[Standards] Pubsub: "Item Publisher" again.
Sergey Dobrov
I already asked but nothing happened:
http://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher
says:
> If configured to do so, the service can include the publisher of the
item when it generates event notifications.
This isn't clear at all. How it should be configured? How to check if
the service WILL include the publisher?
Can we REQUIRE a service to include this? Because, it's really the only
way to check if item publisher was not spoofed.
For now I using that feature but have no any way to do it consistently.
Without it, any publisher can sign it post with any other.
The http://xmpp.org/extensions/xep-0060.html#impl-association doesn't
reply to the question because it describes another behavior of the
attribute and not switching it on or off.
--
With best regards,
Sergey Dobrov,
XMPP Developer and JRuDevels.org founder.
Peter Saint-Andre
> Hello,
>
> I already asked but nothing happened:
> http://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher
> says:
>
>> If configured to do so, the service can include the publisher of the
> item when it generates event notifications.
>
> This isn't clear at all. How it should be configured? How to check if
> the service WILL include the publisher?
I think this is a gap in the spec. Something to fix when we work on
revisions later this year (I'll have cycles starting in April).
> Can we REQUIRE a service to include this? Because, it's really the only
> way to check if item publisher was not spoofed.
>
> For now I using that feature but have no any way to do it consistently.
> Without it, any publisher can sign it post with any other.
>
> The http://xmpp.org/extensions/xep-0060.html#impl-association doesn't
> reply to the question because it describes another behavior of the
> attribute and not switching it on or off.
Right. We need to define the configuration option for this.
Peter
--
Peter Saint-Andre
https://stpeter.im/