Status of this Memo

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on November 2, 2003.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

This document describes the specific extensions to and applications of the Extensible Messaging and Presence Protocol (XMPP) that are required to create a basic instant messaging and presence application, such as the servers and clients that comprise the Jabber network.

Table of Contents

1.  Introduction
1.1  Overview
1.2  Requirements
1.3  Terminology
1.4  Discussion Venue
1.5  Intellectual Property Notice
2.  Establishing a Session
3.  Exchanging Messages
3.1  Specifying an Intended Recipient
3.2  Specifying a Message Type
3.3  Specifying a Message Body
3.4  Specifying a Message Subject
3.5  Specifying a Conversation Thread
4.  Exchanging Presence Information
4.1  Client and Server Responsibilities
4.2  Specifying Availability Status
4.3  Specifying Detailed Status Information
4.4  Determining When a Contact Went Offline
4.5  Presence Examples
5.  Managing Subscriptions
5.1  Requesting a Subscription
5.2  Handling a Subscription Request
5.3  Cancelling a Subscription from Another Entity
5.4  Unsubscribing from Another Entity's Presence
6.  Managing One's Roster
6.1  Retrieving One's Roster on Login
6.2  Adding a Roster Item
6.3  Updating a Roster Item
6.4  Deleting a Roster Item
7.  Integration of Roster Items and Presence Subscriptions
7.1  Overview
7.2  User Subscribes to Contact
7.2.1  Alternate Flow: Contact Declines Subscription Request
7.3  Creating a Mutual Subscription
7.3.1  Alternate Flow: User Declines Subscription Request
7.4  Unsubscribing
7.4.1  Case #1: Subscription Type 'to'
7.4.2  Case #2: Subscription Type 'both'
7.5  Cancelling a Subscription
7.5.1  Case #1: Subscription Type 'from'
7.5.2  Case #2: Subscription Type 'both'
7.6  Removing a Roster Item and Cancelling All Subscriptions
8.  Blocking Communication
8.1  Syntax
8.2  Business Rules
8.3  Retrieving One's Privacy Lists
8.4  Managing Active Lists
8.5  Managing the Default List
8.6  Editing a Privacy List
8.7  Adding a New Privacy List
8.8  Removing a Privacy List
8.9  Blocking Messages
8.10  Blocking Inbound Presence Notifications
8.11  Blocking Outbound Presence Notifications
8.12  Blocking IQs
8.13  Blocking All Communication
8.14  Blocked Entity Attempts to Communicate with User
8.15  Higher-Level Heuristics
9.  Server Rules for Handling XML Stanzas
9.1  No 'to' Address
9.2  Foreign Domain
9.3  Subdomain
9.4  Bare Domain or Specific Resource
9.5  User in Same Domain
10.  IANA Considerations
10.1  XML Namespace Name for Session Data
11.  Security Considerations
§  Normative References
§  Informative References
§  Authors' Addresses
A.  vCards
B.  XML Schemas
B.1  session
B.2  jabber:iq:last
B.3  jabber:iq:privacy
B.4  jabber:iq:privacy:error
B.5  jabber:iq:roster
C.  Revision History
C.1  Changes from draft-ietf-xmpp-im-10
C.2  Changes from draft-ietf-xmpp-im-09
C.3  Changes from draft-ietf-xmpp-im-08
C.4  Changes from draft-ietf-xmpp-im-07
C.5  Changes from draft-ietf-xmpp-im-06
C.6  Changes from draft-ietf-xmpp-im-05
C.7  Changes from draft-ietf-xmpp-im-04
C.8  Changes from draft-ietf-xmpp-im-03
C.9  Changes from draft-ietf-xmpp-im-02
C.10  Changes from draft-ietf-xmpp-im-01
C.11  Changes from draft-ietf-xmpp-im-00
C.12  Changes from draft-miller-xmpp-im-02
§  Intellectual Property and Copyright Statements

1. Introduction

1.1 Overview

The core features of the Extensible Messaging and Presence Protocol are defined in XMPP Core[1]. These features -- specifically XML streams, stream authentication and encryption, and the <message/>, <presence/>, and <iq/> children of the stream root -- provide the building blocks for many types of near-real-time applications, which may be layered on top of the core by sending application-specific data scoped by particular XML namespaces. This document describes the extensions to and applications of XMPP Core that are required to create the basic functionality expected of an instant messaging and presence application as defined in RFC 2779[2].

1.2 Requirements

For the purposes of this document, we stipulate that a basic instant messaging and presence application needs to enable a user to perform the following high-level use cases:

• Establish a session with a server
• Exchange messages with other users
• Exchange presence information with other users
• Manage subscriptions to and from other users
• Manage the items in the user's contact list (in XMPP this is called a "roster")
• Block communications to or from specific other users

Detailed definitions of these functionality areas are contained in RFC 2779[2], and the interested reader is directed to that document regarding the requirements addressed herein.

Note: although XMPP IM meets the requirements of RFC 2779, it was not designed explicitly with RFC 2779 in mind, since the base protocol evolved through an open development process within the Jabber open-source community, mainly in 1999. In addition, protocols addressing many other functionality areas have been defined and continue to be defined by the Jabber Software Foundation[4]. These include service discovery, multi-user chat, data gathering and forms submission, feature negotiation, message composing events, message expiration, delayed delivery, file transfer, XHTML message formatting, publish-subscribe, and transports for XML-RPC and SOAP. However, such protocols are not described herein because they are not required by RFC 2779[2].

1.3 Terminology

This document inherits the terminology defined in XMPP Core[1].

The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[3].

1.4 Discussion Venue

The authors welcome discussion and comments related to the topics presented in this document. The preferred forum is the <xmppwg@jabber.org> mailing list, for which archives and subscription information are available at <http://www.jabber.org/cgi-bin/mailman/listinfo/xmppwg/>.

1.5 Intellectual Property Notice

This document is in full compliance with all provisions of Section 10 of RFC 2026. Parts of this specification use the term "jabber" for identifying namespaces and other protocol syntax. Jabber[tm] is a registered trademark of Jabber, Inc. Jabber, Inc. grants permission to the IETF for use of the Jabber trademark in association with this specification and its successors, if any.

