortname>
  26. &ianpaterson;
  27. &stpeter;
  28. <revision>
  29. <version>1.2</version>
  30. <date>2016-01-20</date>
  31. <initials>XEP Editor (mam)</initials>
  32. <remark><p>Update missing 'xmppsipim' reference to RFC 7572.</p></remark>
  33. </revision>
  34. <revision>
  35. <version>1.2</version>
  36. <date>2008-01-14</date>
  37. <initials>psa</initials>
  38. <remark><p>Specified that IM message bodies must not be included; added boolean multisession field to explicitly determine whether multiple concurrent sessions are allowed between the full JIDs of the parties.</p></remark>
  39. </revision>
  40. <revision>
  41. <version>1.1</version>
  42. <date>2007-03-15</date>
  43. <initials>ip/psa</initials>
  44. <remark><p>With XMPP Council approval, changed name from Chat Session Negotiation to Stanza Session Negotiation; also changed URN to urn:xmpp:ssn.</p></remark>
  45. </revision>
  46. <revision>
  47. <version>1.0</version>
  48. <date>2007-01-17</date>
  49. <initials>psa</initials>
  50. <remark><p>Per a vote of the XMPP Council, advanced specification to Draft; XMPP Registrar assigned urn:xmpp:chatneg as associated namespace.</p></remark>
  51. </revision>
  52. <revision>
  53. <version>0.14</version>
  54. <date>2006-12-21</date>
  55. <initials>psa/ip</initials>
  56. <remark><p>Specified state chart; added optional presence sharing; renamed otr field to logging; harmonized treatment of renegotiation; per XEP-0053, specified use of provisional namespace until spec advances to Draft.</p></remark>
  57. </revision>
  58. <revision>
  59. <version>0.13</version>
  60. <date>2006-11-27</date>
  61. <initials>ip</initials>
  62. <remark><p>Added disclosure field; changed namespace</p></remark>
  63. </revision>
  64. <revision>
  65. <version>0.12</version>
  66. <date>2006-11-10</date>
  67. <initials>ip</initials>
  68. <remark><p>Removed accept field from renegotiation forms</p></remark>
  69. </revision>
  70. <revision>
  71. <version>0.11</version>
  72. <date>2006-11-03</date>
  73. <initials>ip</initials>
  74. <remark><p>Removed reason field; added new implementation notes; many clarifications including the handling of required fields</p></remark>
  75. </revision>
  76. <revision>
  77. <version>0.10</version>
  78. <date>2006-10-31</date>
  79. <initials>ip</initials>
  80. <remark><p>Defined handling of offline requests; specified localization of the title element and all labels; changed syntax of list of unacceptable fields; removed reason field from some examples; added confirmation message to initial negotiation; clarified the initial participating resources; removed id attributes.</p></remark>
  81. </revision>
  82. <revision>
  83. <version>0.9</version>
  84. <date>2006-10-08</date>
  85. <initials>ip</initials>
  86. <remark><p>Added language field; replaced secure field with security field; changed type of otr, XHTML and Chat State fields from boolean to list-single; added not-acceptable error; several clarifications.</p></remark>
  87. </revision>
  88. <revision>
  89. <version>0.8</version>
  90. <date>2006-10-02</date>
  91. <initials>ip</initials>
  92. <remark><p>Added continue field and optional terminate acknowledgement; specified renegotiation failure proceedure; added context to Introduction; changed unavailable presence handling; renamed logging field to otr.</p></remark>
  93. </revision>
  94. <revision>
  95. <version>0.7</version>
  96. <date>2006-07-14</date>
  97. <initials>psa</initials>
  98. <remark><p>Added secure field from XEP-0116.</p></remark>
  99. </revision>
  100. <revision>
  101. <version>0.6</version>
  102. <date>2006-07-13</date>
  103. <initials>psa</initials>
  104. <remark><p>Specified that a client must re-initiate if it receives presence unavailable; changed document type to Standards Track.</p></remark>
  105. </revision>
  106. <revision>
  107. <version>0.5</version>
  108. <date>2006-01-24</date>
  109. <initials>psa</initials>
  110. <remark><p>Added renegotiate use case.</p></remark>
  111. </revision>
  112. <revision>
  113. <version>0.4</version>
  114. <date>2006-01-03</date>
  115. <initials>psa</initials>
  116. <remark><p>Added terminate use case; further specified mapping to SIP.</p></remark>
  117. </revision>
  118. <revision>
  119. <version>0.3</version>
  120. <date>2005-12-30</date>
  121. <initials>psa</initials>
  122. <remark><p>Further specified use of id attribute and thread element.</p></remark>
  123. </revision>
  124. <revision>
  125. <version>0.2</version>
  126. <date>2005-07-15</date>
  127. <initials>psa</initials>
  128. <remark><p>Further described contexts in which stanza session negotiation could be useful; added more examples; added reference to SIP RFC and explained basic mapping to SIP INVITE method; added XMPP Registrar considerations.</p></remark>
  129. </revision>
  130. <revision>
  131. <version>0.1</version>
  132. <date>2005-07-14</date>
  133. <initials>psa</initials>
  134. <remark><p>Initial version.</p></remark>
  135. </revision>
  136. <revision>
  137. <version>0.0.1</version>
  138. <date>2005-07-12</date>
  139. <initials>psa</initials>
  140. <remark><p>First draft.</p></remark>
  141. </revision>
  142. </header>
  143. <section1 topic='Introduction' anchor='intro'>
  144. <p>The traditional model for one-to-one chat "sessions" in Jabber/XMPP is for a user to simply send a message to a contact with a thread ID but without any formal negotiation of session parameters (see &xep0201;). This informal approach to initiation of a session is perfectly acceptable in many contexts, environments, and cultures. However, it may be desirable to formally request a chat session (or any other type of XMPP stanza session) and negotiate its parameters before beginning the session in some circumstances, such as:</p>
