mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-30 13:12:15 -05:00
230 lines
14 KiB
XML
230 lines
14 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
||
<!DOCTYPE xep SYSTEM 'xep.dtd' [
|
||
<!ENTITY % ents SYSTEM 'xep.ent'>
|
||
%ents;
|
||
]>
|
||
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
|
||
<xep>
|
||
<header>
|
||
<title>User Rating</title>
|
||
<abstract>This specification provides for the rating element.</abstract>
|
||
<legal>
|
||
<copyright>This XMPP Extension Protocol is copyright (c) 1999 - 2014 by the XMPP Standards Foundation (XSF).</copyright>
|
||
<permissions>Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.</permissions>
|
||
<warranty>## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##</warranty>
|
||
<liability>In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.</liability>
|
||
<conformance>This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <<link url='http://xmpp.org/extensions/ipr-policy.shtml'>http://xmpp.org/extensions/ipr-policy.shtml</link>> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).</conformance>
|
||
</legal>
|
||
<number>xxxx</number>
|
||
<status>ProtoXEP</status>
|
||
<type>Standards Track</type>
|
||
<sig>Standards</sig>
|
||
<approver>Council</approver>
|
||
<dependencies>
|
||
<spec>XMPP Core</spec>
|
||
</dependencies>
|
||
<supersedes/>
|
||
<supersededby/>
|
||
<shortname>NOT_YET_ASSIGNED</shortname>
|
||
<author>
|
||
<firstname>Daniel</firstname>
|
||
<surname>Wisnewski</surname>
|
||
<email>daniel.wisnewski@tigase.org</email>
|
||
<jid>daniel@tigase.org</jid>
|
||
</author>
|
||
<revision>
|
||
<version>0.0.1</version>
|
||
<date>2016-05-21</date>
|
||
<initials>dsw</initials>
|
||
<remark><p>First draft.</p></remark>
|
||
</revision>
|
||
</header>
|
||
<section1 topic='Introduction' anchor='intro'>
|
||
<p>With the growing prevalence of XMPP communications, it is no longer safe to assume that XMPP will be free of spammers and nuisance users due to its obscurity. To that effect, this protocols aim is to create a user rating that can be used to hinder unnecessary communication within servers. While there have been several attempts to curb spam within servers, they have targeted the specific messages that may be labeled as spam, or relied on blocking policies. This approach singles out the JID of the user to (hopefully) remove their access to the server.</p>
|
||
</section1>
|
||
<section1 topic='Requirements' anchor='reqs'>
|
||
<p>XMPP Core, not known at this point.</p>
|
||
</section1>
|
||
<section1 topic='Glossary' anchor='glossary'>
|
||
<p>A user rating is an integer value assigned to a user’s bare JID to aid servers in determining JIDs that are predisposed to spam or offensive messages. The User Rating allows servers to determine appropriate actions from limiting stanza sending, to kicking or banning of the JID from the server. The rating, once implemented can be used in automated and user-based environments to curb abusive users.
|
||
<![CDATA[The introduction of a <rating/> element should be attached to a bare JID and should contain a float.
|
||
<rating>0.0</rating>]]>
|
||
Would indicate the user is behaving normally, and is not suspected of sending spam. Where a user who has achieved a rating of the following:
|
||
<![CDATA[<rating>1.0</rating> would be kicked from the server, for example.
