[Pidgin] #15662: roster management, xmpp security
Pidgin
trac at pidgin.im
Mon Jun 10 05:54:19 EDT 2013
#15662: roster management, xmpp security
--------------------------+---------------------
Reporter: notphilipfry | Owner: deryni
Type: enhancement | Status: new
Milestone: | Component: XMPP
Version: 2.10.7 | Resolution:
Keywords: |
--------------------------+---------------------
Description changed by notphilipfry:
Old description:
> Please add support for xep-0016
> http://xmpp.org/extensions/xep-0016.html
>
> https://developer.pidgin.im/wiki/SupportedXEPs
>
> Privacy List'''s''' is plural (obviously). This allows for easy/quick
> toggling of allowing/disabling various bits perhaps as one changes one's
> resource.
>
> * All or nothing subscription authorization is woefully deficient
> * Not all roster members should see my client [version] through IQ
> stanzas.
> * Not all roster members should see all my PEP (mood, activity, tune,
> locus)
> * * [real time] locus, fine grain GPS for example, should only be
> available to friends and not anyone. Experience a stalker or two before
> deciding against
>
>
> [[BR]]
> [[BR]]
> [[BR]]
>
> quote:
>
> Server-side privacy lists enable successful completion of the following
> use cases:
>
> Retrieving one's privacy lists.
> Adding, removing, and editing one's privacy lists.
> Setting, changing, or declining active lists.
> Setting, changing, or declining the default list (i.e., the list that
> is active by default).
> Allowing or blocking messages based on JID, group, or subscription
> type (or globally).
> Allowing or blocking inbound presence notifications based on JID,
> group, or subscription type (or globally).
> Allowing or blocking outbound presence notifications based on JID,
> group, or subscription type (or globally).
> Allowing or blocking IQ stanzas based on JID, group, or subscription
> type (or globally).
> Allowing or blocking all communications based on JID, group, or
> subscription type (or globally).
New description:
Please add support for xep-0016
http://xmpp.org/extensions/xep-0016.html
https://developer.pidgin.im/wiki/SupportedXEPs
Privacy List'''s''' is plural (obviously). This allows for easy/quick
toggling of allowing/disabling various bits perhaps as one changes one's
resource.
* All or nothing subscription authorization is woefully deficient
* Not all roster members should see my client [version] through IQ
stanzas.
* Not all roster members should see all my PEP (mood, activity, tune,
locus)
* * [real time] locus, fine grain GPS for example, should only be
available to friends and not anyone. Experience a stalker or two before
deciding against
XEP-0191 has been implemented but it is not much better than revoking
subscription- or removing roster member.
The specious counter claim that XEP-0016 is "too complicated" need be
revisited by those who are also f*book users (not me) who can navigate
f*book "privacy" controls. ''XEP-0016 is at least one order of magnitude
less complex than f*book analogue.''
[[BR]]
[[BR]]
[[BR]]
quote:
Server-side privacy lists enable successful completion of the following
use cases:
Retrieving one's privacy lists.
Adding, removing, and editing one's privacy lists.
Setting, changing, or declining active lists.
Setting, changing, or declining the default list (i.e., the list that
is active by default).
Allowing or blocking messages based on JID, group, or subscription
type (or globally).
Allowing or blocking inbound presence notifications based on JID,
group, or subscription type (or globally).
Allowing or blocking outbound presence notifications based on JID,
group, or subscription type (or globally).
Allowing or blocking IQ stanzas based on JID, group, or subscription
type (or globally).
Allowing or blocking all communications based on JID, group, or
subscription type (or globally).
--
--
Ticket URL: <https://developer.pidgin.im/ticket/15662#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list