  145. <ul>
  146. <li>Whenever parameters specific to a stanza session must be agreed. e.g., security and privacy parameters (see &xep0116; and &xep0136;).</li>
  147. <li>The parties are unknown to each other, have not exchanged presence, or have not discovered their respective capabilities via &xep0030; or &xep0115;.</li>
  148. <li>When an XMPP-based system interfaces with a SIP-based system built on top of &rfc3261;. <note>In essence, a stanza session negotiation request as specified herein is functionally equivalent to a SIP INVITE request, and acceptance of such a request is functionally equivalent to sending a SIP 200 OK response; see Section 17 of <cite>RFC 3261</cite>.</note></li>
  149. <li>Within an organization or culture in which one would not simply begin interacting with another person (e.g., a superior) without first receiving permission to do so.</li>
  150. </ul>
  151. <p>This proposal defines best practices for such a negotiation, re-using the protocol defined in &xep0020;.</p>
  152. </section1>
  153. <section1 topic='Requirements' anchor='req'>
  154. <p>The specification addresses the following use cases:</p>
  155. <ul>
  156. <li>Negotiating a new stanza session</li>
  157. <li>Moving an existing stanza session from one resource to another</li>
  158. <li>Renegotiating an existing stanza session</li>
  159. <li>Terminating an existing stanza session</li>
  160. </ul>
  161. </section1>
  162. <section1 topic='State Chart' anchor='statechart'>
  163. <p>The following figure attempts to capture the state transitions in visual form.</p>
  164. <code>
  165. o
  166. |
  167. [1]
  168. |
  169. PENDING o---------------+
  170. | |
  171. | [3]
  172. | |
  173. [2]-----[5]------|
  174. | |
  175. [4] |
  176. | |
  177. | |
  178. ACTIVE o |
  179. | |
  180. +------+ |
  181. | | |
  182. | [6] |
  183. | | |
  184. | [7] or [8] |
  185. | | |
  186. +------+ |
  187. | |
  188. +-----[9]-------+
  189. |
  190. o ENDED
  191. </code>
  192. <p>[1] A stanza session negotiation is initiated when the user sends a message containing a data form of type "form" with an "accept" field.</p>
  193. <p>[2] A stanza session negotiation is accepted when the contact sends a message containing a data form of type "submit" with an "accept" field whose value is "1" or "true".</p>
  194. <p>[3] A stanza session negotiation is rejected when the contact sends a message containing a data form of type "submit" with an "accept" field whose value is "0" or "false".</p>
  195. <p>[4] A stanza session negotiation is completed when the user sends a message containing a data form of type "result" with an "accept" field whose value is "1" or "true".</p>
  196. <p>[5] A stanza session negotiation is canceled when the user sends a message containing a data form of type "result" with an "accept" field whose value is "0" or "false".</p>
  197. <p>[6] An existing session is re-negotiated when either party sends a message containing a data form of type "form" with a "renegotiate" field whose value is "1" or "true".</p>
  198. <p>[7] A session re-negotiation is accepted when the other party sends a message containing a data form of type "submit" with a "renegotiate" field whose value is "1" or "true".</p>
  199. <p>[8] A session re-negotiation is rejected when the other party sends a message containing a data form of type "submit" with a "renegotiate" field whose value is "0" or "false"; however, the session remains in the active state with the previously-negotiated parameters in force.</p>
  200. <p>[9] A session is terminated when either party sends a message containing a data form of type "submit" with a "terminate" field whose value is "1" or "true".</p>
  201. </section1>
  202. <section1 topic='Negotiating a New Session' anchor='new'>
  203. <section2 topic='Initiating a Session' anchor='new-initiate'>
  204. <p>In order to initiate a negotiated session, the initiating party ("user") sends a &MESSAGE; <note>The &MESSAGE; stanza is used because the user does not necessarily know which of the contact's resources is most available (or indeed if the contact is online).</note> stanza to the receiving party ("contact") containing a &lt;feature/&gt; child qualified by the '' namespace. The &MESSAGE; stanza MUST NOT contain a &BODY; child element (as specified in &rfc3921;). The &MESSAGE; stanza type SHOULD be "normal" (either explicitly or by non-inclusion of the 'type' attribute). The stanza MUST contain a &THREAD; element for tracking purposes (where the newly-generated ThreadID is unique to the proposed session). The data form MUST contain a hidden FORM_TYPE field whose value is "urn:xmpp:ssn" and MUST contain a boolean field named "accept". &BOOLEANNOTE; The inclusion of "logging", "disclosure" and "security" fields is also RECOMMENDED. Note: The options within any 'list-single' fields SHOULD appear in order of preference.</p>
  205. <p>Note: Sessions may be conducted between entities who are never online at the same time. However, if the user is interested only in an <em>immediate</em> session then the user SHOULD instruct the contact's server not to store the message for later delivery (see &xep0160;) using the &xep0079; protocol.</p>
