1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-24 02:02:16 -05:00
xeps/xep-0186.xml
2018-01-13 13:13:43 -06:00

305 lines
16 KiB
XML

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Invisible Command</title>
<abstract>This document specifies an XMPP protocol extension for user invisibility.</abstract>
&LEGALNOTICE;
<number>0186</number>
<status>Proposed</status>
<lastcall>2017-12-21</lastcall>
<lastcall>2017-12-12</lastcall>
<type>Standards Track</type>
<sig>Standards</sig>
<dependencies>
<spec>XMPP Core</spec>
<spec>XMPP IM</spec>
<spec>XEP-0030</spec>
</dependencies>
<supersedes>
<spec>XEP-0018</spec>
<spec>XEP-0126</spec>
</supersedes>
<supersededby/>
<shortname>invisible</shortname>
&stpeter;
<revision>
<version>0.13</version>
<date>2017-11-29</date>
<initials>psa</initials>
<remark><p>Addressed Last Call feedback: (1) clarified conformance requirements for 'probe' attribute and (2) removed text about using the same server backend for privacy lists because XEP-0016 is now deprecated.</p></remark>
</revision>
<revision>
<version>0.12</version>
<date>2017-01-28</date>
<initials>psa</initials>
<remark><p>Added method for specifying server behavior regarding presence probes via new 'probe' attribute; incremented the protocol version number from 0 to 1.</p></remark>
</revision>
<revision>
<version>0.11</version>
<date>2012-06-27</date>
<initials>psa</initials>
<remark><p>Clarified handling of directed presence while in invisible state.</p></remark>
</revision>
<revision>
<version>0.10</version>
<date>2012-05-29</date>
<initials>psa</initials>
<remark><p>Further clarified server and client handling of stanzas during an invisibility session; updated RFC references.</p></remark>
</revision>
<revision>
<version>0.9</version>
<date>2008-10-07</date>
<initials>psa</initials>
<remark><p>Further clarified server and client handling of stanzas during an invisibility session.</p></remark>
</revision>
<revision>
<version>0.8</version>
<date>2008-10-06</date>
<initials>psa</initials>
<remark><p>Modified namespace to incorporate namespace versioning.</p></remark>
</revision>
<revision>
<version>0.7</version>
<date>2008-05-12</date>
<initials>psa</initials>
<remark><p>Added note about integration with privacy lists; removed XEP-0126 from list of protocols that this specification supersedes; changed temporary namespace to conform to XMPP Registrar procedures; copied several security considerations from XEP-0126.</p></remark>
</revision>
<revision>
<version>0.6</version>
<date>2007-09-05</date>
<initials>psa</initials>
<remark><p>Clarified that this specification is intended to supersede XEP-0018 and XEP-0126; added several additional examples.</p></remark>
</revision>
<revision>
<version>0.5</version>
<date>2007-01-30</date>
<initials>psa</initials>
<remark><p>Modified XML namespace name to conform to XEP-0053 processes.</p></remark>
</revision>
<revision>
<version>0.4</version>
<date>2006-08-09</date>
<initials>psa</initials>
<remark><p>Added XMPP Registrar considerations and XML schema.</p></remark>
</revision>
<revision>
<version>0.3</version>
<date>2006-08-02</date>
<initials>psa</initials>
<remark><p>Added inbound presence rule to server handling section.</p></remark>
</revision>
<revision>
<version>0.2</version>
<date>2006-07-07</date>
<initials>psa</initials>
<remark><p>Clarified that invisibility mode does not carry across sessions.</p></remark>
</revision>
<revision>
<version>0.1</version>
<date>2006-05-30</date>
<initials>psa</initials>
<remark><p>Initial version.</p></remark>
</revision>
<revision>
<version>0.0.2</version>
<date>2006-05-15</date>
<initials>psa</initials>
<remark><p>Recommended delivery of messages sent to bare JID.</p></remark>
</revision>
<revision>
<version>0.0.1</version>
<date>2006-05-11</date>
<initials>psa</initials>
<remark><p>First draft.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='intro'>
<p>Some XMPP-based instant messaging systems have long supported the ability for users to be online but to appear offline to other users. This "invisibility" feature was previously defined in nonstandard or complicated ways via &xep0018; and &xep0126; (the latter was a profile of &xep0016;, which is now deprected). By contrast, this specification defines a standards-compliant protocol extension that can be used over the long term, using an IQ-based protocol that enables an IM user to become "invisible" and "visible" at will within the context of a given session.</p>
</section1>
<section1 topic='Requirements' anchor='req'>
<p>The requirements for invisible mode are straightforward:</p>
<ol start='1'>
<li>A user can become visible or invisible at any time within an XMPP session.</li>
<li>Invisible mode is active only for the current session; if the user ends that session and starts another session, the invisibility mode set for the previous session does not carry over to the new session.</li>
<li>When in invisible mode, a user can send messages and directed presence to particular contacts.</li>
</ol>
</section1>
<section1 topic='Use Cases' anchor='usecases'>
<section2 topic='User Becomes Invisible' anchor='invisible'>
