On 02/07/2013 01:13 AM, Tobias Markmann wrote: Hi,
> This is highly experimental work, so nothing is set on stone yet. We > would like to encourage everyone to send us their suggestions about how > things should or shouldn't be done. I like the idea, it can really improve user experience. I also like the idea of using DHT for this. Some thoughts about it: When searching on identifiers like phone numbers or e-mail addresses, they have to be reliable, otherwise the risk of identity theft or nonsense results is too big. Though an hosting node can verify an e-mail address or even a (mobile) phone number, there is no way guarantee the hosting node did so correctly. The only identifier that might be verified, by federation, is the jid. So I think the e-mail addresses or the phone numbers should not be searchable, except when it is on the same domain or the server admins trust the other domain in this. When de domain is not trustend, the jid (and the associated data) can be verified by federation, so imho it is essential to federate with the hosting node before presenting any search results. Being only able to search on jids, is of course, a big loss of usability. So I would propose to give users the possibility to add (more or less) some free fields to indicate how they want to be found. That might contain a name, a nickname, a company, profession, gender, color of the hair, whatever. Search results on these fields should be presented as "these users claim to be ...". Providing additional information in a contact might raise privacy issues. So I suggest to give the users fine grained access-control. Like: 'this should be available for everyone', in which case the server may handle the request, or 'only provide this after my permission', in which case the client must ask the user what information should be send after receiving a request. just my 2 Winfried