  206. <p>In the following example of a negotiation request, Romeo requests a chat with Juliet and also queries her regarding whether she is able to disallow all message logging (see &xep0136;) <note>A client MUST NOT set the 'logging' field to 'mustnot' unless it has confirmed that its server will allow it to switch off Automated Archiving (see <cite>Message Archiving</cite>).</note>, whether she wants to temporarily share presence for this session (see the <link url='#impl-presence'>Sharing Presence</link> section of this document), and whether she wants to support the &xep0071; and &xep0085; extensions during this session. He asks Juliet's client if it is prepared to make a (legally binding) guarantee that it does not intentionally implement any feature (not even a disabled feature) that might disclose the content of the session, any associated (decryption) keys, or his identity to any third-party (see <cite>Encrypted Session Negotiation</cite>). He also requires that they are both connected securely to their servers, and asks which language she prefers amongst those he can write.</p>
  207. <p>Note: These fields are examples only. For definitions of these fields, refer to the <link url='#parameters'>Defined Parameters</link> section of this document.</p>
  208. <example caption="User requests session"><![CDATA[
  209. <message type='normal'
  210. from=''
  211. to=''>
  212. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  213. <feature xmlns=''>
  214. <x xmlns='jabber:x:data' type='form'>
  215. <title>Open chat with Romeo?</title>
  216. <field var='FORM_TYPE' type='hidden'>
  217. <value>urn:xmpp:ssn</value>
  218. </field>
  219. <field label='Accept this session?' type='boolean' var='accept'>
  220. <value>true</value>
  221. <required/>
  222. </field>
  223. <field label='Message logging' type='list-single' var='logging'>
  224. <value>mustnot</value>
  225. <option label='Allow message logging'>
  226. <value>may</value>
  227. </option>
  228. <option label='Disallow all message logging'>
  229. <value>mustnot</value>
  230. </option>
  231. <required/>
  232. </field>
  233. <field label="Disclosure" type="list-single" var="disclosure">
  234. <value>never</value>
  235. <option label="Guarantee disclosure not implemented">
  236. <value>never</value>
  237. </option>
  238. <option label="Disable all disclosures">
  239. <value>disabled</value>
  240. </option>
  241. <option label="Allow disclosures">
  242. <value>enabled</value>
  243. </option>
  244. <required/>
  245. </field>
  246. <field label='Allow multiple sessions?' type='boolean' var='multisession'>
  247. <value>false</value>
  248. </field>
  249. <field label='XHTML formatting'
  250. type='list-single'
  251. var=''>
  252. <value>may</value>
  253. <option label='Allow XHTML formatting'><value>may</value></option>
  254. <option label='Disallow XHTML formatting'><value>mustnot</value></option>
  255. </field>
  256. <field label='Temporarily share presence?'
  257. type='list-single'
  258. var='presence'>
  259. <value>may</value>
  260. <option label='Allow temporary presence sharing'><value>may</value></option>
  261. <option label='Disallow temporary presence sharing'><value>mustnot</value></option>
  262. </field>
  263. <field label='Chat State Notifications'
  264. type='list-single'
  265. var=''>
  266. <value>may</value>
  267. <option label='Allow Chat State Notifications'><value>may</value></option>
  268. <option label='Disallow Chat State Notifications'><value>mustnot</value></option>
  269. </field>
  270. <field label='Minimum security level'
  271. type='list-single'
  272. var='security'>
  273. <value>c2s</value>
  274. <option label='Both parties must be securely connected to their servers'>
  275. <value>c2s</value>
  276. </option>
  277. <required/>
  278. </field>
  279. <field label='Primary written language of the chat'
  280. type='list-single'
  281. var='language'>
  282. <value>en</value>
  283. <option label='English'><value>en</value></option>
  284. <option label='Italiano'><value>it</value></option>
  285. </field>
  286. </x>
  287. </feature>
  288. <amp xmlns=''>
  289. <rule action='drop' condition='deliver' value='stored'/>
  290. </amp>
  291. </message>
  292. ]]></example>
  293. <p>The user MAY request a session with a specific resource of the contact. However, if the user specifies no resource (or if the specified resource is not available), then the contact's server delivers the request to the contact's most available resource (which in the examples below happens to be "balcony"). If no resource is available (and no <cite>Advanced Message Processing</cite> rule included in the request specifies otherwise) then the server MAY store the request for later delivery.</p>
  294. </section2>
  295. <section2 topic='Accepting a Session' anchor='new-accept'>
  296. <p>If, upon reception of a user's session request, a contact finds that the request had been stored for later delivery, and if the contact is interested only in an <em>immediate</em> session, then it SHOULD initiate a new stanza session negotiation (including a newly-generated ThreadID) instead of responding to the user's request. Note: Sending any response to the user's original request would leak presence information since it would divulge the fact that the contact had been offline rather than just ignoring the user.</p>
  297. <p>In any response to the user's request, the contact's client MUST mirror the &THREAD; value so that the user's client can correctly track the response. The &MESSAGE; stanza MUST NOT contain a &BODY; child element.</p>