|
||
<reportjid/> is the JID of the user to be reported for spam or abuse. ]]> </p>
|
||
</section1>
|
||
<section1 topic='Use Cases' anchor='usecases'>
|
||
<section2 topic='Retrieving rating' anchor='retrieverating'>
|
||
<p>A user may obtain their own rating by sending an IQ-get with no to address and an element qualified by the ‘rating’ namespace.</p>
|
||
<example caption='Rating retrieval request'><![CDATA[
|
||
<iq from=’romeo@montague.net’
|
||
id=’aa1a’
|
||
type=’get’>
|
||
<query xmlns=’rating’ />
|
||
</iq>
|
||
]]></example>
|
||
<p>The server should return an IQ result stanza with <rating/> element:</p>
|
||
<example caption='Server Response'><![CDATA[
|
||
<iq type=’result’ to=’romeo@montague.net’
|
||
id=’aa1a’
|
||
type=’result’>
|
||
<query xmlns=’rating’ />
|
||
<rating>0.1</rating>
|
||
</query>
|
||
</iq>
|
||
]]></example>
|
||
</section2>
|
||
<section2 topic='User-moderated server' anchor='usermodserver'>
|
||
<p>In installations that run as chat servers, moderation of spam users can be delivered to online users and administrators. Users receiving spam from a bare JID can send an IQ stanza to the server that increases the user rating.</p>
|
||
<example caption='Reporting Spam/Abuse'><![CDATA[
|
||
<iq type=’set’
|
||
from=’romeo@montague.net’
|
||
to=’shakespeare.lit’
|
||
id=’report1’>
|
||
<rating xmlns=’urnm:xmpp:abuse:1’>
|
||
<reported-jid>mercutio@shakespeare.lit</reported-jid>
|
||
</rating>
|
||
</iq>]]>
|
||
</example>
|
||
<p>
|
||
To report abuse, an IQ stanza must be sent with the set type including the
|
||
repored-jid element. If montague.net happens to a local vhost server, then it
|
||
will be processed by that server. However, this stanza would be sent directly
|
||
to montague.net with the rating payload.
|
||
</p>
|
||
<example caption='Success of reported response'><![CDATA[
|
||
<iq type=’result’ to=’romeo@montague.net’ id=’report1’ />
|
||
]]></example>
|
||
<p>Server sends a result IQ to confirm receipt of the report.</p>
|
||
<p>
|
||
Servers should notify a user JID that they have been reported, however the
|
||
identity of the reporter MUST remain anonymous, therefore the message
|
||
should be sent from the server itself.
|
||
</p>
|
||
<example caption='User receives abuse report'>
|
||
<![CDATA[<message to=’mercutio@shakespeare.lit’ id=’warning’ type=’headline’>
|
||
<body>Your actions have been reported as spam, and your rating has been increased.</body>
|
||
</message>]]>
|
||
</example>
|
||
<p>Server should return a not supported stanza if rating is not supported.</p>
|
||
<example caption='Feature-Not-Implemented Result'>
|
||
<![CDATA[<iq type=’error’ id=’report1’ to=’romeo@montague.net>
|
||
<rating xmlns=’urn:xmpp:abuse’>
|
||
<error type=’cancel’>
|
||
<feature-not-implemented xmlns=’urn:ietf:xml:ns:xmpp-stanzas’/>
|
||
</error>
|
||
</rating>
|
||
</iq>]]></example>
|
||
<p>
|
||
Local server may be programmed to create a <rating/> locally and
|
||
track communications on its own server if this result is returned.
|
||
</p>
|
||
<p>
|
||
Server should return a not found stanza if the JID specified in
|
||
<reported-jid/> is unable to be found:
|
||
</p>
|
||
<example caption='User JID not-found'><![CDATA[
|
||
<iq type=’error’ id=’report1’ to=’romeo@montague.net>
|
||
<rating xmlns=’urn:xmpp:abuse’>
|
||
<error type=’cancel’>
|
||
<item-not-found xmlns=’urn:ietf:xml:ns:xmpp-stanzas’/>
|
||
</error>
|
||
</rating>
|
||
</iq>
|
||
]]></example>
|
||
<p>A message should be sent to inform user that the JID is not found:</p>
|
||
<example><![CDATA[
|
||
<message to=’romeo@montague.net’ id=’warning’ type=’headline’>
|
||
<body>The reported user JID has not been found on this server.</body>
|
||
</message>
|
||
]]></example>
|
||
<p>
|
||
Whether the jid is of a local or foreign domain, the montague.net server
|
||
should at this point begin to track the reported jid
|
||
mercutio@shakespeare.lit and a new user rating.