2. Establishing a Session

Most instant messaging applications based on XMPP are implemented via a client-server architecture that requires a user to establish a session on the server in order to engage in the expected instant messaging and presence activities. However, there are several pre-conditions that must be met before a user may establish such a session. These include:

1. Account Provisioning -- while this is outside the scope of XMPP, methods for doing so include account creation by a server administrator as well as in-band account registration using the 'jabber:iq:register' namespace; the latter method is documented by the Jabber Software Foundation[4] at <http://www.jabber.org/protocol/>.
2. Authentication and Resource Authorization -- methods for completing these pre-conditions are documented in XMPP Core[1]; note that client authentication with a server MUST include an authorization identity that specifies the full JID (user@domain/resource) associated with the connection for addressing purposes.

Once a client has authenticated with a server and authorized a full JID (including resource), it SHOULD request that the server activate an IM session for the client. This is accomplished by means of the 'urn:ietf:params:xml:ns:xmpp-session' namespace:

Step 1: Client requests session with server:

Step 2: Server informs client that session has been created:

Several error conditions are possible. For example, the server may encounter an internal condition that prevents it from creating the session, the username or authorization identity may lack permissions to create a session, or there may already be an active session associated with an authzid of the same name.

If the server encounters an internal condition that prevents it from creating the session, it MUST return an error.

Step 2 (alt): Server responds with error (internal server error):

If the username or authorization identity is not allowed to create a session, the server MUST return an error.

Step 2 (alt): Server responds with error (username or authzid not allowed to create session):

If there is already an active session associated with an authzid of the same name, the server MUST either (1) terminate the active session and allow the newly-requested session, or (2) disallow the newly-requested session and maintain the existing session. Which of these the server does is up to the implementation, although it is RECOMMENDED to implement (1).

Step 2 (alt): Server informs client of resource conflict (the desired resource name is already in use by another active connection):

3. Exchanging Messages

Exchanging messages is a basic use of XMPP and is effected when a user sends a message stanza to another user (or, more generally, another entity). As defined under Server Rules for Handling XML Stanzas, the sender's server is responsible for delivering the message to the intended recipient (if the recipient is on the same server) or for routing the message to the recipient's server (if the recipient is on a different server).

Information regarding the syntax of message stanzas and their defined attributes and child elements may be found in XMPP Core[1].

3.1 Specifying an Intended Recipient

An IM client SHOULD specify an intended recipient for a message by providing the JID of an entity other than the sender in the 'to' attribute of the <message/> stanza. If the message is being sent in reply to a message previously received from an address of the form <user@domain/resource> (e.g., within the context of a chat session), the value of the 'to' address SHOULD be the complete address rather than merely <user@domain> unless the sender has knowledge (via presence) that the intended recipient is no longer available. If the message is being sent outside the context of any existing chat session or received message, the value of the 'to' address SHOULD be of the form <user@domain> rather than <user@domain/resource>.

3.2 Specifying a Message Type

As mentioned in XMPP Core[1], there are several defined types of messages (specified by means of a 'type' attribute within the <message/> element). In the context of an instant messaging application, a client MAY include a message type in order to capture the conversational context of the message, thus providing a hint regarding presentation (e.g., in a GUI). If no 'type' attribute is provided, the message SHOULD be assumed to be a standalone message to which the recipient MAY reply if desired. If the 'type' attribute is included, it SHOULD have one of the following values (any other value MAY be ignored):

• chat -- The message is sent in the context of a one-to-one chat conversation. A compliant client SHOULD present an interface enabling one-to-one chat between the two parties, including an appropriate conversation history.
• groupchat -- The message is sent in the context of a multi-user chat environment. A compliant client SHOULD present an interface enabling many-to-many chat between the parties, including a roster of parties in the chatroom and an appropriate conversation history.
• headline -- The message is probably generated by an automated service that delivers or broadcasts content (news, sports, market information, RSS feeds, etc.). No reply to the message is expected, and a compliant client SHOULD present an interface that appropriately differentiates the message from standalone messages, chat sessions, or groupchat sessions (e.g., by not providing the recipient with the ability to reply).
• error -- An error has occurred related to a previous message sent by the sender (for details regarding stanza error syntax, see XMPP Core[1]). A compliant client SHOULD present an appropriate interface informing the sender of the nature of the error.

Although the 'type' attribute is OPTIONAL, it is considered polite to mirror the type in any replies to a message; furthermore, some specialized applications (e.g., a multi-user chat service) MAY at their discretion enforce the use of a particular message type (e.g., type='groupchat').

3.3 Specifying a Message Body

A message stanza MAY (and often will) contain a child <body/> element specifying the main content of the message. The contents of the body MUST be XML character data and MUST NOT contain mixed content. If it is necessary to provide the main message content in an alternate form (e.g., encrypted using the public key infrastructure or formatted using XHTML), the alternate form MUST be contained in some other child of the message stanza. Multiple <body/> elements MAY be included, as long as each such element possesses an 'xml:lang' attribute with a distinct value.

A message with a body:

3.4 Specifying a Message Subject

A message stanza MAY contain one or more child <subject/> elements specifying the topic of the message. A subject element MUST contain XML character data and MUST NOT contain mixed content. Multiple <subject/> elements MAY be included, as long as each such element possesses an 'xml:lang' attribute with a distinct value.

A message with a subject:

3.5 Specifying a Conversation Thread

A message stanza MAY contain a child <thread/> element specifying the conversation thread in which the message is situated, for the purpose of tracking the conversation. The content of the <thread/> element is a random string that is generated by the sender in accordance with the algorithm specified in XMPP Core[1]; this string SHOULD be copied back to the sender in subsequent replies.

A threaded conversation:

4. Exchanging Presence Information

Exchanging presence information is made relatively straightforward within XMPP by using presence stanzas. However, we see here a contrast to the handling of messages: although a client MAY send directed presence information to another entity, in general presence information is sent from a client to its server (with no 'to' address) and then broadcasted by the server to any entities that are subscribed to the presence of the sending entity. (Note: in the terminology of RFC 2778[5], the only watchers in XMPP are subscribers.)

Information regarding the syntax of presence stanzas and their defined attributes and child elements may be found in XMPP Core[1].

4.1 Client and Server Responsibilities

When a client connects to its server, it SHOULD send an initial presence stanza to the server in order to signal its availability for communications. The initial presence stanza MUST possess no 'to' address (signalling that it is meant to be handled by the server on behalf of the user) and SHOULD possess no 'type' attribute.