  298. <p>If the request is accepted then the contact's client MUST include in its response values for all the fields that the request indicated are required. If the contact's client does not support one of the default values or if the contact has disabled its support (as for Chat State Notifications and XHTML formatting in the example below), and the client can still accept the request, then it MUST set that field to a value that it can support.</p>
  299. <p>In the example below we assume that Juliet accepts the session and specifies that she prefers to speak Italian with Romeo:</p>
  300. <example caption="Contact accepts session and specifies parameters"><![CDATA[
  301. <message type='normal'
  302. from=''
  303. to=''>
  304. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  305. <feature xmlns=''>
  306. <x xmlns='jabber:x:data' type='submit'>
  307. <field var='FORM_TYPE'>
  308. <value>urn:xmpp:ssn</value>
  309. </field>
  310. <field var='accept'><value>true</value></field>
  311. <field var='logging'><value>mustnot</value></field>
  312. <field var='disclosure'><value>never</value></field>
  313. <field var=''>
  314. <value>may</value>
  315. </field>
  316. <field var=''>
  317. <value>may</value>
  318. </field>
  319. <field var='security'><value>c2s</value></field>
  320. <field var='language'><value>it</value></field>
  321. </x>
  322. </feature>
  323. </message>
  324. ]]></example>
  325. <p>Note: Both entities MUST assume the session is being established with the resource of the contact that sends the reply, even if the user sent its request to a different resource of the contact.</p>
  326. </section2>
  327. <section2 topic='Rejecting a Session' anchor='new-reject'>
  328. <p>If the contact does not want to reveal presence to the user for whatever reason then the contact's client SHOULD return no response or error (see <link url='#secure-leak'>Presence Leaks</link>). Also, if the contact is using a legacy client then it MAY not support returning any response or error. In both these cases the user MAY proceed to send stanzas to the contact outside the context of a negotiated session.</p>
  329. <p>However, if the contact simply prefers not to start a session then the client SHOULD decline the invitation. The data form MUST contain the FORM_TYPE field and the "accept" field set to "0" or "false". It is RECOMMENDED that the form does not contain any other fields even if the request indicated they are required. The client MAY include a reason via the "reason" field (which is of type "text-single"). The &MESSAGE; stanza MUST NOT contain a &BODY; child element.</p>
  330. <example caption="Contact declines offer and specifies reason"><![CDATA[
  331. <message type='normal'
  332. from=''
  333. to=''>
  334. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  335. <feature xmlns=''>
  336. <x xmlns='jabber:x:data' type='submit'>
  337. <field var='FORM_TYPE'>
  338. <value>urn:xmpp:ssn</value>
  339. </field>
  340. <field var='accept'><value>0</value></field>
  341. <field var='reason'>
  342. <value>Sorry, can't chat now! How about tonight?</value>
  343. </field>
  344. </x>
  345. </feature>
  346. </message>
  347. ]]></example>
  348. <p>If the contact's client does not support feature negotiation or does not support the "urn:xmpp:ssn" FORM_TYPE, it SHOULD return a &unavailable; error:</p>
  349. <example caption="Contact returns service unavailable error"><![CDATA[
  350. <message type='error'
  351. from=''
  352. to=''>
  353. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  354. <feature xmlns=''>
  355. <x xmlns='jabber:x:data' type='form'>
  356. <field var='FORM_TYPE' type='hidden'>
  357. <value>urn:xmpp:ssn</value>
  358. </field>
  359. ...
  360. </x>
  361. </feature>
  362. <error code='503' type='cancel'>
  363. <service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  364. </error>
  365. </message>
  366. ]]></example>
  367. <p>If the contact's client does not support one or more of the <em>required</em> features, it SHOULD return a &feature; error, specifying the field(s) not implemented using the 'var' attribute of one or more &lt;field/&gt; child elements of a &lt;feature/&gt; child element of the &lt;error/&gt; scoped by the '' namespace:</p>
  368. <example caption="Contact returns feature not implemented error"><![CDATA[
  369. <message type='error'
  370. from=''
  371. to=''>
  372. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  373. <feature xmlns=''>
  374. <x xmlns='jabber:x:data' type='form'>
  375. <field var='FORM_TYPE' type='hidden'>
  376. <value>urn:xmpp:ssn</value>
  377. </field>
  378. ...
  379. </x>
  380. </feature>
  381. <error code='501' type='cancel'>
  382. <feature-not-implemented xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  383. <feature xmlns=''>
  384. <field var='logging'/>
  385. </feature>
  386. </error>
  387. </message>
  388. ]]></example>
  389. <p>If the contact's client supports <em>none</em> of the options for one or more <em>required</em> fields, it SHOULD return a &notacceptable; error, specifying the field(s) with unsupported options using the 'var' attribute of one or more &lt;field/&gt; child elements of a &lt;feature/&gt; child element of the &lt;error/&gt; scoped by the '' namespace:</p>
  390. <example caption="Contact returns options not acceptable error"><![CDATA[
  391. <message type='error'
  392. from=''
  393. to=''>
  394. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  395. <feature xmlns=''>
  396. <x xmlns='jabber:x:data' type='form'>
  397. <field var='FORM_TYPE' type='hidden'>
  398. <value>urn:xmpp:ssn</value>
  399. </field>
  400. ...
