Re: [Devel] Presence user/domain

Tue, 15 May 2007 07:52:14 -0700 


On May 15, 2007, at 2:38 PM, Klaus Darilion wrote:


Hi Dan!
Take a look at the thread "[Devel] presence and to uri" started from Juha and my answer: 

from RFC 3903:
4.1.  Identification of Published Event State
The way I read this is that this is perfectly valid for SUBSCRIBE method. 


   Identification of published event state is provided by three pieces
of information: Request-URI, event type, and (optionally) an entity- 
   tag.
The last addition suggested by Juha was excellent for Subscribe because now we can subscribe to ENUM mappings, SIP aliases or whatever maps to the server know SIP URI. 

It does not address the Publish method though.
If I publish my state there are 4 fields where the presentity uri might appear: 

1. To header
2. From Header
3. SIP URI
4. The entity tag in the XML doc
We should make a consistent check so that we avoid any possibility to publish data in behalf of other users.
Request URI does not seem to be the best place to get the published state from as it is/can be easily rewritten by intermediaries, does it? I am looking at a way for a safe implementation rather than following blindly a RFC. 

Adrian



   The Request-URI of a PUBLISH request contains enough information to
   route the request to the appropriate entity per the request routing
   procedures outlined in RFC 3261 [4].  It also contains enough
   information to identify the resource whose event state is to be
   published, but not enough information to determine the type of the
   published event state.

IMO the last sentence says that the RURI has to be used.

regards
klaus




Dan Pascu wrote:

I see the following code in the presence module for handling PUBLISH:
        /* get pres_uri from Request-URI*/
if( parse_uri(msg->first_line.u.request.uri.s, msg- >first_line.u.request.uri.len, &pres_uri)< 0) 
        {
                LOG(L_ERR, "PRESENCE: handle_publish:error parsing Request 
URI\n");
                goto error;
        }
        pres_user= pres_uri.user;
        pres_domain= pres_uri.host;
which indicates that the user/domain are taken from the request uri.
The RFC however mentions that a PUBLISH is similar to a REGISTER, which would indicate that the user/domain should be taken from the To header. Unfortunately I found no direct reference to this in the RFC, only this indication that PUBLISH is similar with REGISTER, but still using ruri doesn't seem right. 

_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel



_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel

Reply via email to