mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-13 21:05:09 -05:00
250 lines
13 KiB
XML
250 lines
13 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE xep SYSTEM 'xep.dtd' [
|
|
<!ENTITY % ents SYSTEM 'xep.ent'>
|
|
%ents;
|
|
]>
|
|
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
|
|
<xep>
|
|
<header>
|
|
<title>Presence Decloaking</title>
|
|
<abstract>This specification defines an XMPP protocol extension that enables a user to send directed presence with a request for the target to also share presence information for the duration of a communications session.</abstract>
|
|
&LEGALNOTICE;
|
|
<number>0276</number>
|
|
<status>Deferred</status>
|
|
<type>Standards Track</type>
|
|
<sig>None</sig>
|
|
<approver>Council</approver>
|
|
<dependencies/>
|
|
<supersedes/>
|
|
<supersededby/>
|
|
<shortname>NOT YET ASSIGNED</shortname>
|
|
<author>
|
|
<firstname>Simon</firstname>
|
|
<surname>McVittie</surname>
|
|
<email>simon.mcvittie@collabora.co.uk</email>
|
|
<jid>simon.mcvittie@collabora.co.uk</jid>
|
|
</author>
|
|
&stpeter;
|
|
&robmcqueen;
|
|
<revision>
|
|
<version>0.3</version>
|
|
<date>2012-07-13</date>
|
|
<initials>psa</initials>
|
|
<remark><p>Tweaked the security considerations.</p></remark>
|
|
</revision>
|
|
<revision>
|
|
<version>0.2</version>
|
|
<date>2012-07-11</date>
|
|
<initials>psa</initials>
|
|
<remark><p>Back by popular demand; also changed namespace to decloak (again).</p></remark>
|
|
</revision>
|
|
<revision>
|
|
<version>0.1</version>
|
|
<date>2010-01-26</date>
|
|
<initials>psa</initials>
|
|
<remark><p>Initial published version as accepted for publication by the XMPP Council; more fully described the reasons for using directed presence instead of presence subscriptions; changed requested namespace from decloak to temppres.</p></remark>
|
|
</revision>
|
|
<revision>
|
|
<version>0.0.2</version>
|
|
<date>2010-01-17</date>
|
|
<initials>psa</initials>
|
|
<remark><p>Rewrote the introduction, clarified the security considerations, requested issuance of an appropriate URN from the XMPP Registrar.</p></remark>
|
|
</revision>
|
|
<revision>
|
|
<version>0.0.1</version>
|
|
<date>2010-01-05</date>
|
|
<initials>smcv/psa/rm</initials>
|
|
<remark><p>First draft.</p></remark>
|
|
</revision>
|
|
</header>
|
|
|
|
<section1 topic='Introduction' anchor='intro'>
|
|
|
|
<p>Various XMPP extensions, such as &xep0166;, require additional support from clients, advertised in presence via &xep0115;, or require that IQ stanzas are sent to a particular resource. For instance, Jingle calls can be made only by sending an IQ to a particular resource. However, two parties who wish to communicate do not always share presence information through subscriptions and therefore cannot use entity capabilities to determine the proper full JID for communication. Indeed, one of the parties might not even use XMPP: e.g., a remote user on the other side of a gateway to a network based on the Session Initiation Protocol (SIP; &rfc3261;) or to the Public Switched Telephone Network (PSTN). It would be helpful if a user could make a call through such a gateway by typing the SIP URI or telephone number of an arbitrary contact, without first exchanging presence.</p>
|
|
|
|
<p>&rfc6121; already defines a way to send directed presence to another entity. This document supplements RFC 6121 by defining an XML protocol extension enabling two parties to explicitly share presence with each other on a temporary basis through an "intentional presence leak"; we call this "decloaking".</p>
|
|
|
|
<p>Note: This protocol has already been implemented using an XML namespace of "http://telepathy.freedesktop.org/xmpp/protocol/decloak" but the ®ISTRAR; was requested to issue the XMPP URN "urn:xmpp:decloak:0" upon publication of this proposal in the &xep0001; series.</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='Requirements' anchor='reqs'>
|
|
|
|
<p>An entity should be able to attempt to initiate a communication session that requires IQs and/or capability negotiation (Jingle, a file transfer, end-to-end encryption, or other similar communication modes) with an arbitrary entity.</p>
|
|
|
|
<p>If the receiving entity agrees to divulge their presence in this way, minimal presence (with no 'type' attribute, &SHOW; element, avatar hash, etc.) and capabilities should be communicated to the initiating entity, so that the initiating entity can continue to initiate the communication session.</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='Approach' anchor='approach'>
|
|
|
|