  401. </x>
  402. </feature>
  403. <error code='406' type='modify'>
  404. <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  405. <feature xmlns=''>
  406. <field var='security'/>
  407. </feature>
  408. </error>
  409. </message>
  410. ]]></example>
  411. </section2>
  412. <section2 topic='Completing or Canceling the Negotiation' anchor='new-complete'>
  413. <p>If the contact accepted the session (see <link url='#new-accept'>Accepting a Session</link>) then the user MUST either complete or cancel the stanza session negotiation. If the contact chose an option other than the default (prefered) value for one or more of the fields, then instead of having the client accept the session automatically the user may prefer to review the values that the contact selected before confirming that the session is open. <note>See <cite>Encrypted Session Negotiation</cite> for example of other instances where the user might find the values submitted by the contact unacceptable.</note> In any case the user's client SHOULD verify that the selected values are acceptable before completing the stanza session negotiation -- and confirming that the session is open -- by replying with a form with the form 'type' attribute set to 'result'. The form MUST contain the FORM_TYPE field and the "accept" field set to "1" or "true". The user MAY include an explanation or reason via the "reason" field (which is of type "text-single"). The &MESSAGE; stanza MUST NOT contain a &BODY; child element.</p>
  414. <example caption="User completes negotiation and confirms session is open"><![CDATA[
  415. <message type='normal'
  416. from=''
  417. to=''>
  418. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  419. <feature xmlns=''>
  420. <x xmlns='jabber:x:data' type='result'>
  421. <field var='FORM_TYPE'>
  422. <value>urn:xmpp:ssn</value>
  423. </field>
  424. <field var='accept'><value>true</value></field>
  425. <field var='reason'>
  426. <value>I forgot what I wanted to say!</value>
  427. </field>
  428. </x>
  429. </feature>
  430. </message>
  431. ]]></example>
  432. <p>Alternatively, if the user decides to cancel the stanza session negotiation then the client MUST reply with a data form containing the FORM_TYPE field and the "accept" field set to "0" or "false":</p>
  433. <example caption="User cancels stanza session negotiation"><![CDATA[
  434. <message type='normal'
  435. from=''
  436. to=''>
  437. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  438. <feature xmlns=''>
  439. <x xmlns='jabber:x:data' type='result'>
  440. <field var='FORM_TYPE'>
  441. <value>urn:xmpp:ssn</value>
  442. </field>
  443. <field var='accept'><value>0</value></field>
  444. </x>
  445. </feature>
  446. </message>
  447. ]]></example>
  448. </section2>
  449. </section1>
  450. <section1 topic='Moving A Session to a Different Resource' anchor='move'>
  451. <p>Either party MAY ask to continue the session using another of its resources. The requesting party does this by submitting a form with a "continue" field containing the value of the new resource:</p>
  452. <example caption="One party asks to switch session to another of its resources"><![CDATA[
  453. <message type='normal'
  454. from=''
  455. to=''>
  456. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  457. <feature xmlns=''>
  458. <x xmlns='jabber:x:data' type='submit'>
  459. <field var='FORM_TYPE'>
  460. <value>urn:xmpp:ssn</value>
  461. </field>
  462. <field var='continue'><value>PDA</value></field>
  463. </x>
  464. </feature>
  465. </message>
  466. ]]></example>
  467. <p>The requesting party SHOULD NOT send stanzas within the session from either resource until the other party has accepted the switch to the new resource.</p>
  468. <p>The other client SHOULD accept the switch automatically since the requesting party might otherwise be unable to continue the session:</p>
  469. <example caption="Other client accepts switch"><![CDATA[
  470. <message type='normal'
  471. from=''
  472. to=''>
  473. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  474. <feature xmlns=''>
  475. <x xmlns='jabber:x:data' type='result'>
  476. <field var='FORM_TYPE'>
  477. <value>urn:xmpp:ssn</value>
  478. </field>
  479. <field var='continue'><value>PDA</value></field>
  480. </x>
  481. </feature>
  482. </message>
  483. ]]></example>
  484. <p>Once the other party has accepted the switch then all stanzas sent within the session MUST be to or from the new resource. Note: Both parties MUST ensure that they comply with all the other stanza session negotiation parameters that were previously agreed for this session.</p>
  485. </section1>
  486. <section1 topic='Renegotiating a Session' anchor='renegotiate'>
  487. <p>At any time during an existing session, either party MAY attempt to renegotiate the parameters of the session using the protocol described in <link url='#new'>Negotiating a New Session</link>. The requesting party does this by sending a new &MESSAGE; stanza containing a feature negotiation form and a &THREAD; element with the <em>same</em> value as that of the existing session. Note: The "accept" field MUST NOT be included in a renegotiation form and the &MESSAGE; stanza MUST NOT contain a &BODY; child element. The other fields MAY be different from the set of fields included in the initial stanza session negotiation form.</p>
  488. <example caption="One party requests renegotiation"><![CDATA[
  489. <message type='normal'
  490. from=''
  491. to=''>
  492. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  493. <feature xmlns=''>
  494. <x xmlns='jabber:x:data' type='form'>
  495. <field var='FORM_TYPE' type='hidden'>
  496. <value>urn:xmpp:ssn</value>
  497. </field>
  498. <field label='Renegotiate?' type='boolean' var='renegotiate'>
  499. <value>1</value>
  500. <required/>
  501. </field>
  502. <field label='Message logging' type='list-single' var='logging'>
  503. <value>mustnot</value>
  504. <option label='Disallow all message logging'>
  505. <value>may</value>
  506. </option>
  507. <required/>
  508. </field>
  509. </x>