<p>In order for a client to go invisible, it sends an IQ-set with no 'to' address (thus handled by the user's server) containing an &lt;invisible/&gt; element qualified by the 'urn:xmpp:invisible:1' namespace &VNOTE;.</p>
<p>The &lt;invisible/&gt; element SHOULD include a 'probe' attribute, which specifies whether the server shall or shall not send presence probes to entities in the user's roster (thus determining whether the user does or does not automatically receive presence notifications from contacts). This attribute is a boolean &BOOLEANNOTE;, where a logical value of TRUE (lexical value of "true" or "1") indicates that the server shall send presence probes and where a logical value of FALSE (lexical value of "false" or "0") indicates that the server shall not send presence probes. The default logical value is FALSE.</p>
<example caption='Invisible command with indication to send presence probes'><![CDATA[
<iq from='bilbo@tolkien.example/shire'
id='d1s4pp34r1'
type='set'>
<invisible probe='true' xmlns='urn:xmpp:invisible:1'/>
</iq>
]]></example>
<p>Although the default value is false (thus protecting the user from leaking presence information), the client SHOULD always include the 'probe' attribute.</p>
<example caption='Invisible command with indication to not send presence probes'><![CDATA[
<iq from='bilbo@tolkien.example/shire'
id='d1s4pp34r2'
type='set'>
<invisible probe='false' xmlns='urn:xmpp:invisible:1'/>
</iq>
]]></example>
<p>If the server can successfully process the invisible command, it MUST return an IQ-result.</p>
<example caption='Invisible command is successful'><![CDATA[
<iq to='bilbo@tolkien.example/shire'
id='d1s4pp34r2'
type='result'/>
]]></example>
<p>(Standard XMPP stanza errors apply; see <cite>RFC 6120</cite>.)</p>
<p>When the client enters invisible mode during a presence session (i.e., after having previously sent undirected available presence with no 'type' attribute), the server MUST send &UNAVAILABLE; from the specified resource to all contacts who would receive unavailable presence if the client itself were to send &UNAVAILABLE;.</p>
<p>The following sections define server and client handling of inbound and outbound XML stanzas while the client is invisible.</p>
<section3 topic='Server Handling' anchor='invisible-server'>
<p>While the client is in invisible mode, the server:</p>
<ol start='1'>
<li><p>MUST NOT broadcast outbound presence notifications as a result of receiving any subsequent undirected presence notifications from the client.</p></li>
<li><p>MUST deliver outbound directed presence stanzas generated by the client.</p></li>
<li><p>MUST generate or not generate outbound presence probes in accordance with the value of the 'probe' attribute.</p></li>
<li><p>MUST deliver inbound &PRESENCE; stanzas.</p></li>
<li><p>SHOULD deliver inbound &MESSAGE; stanzas whose 'to' address is the bare JID &LOCALBARE; of the user (subject to standard XMPP stanza handling rules from <cite>RFC 6120</cite> and <cite>RFC 6121</cite>).</p></li>
<li><p>MUST deliver inbound &MESSAGE; and &IQ; stanzas whose 'to' address is the full JID &LOCALFULL; corresponding to the resource of the client.</p></li>
<li><p>MUST deliver outbound &MESSAGE; and &IQ; stanzas generated by the client (for an important note regarding presence leaks, see the <link url='#security'>Security Considerations</link> section of this document).</p></li>
<li>
<p>If there are no other available resources, MUST respond to all IQ-get requests and presence probes sent to the account's bare JID as if the account were offline; this includes but is not limited to the following:</p>
<ul>
<li>If the server responds to a presence probe, the last available presence MUST indicate that the user is unavailable, and if a time is indicated it MUST be the time when the client went invisible.</li>
<li>If the server responds to a &xep0012; request, the last activity time MUST be the time when the client went invisible.</li>
<li>If the server responds to a &xep0030; items request, the response MUST NOT include the invisible resource as one of the account's available items.</li>
</ul>
</li>
<li><p>If after sending directed presence the client then sends &UNAVAILABLE;, the server MUST deliver that unavailable presence only to the entities to which the client sent directed presence after going invisible.</p></li>
</ol>
</section3>
<section3 topic='Client Handling' anchor='invisible-client'>
<p>While the client is in invisible mode, it is suggested that the client behave as follows:</p>
<ul>
<li><p>Maintain a temporary list of entities with which communication is allowed and prompt the user before adding any entity to that "communicants list" for this invisibility session; for user convenience, this list might be auto-populated with trusted entities if so configured by the user.</p></li>
<li><p>Prompt the user before sending any outbound traffic (message, presence, or IQ stanza) to another user, even if the user generated such traffic; upon receiving authorization from the user, the client might then add the authorized entity to the communicants list for this invisibility session.</p></li>
</ul>
</section3>
</section2>
<section2 topic='User Becomes Visible' anchor='visible'>
<p>In order for a client to become visible again, it sends an IQ-set with no 'to' address (thus handled by the user's server) containing a &lt;visible/&gt; element qualified by the 'urn:xmpp:invisible:1' namespace &VNOTE;.</p>
<example caption='Visible command'><![CDATA[
<iq from='bilbo@tolkien.example/shire'
id='r34pp34r'
type='set'>
<visible xmlns='urn:xmpp:invisible:1'/>
</iq>
]]></example>
<p>If the server can successfully process the visibility command, it MUST return an IQ-result.</p>
<example caption='Visible command is successful'><![CDATA[
<iq to='bilbo@tolkien.example/shire'
id='r34pp34r'
type='result'/>
]]></example>
<p>When the client becomes visible, the server MUST treat that state as equivalent to an active session before receiving initial presence from the client, with one exception: if the client sent directed presence to any entities while in the invisible state, the server MUST treat those entities as under point 2 of Section 4.6.3 of RFC 6121 (i.e., the server MUST ensure that it sends unavailable presence to those entities if the client subsequently goes offline after becoming visible).</p>
<p>If the user wishes to then send presence to all contacts in the roster, it is the responsibility of the client to send an undirected available presence notification to the server.</p>
<example caption='Client sends available presence for roster broadcast'><![CDATA[
<presence/>
]]></example>
<p>The server would then broadcast that presence notification to all entities who would normally receive presence broadcasts from the client (the server MAY also send that notification to any entities to which the client sent directed presence while invisible, whether or not they are in the user's roster).</p>
</section2>
</section1>
<section1 topic='Discovering Support' anchor='support'>
<p>In order for a client to discover whether its server supports the invisible command, it sends a &xep0030; information request to the server:</p>
<example caption='Service discovery request'><![CDATA[
<iq from='bilbo@tolkien.example/shire'
id='d1sc0v3ry'
to='tolkien.example'
type='get'>
<query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
]]></example>
<p>If the server supports the invisible command, it MUST return a feature of "urn:xmpp:invisible:1" &VNOTE;.</p>
<example caption='Service discovery response'><![CDATA[
<iq from='tolkien.example'
id='d1sc0v3ry'
to='bilbo@tolkien.example/shire'
type='result'>
<query xmlns='http://jabber.org/protocol/disco#info'>
<feature var='urn:xmpp:invisible:1'/>
</query>
</iq>
]]></example>
<p>A client SHOULD complete this service discovery process before sending initial presence to its server (as specified in &xep0115;, a server can include entity capabilities information in a stream feature, which obviates the need for explicit service discovery as shown above).</p>
</section1>
<section1 topic='Interoperability Considerations' anchor='interop'>
<p>Implementers need to be aware that use of the 'probe' attribute is not consistent with the older privacy lists approach defined in XEP-0126.</p>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>No matter how it is implemented, invisibility can be defeated and presence leaks can occur without careful stanza handling on the part of the server and the client. Use of the protocol defined here does not necessarily prevent presence leaks, either technically or socially (e.g., if the user reveals his presence to one contact but not another and those contacts are in communication).</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>No interaction with &IANA; is required as a result of this document.</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<section2 topic='Protocol Namespaces' anchor='registrar-ns'>
<p>This specification defines the following XML namespace:</p>
<ul>
<li>urn:xmpp:invisible:1</li>
</ul>
<p>Upon advancement of this specification from a status of Experimental to a status of Draft, the &REGISTRAR; shall add the foregoing namespace to the registry located at &NAMESPACES;, as described in Section 4 of &xep0053;.</p>
</section2>
<section2 topic='Protocol Versioning' anchor='registrar-versioning'>
&NSVER;
</section2>
</section1>
<section1 topic='XML Schema' anchor='schema'>
<code><![CDATA[
<?xml version='1.0' encoding='UTF-8'?>
<xs:schema
xmlns:xs='http://www.w3.org/2001/XMLSchema'
targetNamespace='urn:xmpp:invisible:1'
xmlns='urn:xmpp:invisible:1'
elementFormDefault='qualified'>
<xs:element name='invisible'>
<xs:complexType>
<xs:simpleContent>
<xs:extension base='empty'>
<xs:attribute name='probe'
type='xs:boolean'
use='optional'
default='false'/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name='visible' type='empty'/>
<xs:simpleType name='empty'>
<xs:restriction base='xs:string'>
<xs:enumeration value=''/>
</xs:restriction>
</xs:simpleType>
</xs:schema>
]]></code>
</section1>
<section1 topic='Acknowledgements' anchor='ack'>
<p>Thanks to Philipp Hancke, Evgeny Khramtsov, Ruslan Marchenko, Kevin Smith, and Matthew Wild for their feedback.</p>
</section1>
</xep>