<p>The approach taken here is that the user who wishes to initiate presence sharing for the length of a communications session sends directed presence (including entity capabilities) to the bare JID &LOCALBARE; of the initiator's intended communication partner, including a special XMPP extension <decloak xmlns='urn:xmpp:decloak:0'/>. Upon receipt of this directed presence stanza, if configured to do so the recipient's sends directed presence (including entity capabilities) to the initiator's full JID &LOCALFULL;. Once the parties complete their communications session, they can terminate presence sharing by sending directed <presence type='unavailable'/> to each other; alternatively, at any time they could "upgrade" their session-based presence sharing to a full XMPP presence subscription as described in &xmppim;.</p>
|
|
|
|
<p>Although the <decloak/> element could be sent in presence stanzas of type "subscribe" instead of in directed presence notifications, that behavior is discouraged because the "fall-through" case for subscription requests is a long-lived subscription, not temporary sharing of presence information for the life of a communication session.</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='Scenario' anchor='scenario'>
|
|
|
|
<p>Suppose that Juliet wishes to make a media call to Tybalt, but the two parties do not share presence information in accordance with the core definition of XMPP. Suppose also that Juliet and Tybalt have the following presence, although neither can initially see the other's presence:</p>
|
|
|
|
<example caption="Initial state">
|
|
<![CDATA[
|
|
<presence from='juliet@shakespeare.lit/balcony'>
|
|
<show>dnd</show>
|
|
<status>on the phone</status>
|
|
<c ver='juliet-caps-hash' .../>
|
|
</presence>
|
|
|
|
<presence from='tybalt@shakespeare.lit/library'>
|
|
<show>dnd</show>
|
|
<status>researching</status>
|
|
<c ver='tybalt-caps-hash' .../>
|
|
</presence>
|
|
|
|
<presence from='tybalt@shakespeare.lit/garden'>
|
|
<show>xa</show>
|
|
<status>gone to the library</status>
|
|
<c ver='tybalt-caps-hash' .../>
|
|
</presence>
|
|
]]></example>
|
|
|
|
<p>Juliet requests that Tybalt divulge his availability and capabilities, by sending directed presence to his bare JID <tybalt@shakespeare.lit>, where the presence stanza contains a <decloak/> element.</p>
|
|
|
|
<example caption="Requesting that a peer share session presence"><![CDATA[
|
|
<presence from='juliet@shakespeare.lit/balcony'
|
|
to='tybalt@shakespeare.lit'>
|
|
<c ver='juliet-caps-hash' .../>
|
|
<decloak xmlns='urn:xmpp:decloak:0' reason='media'/>
|
|
</presence>
|
|
]]></example>
|
|
|
|
<p>Tybalt MAY in response send session presence from one or more resources, by sending directed presence from those resource(s) to Juliet's bare JID.</p>
|
|
|
|
<example caption="Sharing presence in response to a request">
|
|
<![CDATA[
|
|
<presence from='tybalt@shakespeare.lit/library'
|
|
to='juliet@shakespeare.lit'>
|
|
<c ver='tybalt-caps-hash' .../>
|
|
</presence>
|
|
|
|
<presence from='tybalt@shakespeare.lit/garden'
|
|
to='juliet@shakespeare.lit'>
|
|
<c ver='tybalt-caps-hash' .../>
|
|
</presence>
|
|
]]></example>
|
|
|
|
<p>Once Juliet has received the session presence from Tybalt, if necessary she can perform service discovery to find out the meaning of the entity capabilities hashes (if unknown), then proceed to make a Jingle call, initiate a file transfer, or complete some other use case.</p>
|
|
|
|
<p>Naturally, it's also possible that Tybalt's client will ignore the request (in particular, this will happen for any resource that does not implement this specification). However, in this case the parties are no worse off than they were before Juliet requested decloaking.</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='Sharing Presence with a Gateway' anchor='gateway'>
|
|
|
|
<p>Let us now suppose that Juliet wishes to make a media call to Romeo, who does not use XMPP but who has a SIP URI of sip:romeo@shakespeare.lit, which can be called via an XMPP-to-SIP gateway.</p>
|
|
|
|
<p>Juliet requests that the SIP contact representing Romeo on the gateway shall divulge its availability and capabilities, by sending directed presence to its bare JID at the gateway containing a <decloak/> element.</p>
|
|
|
|
<example caption="Requesting that a gateway contact shall share session presence">
|
|
<![CDATA[
|
|
<presence from='juliet@shakespeare.lit/balcony'
|
|
to='romeo%shakespeare.lit@sip.shakespeare.lit'>
|
|
<c ver='juliet-caps-hash' .../>
|
|
<decloak xmlns='urn:xmpp:decloak:0' reason='media'/>
|
|
</presence>
|
|
]]></example>
|
|
|
|
<p>In response, the SIP gateway automatically shares session presence on behalf of that JID, in order to tell Juliet what the gateway's capabilities are.</p>
|
|
|
|
<example caption="Sharing presence in response to a request">
|
|
<![CDATA[
|
|
<presence from='romeo%shakespeare.lit@sip.shakespeare.lit'
|
|
to='juliet@shakespeare.lit'>
|
|