  510. </feature>
  511. </message>
  512. ]]></example>
  513. <p>The requesting party MAY continue to send stanzas within the session while it is waiting for the other party to either accept the parameters or report an error.</p>
  514. <p>In order to accept the renegotiation, the other party shall send a message containing a data form of type "submit" with the 'renegotiate' field set to a value of "1" or "true".</p>
  515. <example caption="Other party accepts renegotiation and specifies parameters"><![CDATA[
  516. <message type='normal'
  517. from=''
  518. to=''>
  519. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  520. <feature xmlns=''>
  521. <x xmlns='jabber:x:data' type='submit'>
  522. <field var='FORM_TYPE'>
  523. <value>urn:xmpp:ssn</value>
  524. </field>
  525. <field var='renegotiate'><value>1</value></field>
  526. <field var='logging'><value>may</value></field>
  527. </x>
  528. </feature>
  529. </message>
  530. ]]></example>
  531. <p>Note: Both parties MUST consider the renegotiation to be complete as soon as the parameter acceptance message has been sent (or received).</p>
  532. <p>Note: The requesting party SHOULD NOT send a renegotiation completion or cancelation message (see <link url='#new-complete'>Completing or Canceling the Negotiation</link>).</p>
  533. <p>Note: Both parties MUST ensure that they continue to comply with all the stanza session negotiation parameters that were not renegotiated but had previously been agreed for this session.</p>
  534. <p>In order to reject the renegotiation, the other party shall send a message containing a data form of type "submit" with the 'renegotiate' field set to a value of "0" or "false".</p>
  535. <example caption="Other party rejects renegotiation"><![CDATA[
  536. <message type='normal'
  537. from=''
  538. to=''>
  539. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  540. <feature xmlns=''>
  541. <x xmlns='jabber:x:data' type='submit'>
  542. <field var='FORM_TYPE'>
  543. <value>urn:xmpp:ssn</value>
  544. </field>
  545. <field var='renegotiate'><value>0</value></field>
  546. <field var='logging'><value>may</value></field>
  547. </x>
  548. </feature>
  549. </message>
  550. ]]></example>
  551. <p>If the other party's client does not support one or more of the <em>required</em> features, it SHOULD return a &feature; error. If the other party's client supports <em>none</em> of the options for one or more <em>required</em> fields, it SHOULD return a &notacceptable; error (see <link url='#new-reject'>Rejecting a Session</link>). Note: In any of these cases the existing negotiated session parameters are maintained. Either party MAY choose to terminate the session only as specified in the section <link url='#terminate'>Terminating a Session</link>.</p>
  552. </section1>
  553. <section1 topic='Terminating a Session' anchor='terminate'>
  554. <p>In order to explicitly terminate a negotiated session, the party that wishes to end the session MUST do so by sending a &MESSAGE; containing a data form of type "submit". The &MESSAGE; stanza MUST contain a &THREAD; element with the same XML character data as the original initiation request. The &MESSAGE; stanza MUST NOT contain a &BODY; child element. The data form containing a boolean field named "terminate" set to a value of "1" or "true".</p>
  555. <example caption="One party terminates session"><![CDATA[
  556. <message type='normal'
  557. from=''
  558. to=''>
  559. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  560. <feature xmlns=''>
  561. <x xmlns='jabber:x:data' type='submit'>
  562. <field var='FORM_TYPE'>
  563. <value>urn:xmpp:ssn</value>
  564. </field>
  565. <field var='terminate'><value>1</value></field>
  566. </x>
  567. </feature>
  568. </message>
  569. ]]></example>
  570. <p>Both parties MUST then consider the session to be ended.</p>
  571. <p>The other party's client MAY explicitly acknowledge the termination of the session by sending a &MESSAGE; containing a data form of type "result", and the value of the "terminate" field set to "1" or "true" (see <cite>Encrypted Session Negotiation</cite> for a practical example). The client MUST mirror the &THREAD; value it received.</p>
  572. <example caption="Other party acknowledges session termination"><![CDATA[
  573. <message type='normal'
  574. from=''
  575. to=''>
  576. <thread>ffd7076498744578d10edabfe7f4a866</thread>
  577. <feature xmlns=''>
  578. <x xmlns='jabber:x:data' type='result'>
  579. <field var='FORM_TYPE'>
  580. <value>urn:xmpp:ssn</value>
  581. </field>
  582. <field var='terminate'><value>1</value></field>
  583. </x>
  584. </feature>
  585. </message>
  586. ]]></example>
  587. </section1>
  588. <section1 topic='Defined Parameters' anchor='parameters'>
  589. <p>This section defines the parameters for stanza session negotiation parameters and whether they must, should, or may be included in the initial negotiation form. Additional parameters may be registered as described in the <link url='#registrar'>XMPP Registrar Considerations</link> section of this document.</p>
  590. <table caption='Form Fields'>
  591. <tr>
  592. <th>Name</th>
  593. <th>Definition</th>
  594. <th>Inclusion</th>
  595. </tr>
  596. <tr>
  597. <td>accept</td>
  598. <td>Whether the receiving party wishes to accept the invitation</td>
  599. <td>MUST</td>
  600. </tr>
  601. <tr>
  602. <td>continue</td>
  603. <td>Another resource with which to continue the session</td>
  604. <td>N/A (used to move a session)</td>
  605. </tr>
  606. <tr>
  607. <td>disclosure</td>
  608. <td>Whether and to what extent the content, keys, and identities can be disclosed to third parties; the options are "never" (disclosure must never occur), "disabled" (only disclosure required by law shall occur), and "enabled" (disclosure may occur)</td>
  609. <td>SHOULD</td>
  610. </tr>
  611. <tr>
  612. <td></td>
  613. <td>Whether the parties may exchange Chat State Notifications per XEP-0085; the options are "may" and "mustnot"</td>
  614. <td>OPTIONAL</td>
  615. </tr>
  616. <tr>
  617. <td></td>
