XCAP - PowerPoint PPT Presentation

1 / 31

About This Presentation

Title:

XCAP

Description:

Make it 'subscription-decision' with values 'accept' and 'politely-block' Politely-block accept for combining purposes. Proposal III. Do proposal II now, allow I ... – PowerPoint PPT presentation

Number of Views:44

Avg rating:3.0/5.0

Slides: 32

Provided by: jdro8

Learn more at: http://www.ietf.org

Category:

more less

Transcript and Presenter's Notes

Title: XCAP

1
XCAP

Jonathan Rosenberg
dynamicsoft

2
Changes in Main Spec

Removed POST usage
Clarified the meaning of PUT for inserts vs.
modifies
Added AUID grammar
Specified a grammar for xpath-style expressions
small subset of Xpath
Java form for vendor specific AUIDs
Using Etags, not modification times

No batching provided design your schemas
carefully
Clarified server awareness needed of the AUID and
all namespaces in the document
Clarified that other usages can specify auth
policies
Updated Examples
No content in error responses

3
Filename?

Does the xcap URI have a filename extension in
it?
http// xcap.example.com/services/presence-lists/u
sers/joe/mybuddies.xml
http// xcap.example.com/services/presence-lists/u
sers/joe/mybuddies
Proposal with filename extension

4
MIME Types

What MIME type is indicated in PUT request and
GET response?
Application/xml, text/xml, text/plain,
application/presence-listxml, new one?
Proposal
Application/xml when its an XML document
Seems better than text/xml since the consumer is
not a user rendering is not useful
Text/plain for attributes

5
Event Package

What is the fate of the event package?
Many big issues
Integrate with configuration framework?
SyncML?
Proposal
Move forward with xcap, xcap-auth, xcap-list
first, visit package second

6
Etag Scope

Current spec associates a separate Etag with each
XML component
If you update one component, all ancestors and
descendants are updated
Problem how does the client know what those
other etags are?
Complex

Proposal I
Ancestor and descendant tags are the same as the
new tag
Means client can compute the tags locally
Proposal II
Just maintain an Etag for the whole document

7
Etag Scope

Proposal I pros
Allows for several users to manipulate different
sub-trees without stepping on each others toes
But, do we need that?
CPCP?
Proposal II pros
Simpler

Recommendation
Proposal II

8
Query v. Path

Query approach
http//xcap.example.com/presence-lists/users/joe/m
ybuddies.xml?lists/list_at_id1
Path approach
http//xcap.example.com/presence-lists/users/joe/m
ybuddies.xml/lists/list_at_id1

9
Query v. Path

Benefits of Query approach
Makes it easy for server to figure out where doc
ends and elements begin
Benefits of Path approach
Hides implementation details
Works better with existing equipment
Query strings in PUT
Cache treatment of query parameters

Recommendation
Path Approach

10
Error Reporting

Current revision has no special error reporting
Operations which cause invalid schema return 409
Giving details on error is unlikely to help
doubtful an automata can recover
However, there is a recoverable error
Data interdependencies setting a URI that
already exists
Client should retry with new URI
How to indicate this?
New response code yuck
Some kind of XML in the body of the 409
allowed/possible?

11
XCAP List

Changes in this revision
Made it about generic resource lists left hooks
for various actions to be taken against the
list
Added support for external references to other
lists described by an XCAP URI

12
Subscription Auth Policy

If subscribeable flag is true, who can subscribe?
Spec doesnt say
Proposal
Its a matter of local policy
We can define an xcap usage later that defines
subscription permissions

13
XCAP Auth

Changes
Added an ltexceptgt clause, so you can except a
user, domain or list
Removed boolean operators from accept-if
Removed rule permissions
Remove transformational permissions
Removed requested-namespace, requested-element,
requested-tuple, duration accept-if conditions
Show-tuple selects a tuple by tuple class, not id
Removed show-values
Removed compound permission AUID later
Content permissions are applied BEFORE
composition process

14
Open Issues

Alignment with Geopriv
Lying and Polite Blocking

15
Why is Alignment Good?

Geolocation and presence are intimately related
We want to be able to deliver geoloc information
in presence
Placetype is a start!
Further enhances the SIMPLE value proposition

16
Exceptions

Exceptions need to be treated carefully to work
Excepting a user from is useless its easy for
a user to get a new name
You have to drop an entire statement if you cant
resolve an external reference for an exception
Exceptions dont deny a user permissions they
allow a convenience for enumerating a long list
of people to whom a rule applies

17
Exceptions

Example
Allow example.com except Bob
Allow example.com except Judy
If I have both these rules, and Bob subscribes,
is he allowed?
YES!

Matching operations need to be carefully
specified
Foo.example.com same as example.com?
Geopriv has decided not to do exceptions
initially
If we want alignment, we need to drop them too
What does the group think about this?

18
Conditions

Current xcap-auth has conditional permissions
Accept-if
But, conditions can make sense for any permission
Better alternative
All conditions are present in the ltapplies-togt tag

19
Example
ltstatementgt ltapplies-togt ltanonymousgttruelt/an
onymousgt lt/applies-togt ltaccept/gt
ltshow-elementgtbasiclt/show-elementgt lt/statementgt
20
Validity Condition

Specifies the duration over which the statement
applies
Allows the server to ignore permissions
automatically, instead of forcing the client to
remove on expiration
Client may not be connected
Assures privacy safety
Good idea!

21
Sphere Condition

Allows a statement to apply if the presentitys
sphere has some value
Dependent on inclusion of sphere in RPID
Nice idea, do we need it initially?

ltstatementgt ltapplies-togt ltspheregtworklt/spher
egt lturigtsipjoe_at_example.comlt/urigt
lt/applies-togt ltshow-namespacegtpidf-phonelt/show-n
amespacegt lt/statementgt
22
Authentication Condition

We can specify type of authentication that needed
to be used
BUT, will a user be able to usefully set this?
NO
They wont understand security properties
Proposal remove

23
Permission Combining

If multiple statements apply, how are permissions
combined?
Current spec says UNION but this only makes
sense for token types
Need to define rules for other types
Boolean OR operation
Requires TRUE to be more permissive
Integer MAX operation
Requires maximum to be more permissive

24
Explicit Confirmation

Currently, a watcher is pending if there are no
matching statements
Might want to explicitly specify that I should
always be asked to confirm subscriptions from a
user (I.e., winfo)
To do this, would add confirm-subscription
boolean

25
Actions vs. Transformations