On Thu Sep 6 00:27:33 2007, Peter Saint-Andre wrote:
One benefit of Dave's way is that it meshes with the original
reason for
invites to go through the room (e.g., permissions check to determine
that the invitor is allowed to send invitations, room adds invitee
to
the member list if the room is members-only).
Actually, the room doesn't need to add the invitee to a member's
list, yet - it can wait until the ticket is presented.
So I'd prefer Dave's
approach. But I haven't had a chance to look at RFC 4467 yet...
The short version of RFC 4467 is:
The email client (MUA) constructs an IMAP URL to the content it
wishes to pass on. (IMAP URLs can point to a specific message part).
It then appends an extra portion describing the actor allowed to use
it, and an optional expiry timestamp. This actor can be "anyone", or
"an authorized user of the IMAP store", or "the submission server
when it claims I'm using it", etc.
It then requests that this be signed by the IMAP server in some
opaque manner. Typically, this is done by using a secret key known
only to the server, and constructing an HMAC. The signature is then
appended to the URL, forming a signed URL. This "authorized URL" is
then handed back to the MUA.
The MUA typically uses this when submitting a message using BURL (RFC
4468), where it sends the authorized URL instead of the message
content, and the submission server can then obtain the content by
requesting the URL resolution from the IMAP server, and insert it
into the message.
Just as with what I've proposed, the entity which normally enforces
authorization continues to do so, and the pawn ticket, if snooped on
the wire or passed on, won't be of (much) use.
So what you'd end up with is that the initial invitation is sent to
the room for signing, something like:
(Adapted from) Example 46. Occupant Sends an Invitation for signing
to Room
<iq id='invite_1' type='get'
from='[EMAIL PROTECTED]/desktop'
to='[EMAIL PROTECTED]'>
<x xmlns='http://jabber.org/protocol/muc#user'>
<invite to='[EMAIL PROTECTED]'/>
</x>
</iq>
(New) Example 46.5. Room returns signed invitation to invitor:
<iq id='invite_1' type='result'
to='[EMAIL PROTECTED]/desktop'
from='[EMAIL PROTECTED]'>
<x xmlns='http://jabber.org/protocol/muc#user'>
<!-- Identical invitation -->
<invite to='[EMAIL PROTECTED]'/>
<!-- Opaque implementation-specific ticket,
probably HMAC of from, to, and the room. -->
<ticket xmlns='urn:some:namespace'>ajkscnduusvnsd</token>
</x>
</iq>
(Adapted from) Example 47. Invitor sends signed Invitation to Inviter
<message
to='[EMAIL PROTECTED]'
from='[EMAIL PROTECTED]/desktop'>
<body>You have been invited to [EMAIL PROTECTED]</body>
<x xmlns='urn:some:namespace'>
<invite xmlns='http://jabber.org/protocol/muc#user'
room='[EMAIL PROTECTED]'>
<reason>
Hey Hecate, this is the place for all good witches!
</reason>
</invite>
<ticket xmlns='urn:some:namespace'>ajkscnduusvnsd</token>
</x>
</message>
Expiry timestamps would be nice, too.
There's probably neater ways of expressing this in XML.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