Upon receiving initial presence from a client, the user's server MUST do the following:

1. Send presence probes (i.e., presence stanzas whose 'type' attribute is set to a value of "probe") from the full JID (user@domain/resource) of the user to the bare JID (user@domain) of any contacts to which the user is subscribed in order to determine if they are available; such contacts are those which are present in the user's roster with the 'subscription' attribute set to a value of "to" or "both". (Note: a user or client SHOULD NOT send presence probes.)
2. Broadcast initial presence from the full JID (user@domain/resource) of the user to the bare JID (user@domain) of any contacts that are subscribed to the user's presence; such contacts are those which are present in the user's roster with the 'subscription' attribute set to a value of "from" or "both".

Upon receiving a presence probe from the user, the contact's server MUST do one of the following:

1. If the username specified in the 'to' address of the presence probe does not exist, return an <item-not-found/> error to the user.
2. Else if the user is not in the contact's roster with a subscription state of "from" or "both", return a <recipient-unavailable/> stanza error to the user.
3. Else if the contact has no active sessions, return a <recipient-unavailable/> error to the user.
4. Else if the contact has blocked outbound presence notifications to the user's bare or full JID (as defined in Blocking Outbound Presence Notifications), return a <recipient-unavailable/> error to the user.
5. Else send to the user the last known availability information (i.e., the full XML of the last presence stanza) provided by each of the contact's active sessions.

Upon receiving initial presence from the user, the contact's server MUST do one of the following:

1. If the username specified in the 'to' address does not exist, return an <item-not-found/> error to the user.
2. Else if the user is not in the contact's roster with a subscription state of "to" or "both", return a <recipient-unavailable/> stanza error to the user.
3. Else if the contact has no active sessions, return a <recipient-unavailable/> error to the user.
4. Else if the contact has blocked inbound presence notifications from the user's bare or full JID (as defined in Blocking Inbound Presence Notifications), return a <recipient-unavailable/> error to the user.
5. Else deliver the user's presence stanza to the full JIDs (contact@domain/resource) associated with all of the contact's active sessions (subject to privacy rules).

If the user's server receives a presence stanza of type "error" in response to the initial presence that it forwarded to a contact on behalf of the user, it MUST NOT send further presence updates to that contact (until and unless it successfully sends subsequent presence information to that contact, whether or not in response to a presence probe from the contact).

After sending initial presence, the user MAY update and broadcast its presence information at any point during its active session by sending a presence stanza with no 'to' address and either no 'type' attribute or a 'type' attribute with a value of "unavailable". (Note: a user's client SHOULD NOT send a presence update to broadcast information that changes independently of the user's presence and availability.) If the presence stanza lacks a 'type' attribute (i.e., expresses availability), the user's server MUST broadcast the full XML of that presence stanza to all contacts that are in the user's roster with a subscription type of "from" or "both" and from whom the server has not received a presence error during the user's session. If the presence stanza has a 'type' attribute set to a value of "unavailable", the user's server MUST broadcast the full XML of that presence stanza to all contacts that are in the user's roster with a subscription type of "from" or "both" and from whom the server has not received a presence error during the user's session, as well as to any entities to which the user has sent directed presence during the user's session.

A user MAY send directed presence to another entity (i.e., a presence stanza with a 'to' attribute whose value is the JID of the other entity and with either no 'type' attribute or a 'type' attribute whose value is "unavailable"). There are three possible cases:

1. If the user sends directed presence to a contact that is in the user's roster with a subscription type of "from" or "both" after having sent initial presence and before sending unavailable presence broadcast, the user's server MUST route or deliver the full XML of that presence stanza but SHOULD NOT otherwise modify the contact's status regarding presence broadcast (i.e., it SHOULD include the contact's JID in any subsequent presence broadcasts initiated by the user).
2. If the user sends directed presence to an entity that is not in the user's roster with a subscription type of "from" or "both" after having sent initial presence and before sending unavailable presence broadcast, the user's server MUST route or deliver the full XML of that presence stanza to the entity but MUST NOT modify the contact's status regarding available presence broadcast (i.e., it MUST NOT include the entity's JID in any subsequent broadcasts of available presence initiated by the user); however, if the connected resource from which the user sent the directed presence become unavailable, the user's server MUST broadcast that unavailable presence to the entity.
3. If the user sends directed presence without ever first sending initial presence or after having sent unavailable presence broadcast, the user's server MUST treat the entities to which the user sends directed presence in the same way that it treats the entities listed in Case 2 above.

Before ending its session with a server, a client SHOULD gracefully become unavailable by sending a final presence stanza that is explicitly of type unavailable (optionally, final presence MAY contain one or more <status/> elements specifying the reason why the user is no longer available). However, the user's server MUST NOT depend on receiving final presence from a connected resource, since the resource may become unavailable unexpectedly. If the user's server detects that one of the user's resources has become unavailable for any reason (either gracefully or ungracefully), it MUST broadcast unavailable presence, the user's server MUST broadcast unavailable presence to all contacts that are in the user's roster with a subscription type of "from" or "both" and from whom the server has not received a presence error during the session, as well as to any entities to which the user has sent directed presence during the user's session for that resource.

4.2 Specifying Availability Status

A client MAY provide further information about its availability status by using the <show/> element. As mentioned in XMPP Core[1], the recognized values for the show element are:

• away -- The entity or resource is temporarily away.
• chat -- The entity or resource is actively interested in chatting.
• xa -- The entity or resource is away for an extended period (xa = "eXtended Away").
• dnd -- The entity or resource is busy (dnd = "Do Not Disturb").

Availability status:

If no <show/> element is provided, the entity is assumed to be online and available.

4.3 Specifying Detailed Status Information

In conjunction with the <show/> element, a client MAY provide detailed status information by using the <status/> element. The content of this element is a natural-language description of the client's current availability status.