  618. <td>Whether the parties may exchange XHTML formatting per XEP-0071; the options are "may" and "must not"</td>
  619. <td>OPTIONAL</td>
  620. </tr>
  621. <tr>
  622. <td>language</td>
  623. <td>The preferred natural language(s) for information exchange, using language codes defined in accordance with &rfc4646;</td>
  624. <td>SHOULD</td>
  625. </tr>
  626. <tr>
  627. <td>logging</td>
  628. <td>Whether the parties may log messages; the options are "may" and "mustnot"</td>
  629. <td>SHOULD</td>
  630. </tr>
  631. <tr>
  632. <td>multisession</td>
  633. <td>Whether to allow multiple concurrent sessions between the full JIDs of the parties; this is a boolean variable that defaults to false</td>
  634. <td>SHOULD</td>
  635. </tr>
  636. <tr>
  637. <td>renegotiate</td>
  638. <td>Whether the receiving party wishes to renegotiate the session</td>
  639. <td>N/A (used to renegotiate a session)</td>
  640. </tr>
  641. <tr>
  642. <td>security</td>
  643. <td>The minimum security level for secure connections between the parties; the options are "none" (a secure connection is not required), "c2s" (both parties must be securely connected to their servers), and "e2e" (both parties must be securely connected to each other, for example via Encrypted Sessions)</td>
  644. <td>SHOULD</td>
  645. </tr>
  646. <tr>
  647. <td>terminate</td>
  648. <td>Whether the receiving party wishes to terminate the session</td>
  649. <td>N/A (used to terminate a session)</td>
  650. </tr>
  651. </table>
  652. </section1>
  653. <section1 topic='Implementation Notes' anchor='impl'>
  654. <section2 topic='Auto Accept or Reject' anchor='impl-auto'>
  655. <p>A client MAY require a human user to approve each stanza session negotiation request, however it is RECOMMENDED that it accepts or rejects automatically as many requests as possible, based on a set of user-configurable policies (see <link url='#secure-leak'>Presence Leaks</link>).</p>
  656. </section2>
  657. <section2 topic='Persisting Sessions' anchor='impl-close'>
  658. <p>Stanza session negotiation sometimes requires the involvement of either or both human users, and if human input is required but the user is away then session establishment may be delayed indefinitely. So, in order to minimise the number of user interruptions and delays, clients SHOULD reuse existing sessions whenever possible. For example, a client SHOULD NOT terminate sessions unless the user is going offline, even if its user closes a window associated with the session.</p>
  659. </section2>
  660. <section2 topic='Sharing Presence' anchor='impl-presence'>
  661. <p>If so negotiated via the 'presence' field, two parties who do not have subscriptions to each other's presence (as specified in <cite>XMPP-IM</cite>) may share presence by sending directed presence after the session is negotiated.</p>
  662. <example caption="User sends directed presence to contact"><![CDATA[
  663. <presence from='' to=''/>
  664. ]]></example>
  665. <example caption="Contact sends directed presence to user"><![CDATA[
  666. <presence from='' to=''/>
  667. ]]></example>
  668. <p>In accordance with the rules specified in <cite>XMPP-IM</cite>, sharing presence enables one party's server to send unavailable presence to the other party if the sending party goes offline for any reason.</p>
  669. </section2>
  670. <section2 topic='Unavailable Presence' anchor='impl-unavail'>
  671. <p>If a party receives an XMPP presence stanza of type "unavailable" from the full JID &LOCALFULL; of the other party (i.e., the resource with which it has had an active session) during a session, the receiving party SHOULD assume that the other client will still be able to continue the session (perhaps it simply became "invisible", or it is persisting the state of the negotiated session until it reconnects and receives "offline" messages).</p>
  672. <p>However, the receiving party MAY assume that the other client will <em>not</em> be able to continue the session. <note>In general, if a party is not subscribing to the other party's presence then it will never assume the other party is is unable to continue a session.</note> In that case it MUST explicitly terminate the session (see <link url='#terminate'>Terminating a Session</link>) -- since its assumption could be incorrect. If after terminating the session the receiving party later receives available presence (i.e., a &PRESENCE; stanza with no 'type' attribute) from that same resource or another resource associated with the other party and the receiving party desires to restart the session, then it MUST initiate a new session (including a newly-generated ThreadID) with the other party. It MUST NOT renegotiate parameters for the terminated session. (Note: This is consistent with the handling of chat states as specified in <cite>XEP-0085</cite>.)</p>
  673. </section2>
  674. <section2 topic='Mapping to SIP' anchor='impl-sip'>
  675. <p>When mapping instant messaging flows to SIP, implementations SHOULD adhere to &rfc7572;.</p>
  676. <p>In addition, the following mappings apply to chat session negotiation:</p>
  677. <ul>
  678. <li>Initiation of a negotiated chat session maps to the semantics of the SIP INVITE method.</li>
  679. <li>Renegotiation of a negotiated chat session also maps to the semantics of the SIP INVITE method.</li>
  680. <li>Termination of a negotiated chat session maps to the semantics of the SIP BYE method.</li>
  681. <li>The XMPP &THREAD; value maps to the semantics of the SIP Call-ID attribute.</li>
  682. </ul>
  683. </section2>
  684. </section1>
  685. <section1 topic='Security Considerations' anchor='security'>
  686. <section2 topic='Presence Leaks' anchor='secure-leak'>