<c ver='gateway-caps-hash' .../>
|
|
</presence>
|
|
]]></example>
|
|
|
|
<p>As above, Juliet can now complete service discovery and any protocol-specific use cases.</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='The reason Attibute' anchor='reason'>
|
|
<p>To signal the type of communication that is desired, the entity that first shares session presence MAY include a 'reason' attribute on the <decloak/> element. The following values for the 'reason' attribute are defined:</p>
|
|
|
|
<dl>
|
|
<di>
|
|
<dt>media</dt>
|
|
<dd>Presence is requested for a voice and/or video call, e.g. via &xep0167;.</dd>
|
|
</di>
|
|
<di>
|
|
<dt>text</dt>
|
|
<dd>Presence is requested for a textual conversation using an extension that requires capabilities to be disclosed, such as &xep0071;, &xep0085;, &xep0301;, or end-to-end encryption.</dd>
|
|
</di>
|
|
<di>
|
|
<dt>file</dt>
|
|
<dd>Presence is requested for one or more file transfers, e.g. via &xep0234; or &xep0095;.</dd>
|
|
</di>
|
|
</dl>
|
|
|
|
<p>Inclusion of the 'reason' attribute can be interpreted by the receiving client as a signal that communication is about to start; for instance, a call accept/reject dialog could double as a UI for accepting or rejecting a session presence request.</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='Business Rules' anchor='bizrules'>
|
|
|
|
<p>To limit the extent of the presence leak, the receiving entity SHOULD send only bare presence without the XMPP &PRIORITY;, &SHOW;, or &STATUS; element. Unfortunately, this has two implications:</p>
|
|
<ol>
|
|
<li><p>The initiating entity cannot know which of the receiving entity's resources is more likely to engage in communication. This might imply that the initiating entity will need to send a session initiation request or other communication to more than one of the receiving entity's resources (and then retract the session initiation requests that are not answered by the receiving entity). Solutions to that problem are out of scope for this specification.</p></li>
|
|
<li><p>Establishment of a session might be delayed (e.g., because in Jingle it is desirable to start negotiating candidates as soon as possible but a user interface that prompts the receiving entity to explicitly approve of divulging presence will tend to a delay in call setup). As a result, it may be advantageous to have a way to configure unconditional sharing of session presence in certain deployments, at least within the same trust domain.</p></li>
|
|
</ol>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='Security Considerations' anchor='security'>
|
|
|
|
<p>Because decloaking is a presence leak (albeit intentional), an XMPP client that implements the receiving side of this specification MUST disable sharing of session presence by default and MUST enable the feature only as a result of explicit user confirmation. Such confirmation can be provided per request, at the first request per requestor, by setting some "always decloak" configuration option (e.g., globally or per domain), or through some other suitable means as long as decloaking does not occur by default. (Gateways and other non-user entities MAY divulge their own presence and capabilities unconditionally, if that is appropriate for the service policy at the gateway.)</p>
|
|
|
|
</section1>
|
|
|
|
<section1 topic='IANA Considerations' anchor='iana'>
|
|
<p>This document requires no interaction with &IANA;.</p>
|
|
</section1>
|
|
|
|
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
|
|
<p>The XMPP Registrar is requested to issue an initial namespace of "urn:xmpp:decloak:0".</p>
|
|
</section1>
|
|
|
|
<section1 topic='XML Schema' anchor='schema'>
|
|
<code><![CDATA[
|
|
<xs:schema
|
|
xmlns:xs='http://www.w3.org/2001/XMLSchema'
|
|
targetNamespace='urn:xmpp:decloak:0'
|
|
xmlns='urn:xmpp:decloak:0'
|
|
elementFormDefault='qualified'>
|
|
|
|
<xs:element name='decloak'>
|
|
<xs:complexType>
|
|
<xs:simpleContent>
|
|
<xs:extension base='empty'>
|
|
<xs:attribute name='reason' use='optional' type='xs:string'/>
|
|
</xs:extension>
|
|
</xs:simpleContent>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:simpleType name='empty'>
|
|
<xs:restriction base='xs:string'>
|
|
<xs:enumeration value=''/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:schema>
|
|
]]></code>
|
|
</section1>
|
|
|
|
<section1 topic='Acknowledgements' anchor='ack'>
|
|
<p>The need for this protocol extension, and a rough proposal for solving the problem, were originally determined at XMPP Summit 5 in the summer of 2007. Thanks to Diana Cionoiu, Justin Karneges, and Justin Uberti for their input to those discussions. Thanks also to Kurt Zeilenga for his feedback on the resulting specification.</p>
|
|
</section1>
|
|
|
|
</xep>
|