Detailed status information:

4.4 Determining When a Contact Went Offline

The server MUST maintain a record of the time at which a user became unavailable (whether gracefully or ungracefully). An authorized subscriber to that user's presence MAY request the time of last activity by sending an IQ stanza to the user's bare JID (user@domain) containing an empty <query/> element scoped by the 'jabber:iq:last' namespace:

Requesting the last active time of a user:

If the entity requesting the time of last activity is an authorized subscriber to the user's presence (i.e., exists in the user's roster with the 'subscription' attribute set to a value of "from" or "both") and the user is not blocking IQ stanzas to and from the entity (as defined in Blocking IQs), the server SHOULD return an IQ stanza of type "result" with the number of seconds since the user was last active (if the user is online and available, the 'seconds' attribute should be set to a value of "0", i.e., zero):

Returning the last active time of a user:

If the entity requesting the time of last activity is not an authorized subscriber to the user's presence (i.e., does not exist in the user's roster with the 'subscription' attribute set to a value of "from" or "both"), the server MUST return an IQ stanza of type "error" with an error condition of forbidden:

Requester is forbidden to view the last active time of a user:

4.5 Presence Examples

The examples in this section illustrate the presence-related protocols described above. The user is romeo@montague.net, he has authorized a resource "orchard", and he has the following individuals in his roster:

• juliet@capulet (subscription="both" and she has two active sessions, one whose resource is "chamber" and another whose resource is "balcony")
• benvolio@shakespeare.lit (subscription="to")
• mercutio@shakespeare.lit (subscription="from")

Example 1: User sends initial presence:

Example 2: User's server sends presence probe to contacts with subscription="to" and subscription="both" on behalf of the user's connected resource:

Example 3: User's server sends initial presence to contacts with subscription="from" and subscription="both" on behalf of the user's connected resource:

Example 4: Contacts' servers reply to presence probe on behalf of all of the contacts' connected resources:

Example 5: Contacts' servers deliver user's initial presence to all of the contacts' connected resources or returns error to user:

Example 6: User sends directed presence to another user not in his roster:

Example 7: User sends updated available presence information for broadcasting:

Example 8: Updated presence information is delivered only to one contact (not those from whom an error was received or to whom the user sent directed presence):

Example 9: One of the contact's resources sends final presence:

Example 10: Unavailable presence information is delivered from contact to user:

Example 11: User sends final presence:

Example 12: Unavailable presence information is delivered to contact's one remaining resource as well as to the other person to whom the user sent directed presence:

5. Managing Subscriptions

In order to protect the privacy of instant messaging users and any other entities, presence and availability information is disclosed only to other entities that the user has approved. When a user has agreed that another entity may view its presence, the entity is said to have a subscription to the user's presence information. A subscription lasts across sessions; indeed, it lasts until the subscriber unsubscribes or the subscribee cancels the previously-granted subscription. Subscriptions are managed within XMPP by sending presence stanzas containing specially-defined attributes.

Note: there are important interactions between subscriptions and rosters; these are defined under Integration of Roster Items and Presence Subscriptions, and the reader must refer to that section for a complete understanding of presence subscriptions.

5.1 Requesting a Subscription

A request to subscribe to another entity's presence is made by sending a presence stanza of type "subscribe".

Sending a subscription request:

If the subscription request is being sent another IM user, the JID supplied in the 'to' attribute SHOULD be of the form <user@domain> rather than <user@domain/resource>.

5.2 Handling a Subscription Request

When a client receives a subscription request from another entity, it MAY accept the request by sending a presence stanza of type "subscribed" or decline the request by sending a presence stanza of type "unsubscribed".

Accepting a subscription request:

Denying a presence subscription request:

A user's server MUST NOT automatically accept subscription requests on the user's behalf. All subscription requests MUST be directed to the user's client. If there is no connected resource associated with the user when the subscription request is received by the server, the user's server MUST store the subscription request offline for delivery when the user next becomes available.

5.3 Cancelling a Subscription from Another Entity

If a user would like to cancel a previously-granted subscription request, it sends a presence stanza of type "unsubscribed".

Cancelling a previously granted subscription request:

5.4 Unsubscribing from Another Entity's Presence

If a user would like to unsubscribe from the presence of another entity, it sends a presence stanza of type "unsubscribe".

Unsubscribing from an entity's presence:

6. Managing One's Roster

In XMPP, one's contact list is called a roster, which consists of any number of specific roster items, each roster item being identified by a unique JID of the form "contact@domain". A user's roster is stored by the user's server on the user's behalf so that the user may access roster information from any connected resource.

Note: there are important interactions between rosters and subscriptions; these are defined under Integration of Roster Items and Presence Subscriptions, and the reader must refer to that section for a complete understanding of roster management.

6.1 Retrieving One's Roster on Login

Upon connecting to the server, a client MAY request the roster (however, because receiving the roster may not be desirable for all resources, e.g., a connection with limited bandwidth, the client's request for the roster is OPTIONAL). If a connected resource does not request the roster during a session, it SHOULD never receive presence subscriptions and associated roster pushes.

Client requests current roster from server:

Client receives roster from the server:

6.2 Adding a Roster Item

At any time, a user MAY add an item to his or her roster.

Client adds a new item:

The value of the 'jid' attribute SHOULD be of the form <user@domain>, especially if the item is associated with another (human) IM user.

The server MUST update the roster information in persistent storage, and also push the change out to all connected resources associated with the user using an IQ stanza of type "set" (this is referred to as a "roster push"). This "roster push" enables all connected resources to remain in sync with the server-based roster information.

Server replies with an IQ result to the sending resource and pushes the updated roster information to all connected resources:

Connected resources reply with an IQ result to the server:

6.3 Updating a Roster Item

Updating an existing roster item (e.g., changing the group) is done in the same way as adding a new roster item, i.e., by sending the roster item in an IQ set to the server.

User updates roster item (added group):

As with adding a roster item, when updating a roster item the server MUST update the roster information in persistent storage, and also initiate a "roster push" to all connected resources associated with the user.

6.4 Deleting a Roster Item

At any time, a user MAY delete an item from its roster by doing an IQ set and making sure that the value of the 'subscription' attribute is "remove" (a compliant server MUST ignore any other values of the 'subscription' attribute when received from a client).

Client removes an item:

As with adding a roster item, when deleting a roster item the server MUST update the roster information in persistent storage, and also initiate a "roster push" to all connected resources associated with the user.

For further information about the implications of this command, see Removing a Roster Item and Cancelling All Subscriptions.

7. Integration of Roster Items and Presence Subscriptions

7.1 Overview

Some level of integration between roster items and presence subscriptions is normally expected by instant messaging users. This section describes the level of integration that must be supported within XMPP IM.

There are four primary subscription states:

• None -- Neither the user nor the contact is subscribed to the other's presence
• To -- The user is subscribed to the contact's presence but there is no subscription from the contact to the user
• From -- There is a subscription from the contact to the user, but the user has not subscribed to the contact's presence
• Both -- Both the user and the contact are subscribed to each other's presence (i.e., the union of 'from' and 'to')

Each of these states is reflected in the roster of both the user and the contact, thus resulting in durable subscription states. The details regarding how these subscription states interact with roster items are explained in the following sub-sections.

