Thank you Ralph and Peter. It sounds like I probably lucked out since I intend to use the authorize mode. Do you know if the jabber.org server is running Idavoll?
On Dec 4, 2007 6:26 PM, Peter Saint-Andre <[EMAIL PROTECTED]> wrote: > Ralph Meijer wrote: > > On Mon, 2007-11-19 at 13:05 -0700, Peter Saint-Andre wrote: > >> Lindsay Oproman wrote: > >>> [..] > >> If the node is configured for an access model of "authorize" then each > >> subscription request will need to be approved by the node owner, unless > >> the implementation includes some logic to pre-approve subscription > >> requests from all resources based on the bare JID ([EMAIL PROTECTED]). > >> (Sounds like a good feature request.) > > > > I think that XEP-0060 was designed to do access control on bare JIDs, > > although we never made that explicit, apparently. You can see this in > > various parts of the specification. For example, any resource can > > manipulate the subscriptions and affiliations that are associated with > > any resource of the bare JID and the bare JID itself. > > Good point. > > > I don't think making it explicit that all access control is done on the > > bare JID should pose any issues. The only area that might be a concern > > is doing publish-subscribe from within a MUC room, but this is a special > > use case that we haven't given much attention anyway. I do have some > > thoughts on it, were it necessary to pull that into this thread. > > Yes, that is "MEP". > > > For what it is worth, Idavoll assigns affiliations to, and does access > > control based on, bare JIDs. > > I think that is right. > > If someone would like to propose some text, that would be great. > Otherwise I'll work something up soon. > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > >
