Hi, Adam Pisoni wrote: >> He also would need a way of authorizing flickr to publish to that node on >> his behalf (OAuth)
For this, Nathan's response is perfect: > It's simpler than that. You would "affiliate" Flickr's XMPP > bot/component/whatever as "publisher" to the node Much simpler indeed. This skips OAuth entirely. XMPP controls your roster, your nodes, and who has access to these (read/write privileges). However, if the photos are hosted in Flickr *and* you want to restrict this access to some groups, then you have to delegate access control to Flickr some way. In this case, OAuth would be recommend. Best regards, Nick On Tue, Jul 8, 2008 at 8:24 PM, Nathan Fritz <[EMAIL PROTECTED]> wrote: > It's simpler than that. You would "affiliate" Flickr's XMPP > bot/component/whatever as "publisher" to the node > (http://www.xmpp.org/extensions/xep-0060.html#owner-affiliations-modify). > Of course you don't want Flickr controlling your roster! And so if you want > Flickr to be able to control which JIDs are subscribed to this node (you > wouldn't want to do that, would you?), then you'd have to make flickr an > administrator of the node and use whitelist or authitication access models. > However, I wouldn't see any need for Flickr to control who subscribes to > this node and not, as it is your business. > > On Tue, Jul 8, 2008 at 3:34 PM, Adam Pisoni <[EMAIL PROTECTED]> wrote: >> >> This topic has been covered before loosely, but I have some questions I >> was hoping people could opine on as far as how they see the future working >> out. I'm currently working on a messaging product which relies heavily on >> XMPP and eventually PubSub. We're also looking at PEP and other ways to >> consume/expose our data in a brave new PubSub world of federated social >> networks. This has led to a lot of interesting questions. >> >> Imagine [EMAIL PROTECTED] posts an image to flickr. Bob has many >> friends who might be interested in that. In a PubSub world, those friends >> would subscribe to a node somewhere which flickr would publish to. Bob's >> friends would subscribe to that node. Here's where the questions start. >> Do people imagine that node living on flickr or on somejabberhost.com? >> There are benefits to both. Imagine this particular node of Bob's is >> private. He only wants to allow a subset of his roster to have permission >> to subscribe to that node. Lets say, from Bob's point of view, he has a >> roster group called Family who he wants to give permission to. If >> somejabberhost.com hosts that node then it would be easy for Bob to say he >> only wants his Family roster group to have access to his images_stream node. >> He also would need a way of authorizing flickr to publish to that node on >> his behalf (OAuth) Of course now Flickr can't further authenticate users >> for Bob since flickr doesn't know or have access to Bob's roster. Nor would >> Bob want flickr poking in his roster. >> >> We tried to imagine a scenario where Bob could give Flickr permission >> (perhaps using OAuth) to authenticate people against his roster (without >> flickr being able to read his roster fully). All of that seems complicated >> though. >> >> If Flickr keeps the node, then you have the same issues of Flickr not >> having any knowledge of Bob's roster. >> >> I know there may not be answers for these questions yet. I guess I'm just >> wondering what people think logical solutions might be. Or maybe there are >> answers. >> >> Thanks, >> adam >> > >