As noted above, if a connected resource does not request the roster during a session, it SHOULD never receive presence subscriptions and the associated roster pushes. In addition, a client MUST acknowledge each "roster push" with an IQ stanza of type "result" (these stanzas are not shown in the following examples but are required by XMPP Core[1]).

7.2 User Subscribes to Contact

The process by which a user subscribes to a contact, including the interaction between roster items and subscription states, is defined below.

7.2.1 Alternate Flow: Contact Declines Subscription Request

The above activity flow represents the "happy path" related to the user's subscription request to the contact. The main alternate flow occurs if the contact denies the user's subscription request; in order to deny the request, the contact's client MUST send a presence stanza of type "unsubscribed" to the user:

The user's server MUST then (1) deliver that presence stanza to the user and (2) initiate a "roster push" to all connected resources associated with the user, with the 'subscription' attribute set to a value of "none":

As a result of this activity, the contact is now in the user's roster with a subscription state of "none", whereas the user is not in the contact's roster at all.

7.3 Creating a Mutual Subscription

The user and contact can build on the foregoing to create a mutual subscription (i.e., a subscription of type "both"). The process is defined below.

7.3.1 Alternate Flow: User Declines Subscription Request

The above activity flow represents the "happy path" related to the contact's subscription request to the user. The main alternate flow occurs if the user denies the contact's subscription request; in order to deny the request, the user's client MUST send a presence stanza of type "unsubscribed" to the contact:

The contact's server MUST then (1) deliver that presence stanza to the contact and (2) initiate a "roster push" to all connected resources associated with the contact, with the 'subscription' attribute set to a value of "from" and with no 'ask' attribute:

As a result of this activity, there has been no change in the subscription state; i.e., the contact is in the user's roster with a subscription state of "to" and the user is in the contact's roster with a subscription state of "from".

7.4 Unsubscribing

At any time after subscribing to a contact's presence, a user MAY unsubscribe. While the XML that the user sends to make this happen is the same in all instances, the subsequent subscription state is different depending on the subscription state obtaining when the unsubscribe command is sent. Both possible scenarios are defined below.

7.4.1 Case #1: Subscription Type 'to'

In the first case, the user has a subscription to the contact but the contact does not have a subscription to the user (i.e., the subscription is not yet mutual).

In the second case, the user has a subscription to the contact and the contact also has a subscription to the user.

7.5 Cancelling a Subscription

At any time after approving a subscription request from a user, a contact MAY cancel that subscription. While the XML that the contact sends to make this happen is the same in all instances, the subsequent subscription state is different depending on the subscription state obtaining when the cancellation is sent. Both possible scenarios are defined below.

7.5.1 Case #1: Subscription Type 'from'

In the first case, the user has a subscription to the contact but the contact does not have a subscription to the user (i.e., the subscription is not yet mutual).

In the second case, the user has a subscription to the contact and the contact also has a subscription to the user.

7.6 Removing a Roster Item and Cancelling All Subscriptions

Because there may be many steps involved in completely removing a roster item and reverting the subscription state to "none", XMPP IM includes a "shortcut" method for doing so. The process may be initiated by either a contact or a user no matter what the current subscription state is, by means of sending a roster set with the 'subscription' attribute set to a value of "remove".

For example, a user may send the following XML:

When the user removes a contact from his or her roster by setting the 'subscription' attribute to a value of "remove", the user's server MUST automatically cancel any existing presence subscription between the user and the contact by sending presence stanzas of type "unsubscribe" and "unsubscribed" from the user to the contact. As a result of this command, the user's server must send the user a "roster push" with the subscription state set to "none", and the contact's server must do the same.

A contact may also send such a command, resulting in the same type of system behavior.

8. Blocking Communication

Most instant messaging systems have found it necessary to implement some method for users to block communications from particular other users (this is also required by sections 5.1.5, 5.1.15, 5.3.2, and 5.4.10 of RFC 2779[2]). In XMPP this is done using the 'jabber:iq:privacy' namespace by managing one's privacy lists.

Server-side privacy lists enable successful completion of the following use cases:

• Retrieving one's privacy lists.
• Adding, removing, and editing one's privacy lists.
• Setting, changing, or declining active lists.
• Setting, changing, or declining the default list (i.e., the list that is active by default).
• Allowing or denying messages based on JID, group, or subscription type (or globally).
• Allowing or denying inbound presence notifications based on JID, group, or subscription type (or globally).
• Allowing or denying outbound presence notifications based on JID, group, or subscription type (or globally).
• Allowing or denying IQs based on JID, group, or subscription type (or globally).
• Allowing or denying all communications based on JID, group, or subscription type (or globally).

Note: presence notifications do not include presence subscriptions, only presence information that is broadcasted to entities that are subscribed to a user's presence information. Thus this includes presence stanzas with no 'type' attribute or of type='unavailable' only.

8.1 Syntax

A user MAY define one or more privacy lists, which are stored by the user's server. Each <list/> element contains one or more rules in the form of <item/> elements, and each <item/> element uses attributes to define a privacy rule type, a specific value within the type, the relevant action, and the place of the item in the processing order.

The syntax is as follows:

If the type is "jid", then the 'value' attribute MUST contain a valid Jabber ID. JIDs are matched in the following order: <user@domain/resource>, then <user@domain>, then <domain/resource>, then <domain>. If the value is <user@domain>, then any connected resource for that user@domain matches. If the value is <domain/resource>, then only that resource matches. If the value is <domain>, then any user@domain (or subdomain) matches.

If the type is "group", then the 'value' attribute MUST contain the name of a group in the user's roster. (If a client attempts to update or delete a list item with a group that is not in the user's roster, the server MUST return to the client an <item-not-found/> error of class "address" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.)

If the type is "subscription", then the 'value' attribute MUST be one of "both", "to", "from", or "none" as defined in XMPP Core[1].

If no 'type' attribute is included, the rule provides the "fall-through" case.

The 'action' attribute MUST be included and its value MUST be either "accept" or "deny".

The 'order' attribute MUST be included and its value MUST be a non-negative integer that is unique among all items in the list. (If a client attempts to create or update a list with non-unique order values, the server MUST return to the client a <bad-request/> error of class "format" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.

Within the 'jabber:iq:privacy' namespace, the <query/> child of a client-generated IQ stanza of type "set" MUST NOT include more than one child element (i.e., the stanza must contain only one <active/> element, one <default/> element, or one <list/> element); if a client violates this rule, the server MUST return to the client a <bad-request/> error of class "format" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.)

