-
Notifications
You must be signed in to change notification settings - Fork 123
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
XEP-0398: explain copy vs inject on access
- Loading branch information
Showing
1 changed file
with
28 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,7 +10,7 @@ | |
| <abstract>This specification describes a method for using PEP based avatars and vCard based avatars in parallel by having the user’s server do a conversion between the two.</abstract> | ||
| &LEGALNOTICE; | ||
| <number>0398</number> | ||
| <status>Deferred</status> | ||
| <status>Experimental</status> | ||
| <lastcall>2020-02-26</lastcall> | ||
| <type>Standards Track</type> | ||
| <sig>Standards</sig> | ||
|
|
@@ -29,6 +29,17 @@ | |
| <email>[email protected]</email> | ||
| <jid>[email protected]</jid> | ||
| </author> | ||
| <revision> | ||
| <version>0.3.0</version> | ||
| <date>2024-03-08</date> | ||
| <initials>dg</initials> | ||
| <remark> | ||
| <ul> | ||
| <li>Add text to explain that both <em>copy on publication</em> and <em>inject PEP avatar into vCard response</em> are valid implementations.</li> | ||
| <li>Add Security Considerations for both variants</li> | ||
| </ul> | ||
| </remark> | ||
| </revision> | ||
| <revision> | ||
| <version>0.2.1</version> | ||
| <date>2018-08-27</date> | ||
|
|
@@ -53,7 +64,7 @@ | |
| <p>Server implementations can aid to resolve this conflict by automatically putting avatars uploaded with <cite>XEP-0084</cite> into <cite>XEP-0153</cite> storage and vice versa. This allows clients to use the more efficient <cite>XEP-0084</cite> for uploading avatars and <cite>XEP-0153</cite> to retrieve avatars in Multi-User Chats.</p> | ||
| </section1> | ||
| <section1 topic='Discovery' anchor='disco'> | ||
| <p>The conversion is transparent to the uploading entity. However an entity might want to discover if a service will be performing the conversion from <cite>XEP-0084</cite> to <cite>XEP-0153</cite> since using vCard-Based Avatars will make the uploaded avatar publicly available. (See the “Security Considerations” section of this XEP.)</p> | ||
| <p>The conversion is transparent to the uploading entity. However an entity might want to discover if a service will be performing the conversion from <cite>XEP-0084</cite> to <cite>XEP-0153</cite> so it doesn’t have to maintain a vCard avatar itself.</p> | ||
| <p>The service MUST include a &xep0030; feature of "urn:xmpp:pep-vcard-conversion:0" on the account.</p> | ||
| <example caption='Client sends service discovery request to own account'><![CDATA[ | ||
| <iq from='[email protected]/garden' | ||
|
|
@@ -107,12 +118,23 @@ | |
| <p>The hash MUST also be injected into directed presences such as MUC joins</p> | ||
| </section1> | ||
| <section1 topic='Implementation Notes' anchor='impl'> | ||
| <p>Implementing clients SHOULD use the more efficient <cite>XEP-0084</cite> to access their own avatar storage and implement <cite>XEP-0153</cite> only to download avatars from other entities if they do not have mutual presence subscription with said entity. (For example participants in a Multi-User Chat.)</p> | ||
| <p>Services will inject the hash in directed presences automatically but will not resend the presence if the avatar gets updated. Thus clients MAY resend directed available presence to all Multi-User Chats after receiving a 'urn:xmpp:avatar:metadata' update notification. The service will then inject an updated version of the hash. To avoid sending unnecassary presence updates, resending should only occur if the service annouces the 'urn:xmpp:pep-vcard-conversion:0' feature.</p> | ||
| <section2 topic='Client' anchor='impl-client'> | ||
| <p>Implementing clients SHOULD use the more efficient <cite>XEP-0084</cite> to access their own avatar storage and implement <cite>XEP-0153</cite> only to download avatars from other entities if they do not have mutual presence subscription with said entity. (For example participants in a Multi-User Chat.)</p> | ||
| <p>Services will inject the hash in directed presences automatically but will not resend the presence if the avatar gets updated. Thus clients MAY resend directed available presence to all Multi-User Chats after receiving a 'urn:xmpp:avatar:metadata' update notification. The service will then inject an updated version of the hash. To avoid sending unnecassary presence updates, resending should only occur if the service annouces the 'urn:xmpp:pep-vcard-conversion:0' feature.</p> | ||
| </section2> | ||
| <section2 topic='Server' anchor='impl-server'> | ||
| <p>While this specification is worded in a way that implies PEP and vCard are two different storages and a publication to one copies the avatar to another an alternative implementation, that also satisfies the requirements, is one that dynamically injects the PEP avatar into the vCard upon request. If this approach is taken services SHOULD check if the requestor of the vCard has access to the PEP nodes.</p> | ||
| </section2> | ||
| </section1> | ||
| <section1 topic='Accessibility Considerations' anchor='access'> | ||
| <p>This specification has no accessibility considerations beyond those introduced by &xep0084;.</p> | ||
| </section1> | ||
| <section1 topic='Security Considerations' anchor='security'> | ||
| <p><cite>XEP-0084</cite> has a default access model that only allows entities with mutual presence subscription to access the published avatar. <cite>XEP-0153</cite> has no access control at all. Clients that discover the disco feature 'urn:xmpp:pep-vcard-conversion:0' on the account MAY warn users that uploading an avatar will make that avatar accessible to anyone who knows the Jabber ID.</p> | ||
| <p>In the future services MAY decide to perform PEP to vCard conversion only if the access model of the 'urn:xmpp:avatar:data' node has been set to 'open' as described in &xep0060;. However the ability to change the access model of nodes isn’t widely implemented yet and thus this paragraph exists only to act as a reminder that the privacy implications described in the previous paragraph can be avoided</p> | ||
| <p>Services that copy the avatar from PEP to vCard upon publication SHOULD perform conversion only if the access model of the 'urn:xmpp:avatar:data' node has been set to 'open' as described in &xep0060;.</p> | ||
| <p>Services that dynamically inject the PEP avatar into a vCard response SHOULD check if the entity that requested the vCard has access to both PEP nodes. This can be the case if the access model has been set top 'open' or if the requesting entity has a presence subscription of the owner.</p> | ||
| </section1> | ||
| <section1 topic='Privacy Considerations' anchor='privacy'> | ||
| <p>World readable avatars (access model <em>open</em>) will be made available through semi-anonymous MUCs and can be used to de-anonymize users.</p> | ||
| </section1> | ||
| <section1 topic='IANA Considerations' anchor='iana'> | ||
| <p>This document requires no interaction with the Internet Assigned Numbers Authority (IANA).</p> | ||
|
|
@@ -123,9 +145,6 @@ | |
| <li>urn:xmpp:pep-vcard-conversion:0</li> | ||
| </ul> | ||
| </section1> | ||
| <section1 topic='XML Schema' anchor='schema'> | ||
| <p>tbd</p> | ||
| </section1> | ||
| <section1 topic='Acknowledgements' anchor='ack'> | ||
| <p>Special thanks to Evgeny Khramtsov who implemented what is now written down as a XEP in ejabberd and created the inspiration for this XEP.</p> | ||
| </section1> | ||
|
|
||