|
||
</p>
|
||
<p>
|
||
JIDs that are critical to server functionality or admins should have a
|
||
permanent <rating/> of -100 to indicate that they are protected. Should a
|
||
user attempt to report a protected user, the server should send the
|
||
following:
|
||
</p>
|
||
<example caption='User is protected'><![CDATA[
|
||
<iq type=’error’ id=’admin1’ to=’romeo@montague.net>
|
||
<rating xmlns=’urn:xmpp:abuse’>
|
||
<error type=’cancel’>
|
||
<not-allowed xmlns=’urn:ietf:xml:ns:xmpp-stanzas’/>
|
||
</error>
|
||
</rating>
|
||
</iq>
|
||
]]></example>
|
||
<p>
|
||
The server may report the error with a message to the original user,
|
||
indicating that the selected <reported-jid/> is admin or protected.
|
||
</p>
|
||
<p>
|
||
When a user is found ‘guilty’ of being a spammer using this method the
|
||
server should first deliver a message before action is taken:
|
||
</p>
|
||
<example caption='User reaches <rating/> of 1.0'><![CDATA[
|
||
<message to=’mercutio@montague.net id=’notification’ type=’headline’>
|
||
<body>You have been found to be spamming the montague.net server, please take some time and cool off.</body>
|
||
</message>
|
||
]]></example>
|
||
<p>
|
||
The server will then conduct appropriate action, either a kick, or an
|
||
outright ban depending on the severity of the offenses, or settings within
|
||
the server. Actions may be taken using existing XEP-0061 Privacy Lists or
|
||
XEP-0191 Blocking Command, or an internal implementation to prevent
|
||
communication from known spammer accounts.
|
||
</p>
|
||
</section2>
|
||
</section1>
|
||
<section1 topic='Business Rules' anchor='rules'>
|
||
<p>OPTIONAL.</p>
|
||
</section1>
|
||
<section1 topic='Implementation Notes' anchor='impl'>
|
||
<p><![CDATA[Although this setup implies an active user base, the <rating/> element may be incorporated into non-human based systems as well. Unexpected JIDs, or ones that connect externally may be automatically given a high rating, and the server set for a low tolerance of stanzas sent in, allowing for quick and generally automated expulsion of unwanted or abusive JIDs from an automated system. The <rating/> element does not require a human interaction, instead it can be manipulated by a host server for automated abuse control.
|
||
Depending on a server operator’s level of forgiveness, ratings may be permanent or can normalize to 0 after a period of time.]]></p>
|
||
</section1>
|
||
<section1 topic='Security Considerations' anchor='security'>
|
||
<p>
|
||
This feature may lend itself to abuse from users who wish to punish or abuse
|
||
another user. All rating systems should follow two abuse control rules to
|
||
limit abuse potential:
|
||
</p>
|
||
<ol>
|
||
<li>
|
||
No one entity can use the rating system to ban/kick a JID unless they are
|
||
a server administrator. There must at least two or more JIDs reporting
|
||
spam or abuse to pass the kick or ban threshold.
|
||
</li>
|
||
<li>
|
||
Successive report values on same JID will decrease in weight against a
|
||
user rating, eventually lowering to zero (which then can be marked as
|
||
spam/abuse). For example: the first <repored-jid/> of
|
||
mercutio@montague.net by Romeo@montague.net increases the rating by 0.1.
|
||
The second from romeo@montague.net the same user is now weighted slightly
|
||
less, by increasing it 0.08. The third 0.06, fourth 0.04 and so on until
|
||
the weighted value of the report is null. At this point, it would be
|
||
advisable to notify Romeo that he is abusing the rating system, and will
|
||
begin to increase his own rating by further pushing the issue.
|
||
</li>
|
||
<li>
|
||
Critical or known-user JIDs exempt from rating rules should be set to a
|
||
value such as -100 to indicate that they are exempt from spam control
|
||
measures.
|
||
</li>
|
||
</ol>
|
||
</section1>
|
||
<section1 topic='IANA Considerations' anchor='iana'>
|
||
<p>This document requires no interaction with the Internet Assigned Numbers Authority (IANA).</p>
|
||
</section1>
|
||
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
|
||
<p>None known at this point.</p>
|
||
</section1>
|
||
<section1 topic='XML Schema' anchor='schema'>
|
||
<p>Not finished at this point.</p>
|
||
</section1>
|
||
</xep>
|