When a client adds or updates a privacy list, the <list/> element MUST contain at least one <item/> child element; if a client violates this rule, the server MUST return to the client a <bad-request/> error of class "format" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.

When a client updates a privacy list, it must include all of the desired items (i.e., not a "delta").

8.2 Business Rules

The active list affects only the session/resource for which it is activated, and only for the duration of the session. If a stanza is addressed to a specific resource, only the active list for that session is processed (i.e., the default list is ignored).

The default list applies to the user as a whole, and is processed if there is no active list set for the target session/resource to which a stanza is addressed, or if there are no current sessions for the user.

If there is no active list set for a session (or there are no current sessions for the user), and there is no default list, then all stanzas SHOULD BE accepted or appropriately processed by the server on behalf of the user.

Privacy lists SHOULD be the first routing and delivery rule applied by a server, trumping the other rules specified in Server Rules for Handling XML Stanzas.

The order in which privacy list items are processed by the server is important. List items MUST be processed in ascending order determined by the values of the 'order' attribute for each <item/>.

As soon as a stanza is matched against a privacy list, the server SHOULD appropriately handle the stanza and cease processing.

If no fall-through item is provided in a list, the fall-through action is assumed to be "accept".

When a user updates the definition for a list or adds a new list (whether or not it is active), the server SHOULD NOT "push" that information out to all connected resources associated with the user's account, as is done for rosters. If a client or user wants to retrieve the current privacy list information, it SHOULD request the relevant list.

8.3 Retrieving One's Privacy Lists

Client requests names of privacy lists from server:

Server sends names of privacy lists to client, including default list and active list:

Client requests a privacy list from server:

Server sends a privacy list to client:

Client requests another privacy list from server:

Server sends another privacy list to client:

Client requests yet another privacy list from server:

Server sends yet another privacy list to client:

In this example, the user has three lists: (1) 'public', which allows communications from everyone except one specific entity; (2) 'private', which allows communications only from contacts who have a bidirectional subscription with the user; and (3) 'special', which allows communications only from three specific entities. The active list currently being applied by the server is the 'private' list.

If the user attempts to retrieve a list but a list by that name does not exist, the server MUST return an "item not found" stanza error to the user, which SHOULD include a <no-such-list/> child element scoped by the 'jabber:iq:privacy:error' namespace:

Client attempts to retrieve non-existent list:

The user is allowed to retrieve only one list at a time. If the user attempts to retrieve more than one list in the same request, the server MUST return a "bad request" stanza error to the user, which SHOULD include a <too-many-lists/> child element scoped by the 'jabber:iq:privacy:error' namespace:

Client attempts to retrieve more than one list:

8.4 Managing Active Lists

In order to set or change the active list currently being applied by the server, the user MUST send an IQ stanza of type "set" with a <query/> element scoped by the 'jabber:iq:privacy' namespace that contains an empty <active/> child element possessing a 'name' attribute whose value is set to the desired list name.

Client requests change of active list:

The server MUST activate and apply the requested list before sending the result back to the client.

Server acknowledges success of active list change:

If the user attempts to set an active list but a list by that name does not exist, the server MUST return an "item not found" stanza error to the user, which SHOULD include a <no-such-list/> child element scoped by the 'jabber:iq:privacy:error' namespace:

Client attempts to set a non-existent list as active:

In order to decline the use of any active list, a user MUST send an empty <active/> element with no name.

Client declines the use of active lists:

8.5 Managing the Default List

In order to change the default list associated with an account, the user MUST send an IQ stanza of type "set" with a <query/> element scoped by the 'jabber:iq:privacy' namespace that contains an empty <default/> child element possessing a 'name' attribute whose value is set to the desired list name.

Client requests change of default list:

Server acknowledges success of default list change:

If the user attempts to set a default list but a list by that name does not exist, the server MUST return an "item not found" stanza error to the user, which SHOULD include a <no-such-list/> child element scoped by the 'jabber:iq:privacy:error' namespace:

Client attempts to set a non-existent list as default:

In order to decline the use of a default list (i.e., to use the domain's stanza routing rules at all times), a user MUST send an empty <default/> element with no name.

Client declines the use of the default list:

8.6 Editing a Privacy List

In order to edit a privacy list, the user MUST send an IQ stanza of type "set" with a <query/> element scoped by the 'jabber:iq:privacy' namespace that contains one <list/> child element possessing a 'name' attribute whose value is set to the list name the user would like to edit. The <list/> element MUST contain one or more <item/> elements, which specify the user's desired changes to the list by including all elements in the list (not the "delta").

Client edits a privacy list:

Note: The value of the 'order' attribute for any given item is not fixed. Thus in the foregoing example if the user would like to add 4 items between the "tybalt@capulet.com" item and the "paris@shakespeare.lit" item, the user's client can simply renumber all the items before submitting the list to the server.

Server acknowledges success of list edit:

In this example, the user has added one additional entity to the "blacklist" portion of this privacy list.

8.7 Adding a New Privacy List

The same protocol used to edit an existing list is used to create a new list. If the list name matches that of an existing list, the request to add a new list will overwrite the old one.

8.8 Removing a Privacy List

In order to remove a privacy list, the user MUST send an IQ stanza of type "set" with a <query/> element scoped by the 'jabber:iq:privacy' namespace that contains one empty <list/> child elements possessing a 'name' attribute whose value is set to the list name the user would like to remove.

Client removes a privacy list:

Server acknowledges success of list removal:

If a user attempts to remove an active list or the default list, the server MUST return a "conflict" stanza error to the user, which SHOULD include a <cannot-remove-list/> child element scoped by the 'jabber:iq:privacy:error' namespace. The user must first set another list to active or default before removing it.

If the user attempts to remove a list but a list by that name does not exist, the server MUST return an "item not found" stanza error to the user, which SHOULD include a <no-such-list/> child element scoped by the 'jabber:iq:privacy:error' namespace.

If the user attempts to remove more than one list in the same request, the server MUST return a "bad request" stanza error to the user, which SHOULD include a <too-many-lists/> child element scoped by the 'jabber:iq:privacy:error' namespace.

8.9 Blocking Messages

Server-side privacy lists enable a user to block incoming messages from other users based on the other user's JID, roster group, or subscription status (or globally). The following examples illustrate the protocol.

User blocks based on JID:

As a result of creating and applying the foregoing list, the user will not receive messages from the user with the specified JID.

User blocks based on roster group:

As a result of creating and applying the foregoing list, the user will not receive messages from any users in the specified roster group.