  687. <p>If a contact does not share its presence information with a user through a presence subscription (see <cite>RFC 3921</cite>) or if it blocks outbound presence notifications to the user (see &xep0016;), then it will effectively expose its presence if it accepts the user's stanza session negotiation request or returns an error to the user. Therefore, due care must be exercised in determining whether to accept the request or return an error. The contact's client SHOULD NOT automatically (i.e. without first asking the contact) either accept the user's request or return an error to the user unless the user is subscribed to the contact's presence and the contact is not blocking outbound presence notifications to the user. Note: There should be no need for the contact's client to consult the contact's block list (see &xep0191;), since if the user is on the block list then the contact would not receive the request from the user in the first place.</p>
  688. </section2>
  689. <section2 topic='Localization' anchor='secure-local'>
  690. <p>If a client is configured to show a request &lt;form/&gt; to a human user instead of responding automatically, it SHOULD replace the content of the &lt;title/&gt; element and of all label attributes of the known and registered &lt;field/&gt; and &lt;option/&gt; elements with its own localised versions before showing the form to the user -- even if the form already appears to be in the correct language.</p>
  691. <p>Note: If a client fails to localize the form, a malicious contact might, for example, either switch the labels on the 'security' and 'logging' fields, or use the &lt;title/&gt; to mislead the user regarding the identity of the contact.</p>
  692. </section2>
  693. </section1>
  694. <section1 topic='IANA Considerations' anchor='iana'>
  695. <p>This document requires no interaction with &IANA;.</p>
  696. </section1>
  697. <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
  698. <section2 topic='Protocol Namespaces' anchor='ns'>
  699. <p>The &REGISTRAR; includes 'urn:xmpp:ssn' in its registry of protocol namespaces (see &NAMESPACES;).</p>
  700. </section2>
  701. <section2 topic='Service Discovery Features' anchor='registrar-features'>
  702. <p>The XMPP Registrar includes 'urn:xmpp:ssn' in its registry of Service Discovery features (see &DISCOFEATURES;).</p>
  703. <code caption='Registry Submission'><![CDATA[
  704. <var>
  705. <name>urn:xmpp:ssn</name>
  706. <desc>Support for Stanza Session Negotiation and its FORM_TYPE</desc>
  707. <doc>XEP-0155</doc>
  708. </var>
  709. ]]></code>
  710. </section2>
  711. <section2 topic='Field Standardization' anchor='registrar-formtype'>
  712. <p>&xep0068; defines a process for standardizing the fields used within Data Forms qualified by a particular namespace. The following fields are registered for use in Stanza Session Negotiation (see &FORMTYPES;):</p>
  713. <code caption='Registry Submission'><![CDATA[
  714. <form_type>
  715. <name>urn:xmpp:ssn</name>
  716. <doc>XEP-0155</doc>
  717. <desc>
  718. Forms enabling negotation of a one-to-one
  719. session between two entities.
  720. </desc>
  721. <field
  722. var='accept'
  723. type='boolean'
  724. label='Whether to accept the invitation'/>
  725. <field
  726. var='continue'
  727. type='text-single'
  728. label='Another resource with which to continue the session'/>
  729. <field
  730. var="disclosure"
  731. type="list-single"
  732. label="Disclosure of content, decryption keys or identities">
  733. <option label="Entities guarantee no disclosure features
  734. exist (not even disabled features)">
  735. <value>never</value>
  736. </option>
  737. <option label="Entities MUST NOT disclose (except for those
  738. disclosures that are required by law)">
  739. <value>disabled</value>
  740. </option>
  741. <option label="Entities MAY disclose">
  742. <value>enabled</value>
  743. </option>
  744. </field>
  745. <field
  746. var=''
  747. type='list-single'
  748. label='Whether may send Chat State Notifications per XEP-0085'>
  749. <option label='May Send'>
  750. <value>may</value>
  751. </option>
  752. <option label='Must Not Send'>
  753. <value>mustnot</value>
  754. </option>
  755. </field>
  756. <field
  757. var=''
  758. type='list-single'
  759. label='Whether allowed to use XHTML-IM formatting per XEP-0071'>
  760. <option label='May Send'>
  761. <value>may</value>
  762. </option>
  763. <option label='Must Not Send'>
  764. <value>mustnot</value>
  765. </option>
  766. </field>
  767. <field
  768. var='language'
  769. type='list-single'
  770. label='Primary written language of the chat (each
  771. value appears in order of preference and
  772. conforms to RFC 4646 and the IANA registry)'/>
  773. <field
  774. var='logging'
  775. type='list-single'
  776. label='Whether allowed to log messages (i.e.,
  777. whether Off-The-Record mode is required)'>
  778. <option label='Allow Message Logging'>
  779. <value>may</value>
  780. </option>
  781. <option label='Disallow All Message Logging (i.e., must
  782. disable absolutely all message
  783. logging including automatic archiving
  784. -- see XEP-0136'>
  785. <value>mustnot</value>
  786. </option>
  787. </field>
  788. <field
  789. var='multisession'
  790. type='boolean'
  791. label='Whether to allow multiple concurrent sessions between the parties'/>
  792. <field
  793. var='renegotiate'
  794. type='boolean'
  795. label='Whether to renegotiate the session'/>
  796. <field
  797. var='security'
  798. type='list-single'
  799. label='Minimum security level'>
  800. <option label='Secure connections not required'>
  801. <value>none</value>
  802. </option>
  803. <option label='Both parties must be securely connected to their servers'>
  804. <value>c2s</value>
  805. </option>
  806. <option label='Both parties must be securely connected to each other'>
  807. <value>e2e</value>
  808. </option>
  809. </field>
  810. <field
  811. var='terminate'
  812. type='boolean'
  813. label='Whether to terminate the session'/>
  814. </form_type>
  815. ]]></code>
  816. </section2>
  817. </section1>
  818. <section1 topic='XML Schema' anchor='schema'>
  819. <p>This proposal re-uses the format defined in XEP-0020 and therefore does not require a dedicated schema.</p>
  820. </section1>
  821. <section1 topic='Acknowledgements' anchor='ack'>
  822. <p>Thanks to Thomas Charron and Jean-Louis Seguineau for their feedback.</p>
  823. </section1>
  824. </xep>