User blocks based on subscription type:

As a result of creating and applying the foregoing list, the user will not receive messages from any users with the specified subscription type.

User blocks globally:

As a result of creating and applying the foregoing list, the user will not receive messages from any other users.

8.10 Blocking Inbound Presence Notifications

Server-side privacy lists enable a user to block incoming presence notifications from other users based on the other user's JID, roster group, or subscription status (or globally). The following examples illustrate the protocol.

Note: presence notifications do not include presence subscriptions, only presence information that is broadcasted to the user because the user previously subscribed to a contact's presence information. Thus this includes presence stanzas with no 'type' attribute or of type='unavailable' only.

User blocks based on JID:

As a result of creating and applying the foregoing list, the user will not receive presence notifications from the user with the specified JID.

User blocks based on roster group:

As a result of creating and applying the foregoing list, the user will not receive presence notifications from any users in the specified roster group.

User blocks based on subscription type:

As a result of creating and applying the foregoing list, the user will not receive presence notifications from any users with the specified subscription type.

User blocks globally:

As a result of creating and applying the foregoing list, the user will not receive presence notifications from any other users.

8.11 Blocking Outbound Presence Notifications

Server-side privacy lists enable a user to block outgoing presence notifications to other users based on the other user's JID, roster group, or subscription status (or globally). The following examples illustrate the protocol.

Note: presence notifications do not include presence subscriptions, only presence information that is broadcasted to contacts because those contacts previously subscribed to the user's presence information. Thus this includes presence stanzas with no 'type' attribute or of type='unavailable' only. Note also that because information about last activity MAY be requested by a contact (as defined in Determining When a Contact Went Offline), a user SHOULD block both outbound presence and IQs in relation to any given entity.

User blocks based on JID:

As a result of creating and applying the foregoing list, the user will not send presence notifications to the user with the specified JID.

User blocks based on roster group:

As a result of creating and applying the foregoing list, the user will not send presence notifications to any users in the specified roster group.

User blocks based on subscription type:

As a result of creating and applying the foregoing list, the user will not send presence notifications to any users with the specified subscription type.

User blocks globally:

As a result of creating and applying the foregoing list, the user will not send presence notifications to any other users.

8.12 Blocking IQs

Server-side privacy lists enable a user to block incoming IQ requests of type "get" or "set" from other users based on the other user's JID, roster group, or subscription status (or globally). The following examples illustrate the protocol.

User blocks based on JID:

As a result of creating and applying the foregoing list, the user will not receive IQ requests of type "get" or "set" from the user with the specified JID.

User blocks based on roster group:

As a result of creating and applying the foregoing list, the user will not receive IQ requests of type "get" or "set" from any users in the specified roster group.

User blocks based on subscription type:

As a result of creating and applying the foregoing list, the user will not receive IQ requests of type "get" or "set" from any users with the specified subscription type.

User blocks globally:

As a result of creating and applying the foregoing list, the user will not receive IQ requests of type "get" or "set" from any other users.

8.13 Blocking All Communication

Server-side privacy lists enable a user to block all communications from and presence to other users based on the other user's JID, roster group, or subscription status (or globally). The following examples illustrate the protocol.

User blocks based on JID:

As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send presence to, the user with the specified JID.

User blocks based on roster group:

As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send presence to, any users in the specified roster group.

User blocks based on subscription type:

As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send presence to, any users with the specified subscription type.

User blocks globally:

As a result of creating and applying the foregoing list, the user will not receive any communications from, nor send presence to, any other users.

8.14 Blocked Entity Attempts to Communicate with User

If a blocked entity attempts to send messages or presence notifications to the user, the user's server SHOULD silently drop the stanza and MUST NOT return an error to the sending entity.

If a blocked entity attempts to send an IQ stanza of type "get" or "set" to the user, the user's server MUST return to the sending entity a <feature-not-implemented/> error of class "recipient" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace, since this is the standard error code sent from a client that does not understand the namespace of an IQ get or set. IQ stanzas of other types SHOULD be silently dropped by the server.

Blocked entity attempts to send IQ get:

Server returns error to blocked entity:

8.15 Higher-Level Heuristics

When building a representation of a higher-level privacy heuristic, a client SHOULD use the simplest possible representation.

For example, the heuristic "block all communications with any user not in my roster" could be constructed in any of the following ways:

• accept communications from all JIDs in my roster (i.e., listing each JID as a separate list item), but deny communications with everyone else
• accept communications from any user who is in one of the groups that make up my roster (i.e., listing each group as a separate list item), but deny communications from everyone else
• accept communications from any user with whom I have a subscription of 'both' or 'to' or 'from' (i.e., listing each subscription value separately), but deny communications from everyone else
• deny communications from anyone whose subscription state is 'none'

The final representation is the simplest and SHOULD be used; here is the XML that would be sent in this case:

9. Server Rules for Handling XML Stanzas

Each server implementation will contain its own "delivery tree" for handling stanzas it receives. Such a tree determines whether a stanza needs to be routed to another domain, processed internally, or delivered to a connected resource associated with a registered user. The following rules apply:

9.1 No 'to' Address

If the stanza possesses no 'to' attribute, the server SHOULD process it on behalf of the entity that sent it. Because all stanzas received from other servers MUST possess a 'to' attribute, this rule applies only to stanzas received from an entity (usually a client) that is connected to the server. If the server receives a presence stanza with no 'to' attribute, the server MUST broadcast it to the entities that are subscribed to a user's presence. If the server receives an IQ stanza of type "get" or "set" with no 'to' attribute and it understands the namespace that scopes the content of the stanza, it MUST process the stanza on behalf of the user who sent the stanza (where the meaning of "process" is determined by the semantics of the scoping namespace).

9.2 Foreign Domain

If the hostname of the domain identifier portion of the JID contained in the 'to' attribute does not match the hostname of the server itself or a subdomain thereof, the server SHOULD route the stanza to the foreign domain (subject to local service provisioning and security policies regarding inter-domain communication). If routing to the recipient's server is unsuccessful, the sender's server MUST return an error to the sender; if the recipient's server can be contacted but delivery by the recipient's server to the recipient is unsuccessful, the recipient's server MUST return an error to the sender by way of the sender's server.

9.3 Subdomain

If the hostname of the domain identifier portion of the JID contained in the 'to' attribute matches a subdomain of the server itself, the server MAY process the stanza itself or MAY route the stanza to a specialized service that is responsible for that subdomain (if any).

9.4 Bare Domain or Specific Resource

If the hostname of the domain identifier portion of the JID contained in the 'to' attribute matches the hostname of the server itself and the JID contained in the 'to' attribute is of the form <domain> or <domain/resource>, the server SHOULD process the stanza as appropriate for the stanza type; if the stanza is an IQ stanza and the server understands the namespace that scopes the content of the stanza, the server SHOULD process the request according to the semantics of the scoping namespace, and MUST reply with an IQ of type "result" or "error".

9.5 User in Same Domain

If the hostname of the domain identifier portion of the JID contained in the 'to' attribute matches the hostname of the server itself and the JID contained in the 'to' attribute is of the form <user@domain> or <user@domain/resource>, the server SHOULD first apply any privacy rules that are in force. If privacy rules allow the stanza, it SHOULD be routed or delivered to the intended recipient of the stanza as represented by the JID contained in the 'to' attribute. The following rules apply:

1. If the JID contains a resource identifier (i.e., is of the form <user@domain/resource>) and there is a connected resource whose authzid matches the full JID, the recipient's server MUST deliver the stanza to the session that exactly matches the resource identifier.
2. If the JID contains a resource identifier and there is no connected resource whose authzid matches the full JID, the recipient's server SHOULD return to the sender a <recipient-unavailable/> error of class "recipient" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.
3. If the JID contains only a user@domain and there is at least one connected resource available for the user, the recipient's server MUST follow these rules:
   1. For message stanzas, the server SHOULD deliver the stanza to the connected resource that provided the highest value for the <priority/> element; if two resources have the same priority, the server MAY use some other rule (e.g., most recent connect time or activity time) to choose between them; however, the server MUST NOT deliver the stanza to a connected resource that provided a negative value for the <priority/> element.
   2. For presence stanzas other than those of type "probe", the server MUST deliver the stanza to all connected resources, except that the server MUST NOT deliver the stanza to a connected resource that provided a negative value for the <priority/> element; for presence probes, the server SHOULD reply based on the rules defined in Client and Server Responsibilities.
   3. For IQ stanzas, the server SHOULD deliver the stanza to all connected resources, except that the server MUST NOT deliver the stanza to a connected resource that provided a negative value for the <priority/> element.

4. If the JID contains only a user@domain and there are no connected resource associated with the user (e.g., an IM user is offline), the server MAY choose to store message stanzas and presence subscription requests on behalf of the user and deliver the stanza when an entity next becomes available for that user. If offline storage is not enabled, the server MUST return to the sender a <service-unavailable/> error of class "server" in the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace. (Note well that offline storage is not defined in XMPP since it strictly is a matter of implementation and service provisioning.)

10. IANA Considerations

10.1 XML Namespace Name for Session Data

A URN sub-namespace for session-related data in the Extensible Messaging and Presence Protocol (XMPP) is defined as follows.

URI:

urn:ietf:params:xml:ns:xmpp-session

Specification:

[RFCXXXX]

Description:

This is the XML namespace name for session-related data in the Extensible Messaging and Presence Protocol (XMPP) as defined by [RFCXXXX].

Registrant Contact:

IETF, XMPP Working Group, <xmppwg@jabber.org>

11. Security Considerations

For security considerations, refer to the relevant section of XMPP Core[1].

Normative References

Informative References

Authors' Addresses

Appendix A. vCards

Sections 3.1.3 and 4.1.4 of RFC 2779[2] require that it be possible to retrieve non-IM contact information for other users (e.g., telephone number or email address). An XML representation of the vCard specification defined in RFC 2426[6] is in common use within the Jabber community to provide such information. Documentation of this protocol is maintained by the Jabber Software Foundation[4] at <http://www.jabber.org/protocol/>.

Appendix B. XML Schemas

The following XML schemas are descriptive, not normative.

B.1 session

B.2 jabber:iq:last

B.3 jabber:iq:privacy

B.4 jabber:iq:privacy:error

B.5 jabber:iq:roster

Appendix C. Revision History

Note to RFC Editor: please remove this entire appendix, and the corresponding entries in the table of contents, prior to publication.

C.1 Changes from draft-ietf-xmpp-im-10

• Clarified presence responsibilities for servers and clients.
• Clarified the routing and delivery rules for servers.
• Made the xml:lang examples more complete.
• Corrected several errors in the unsubscribe workflow.
• Made small editorial changes in several sections.

C.2 Changes from draft-ietf-xmpp-im-09

• Clarified rules regarding allowable JID types in rosters.
• Further clarified the semantics and routing implications of presence priorities.
• Removed several obsolete subsections.

C.3 Changes from draft-ietf-xmpp-im-08

• Removed authorization content (now addressed in XMPP Core).
• Added protocol for initiating an IM session, including schema and IANA registration template.
• Corrected <*-condition/> elements to be <condition/>.
• Made small editorial changes to address RFC Editor requirements.

C.4 Changes from draft-ietf-xmpp-im-07

• Added several error cases for resource authorization and updated relevant schema.

C.5 Changes from draft-ietf-xmpp-im-06

• Specified that IQ result stanzas are required in response to roster pushes.
• Changed stanza error namespace names to conform to the format defined in "The IETF XML Registry" as specified in XMPP Core.
• Removed note to RFC Editor regarding provisional namespace names.

C.6 Changes from draft-ietf-xmpp-im-05

• Removed use of ask='unsubscribe' per list discussion.
• Clarified handling of resource conflict during authorization.
• Added schemas for jabber:iq:auth, jabber:iq:auth:error, and jabber:iq:privacy:error.
• Corrected several small protocol errors in the examples.
• Clarified semantics of message types.

C.7 Changes from draft-ietf-xmpp-im-04

• Specified sending of unavailable presence after unsubscribe and subscription-cancellation actions.
• Further specified syntax and business rules for privacy lists.
• Brought error codes into line with definitions in draft-ietf-xmpp-core.
• Added note to RFC Editor regarding provisional namespace names.
• Removed vCard content and DTD, instead pointing to JSF documentation.

C.8 Changes from draft-ietf-xmpp-im-03

• Fixed order processing on privacy rules per list discussion.
• Made numerous small editorial changes.

C.9 Changes from draft-ietf-xmpp-im-02

• Added a great deal more detail to the narrative regarding server-side privacy rules as well as the interaction between rosters and subscriptions.
• Removed DTDs in favor of schemas (with the exception of vCard XML).
• Removed non-normative documentation of authentication using jabber:iq:auth and of in-band registration using jabber:iq:register, since these are maintained by the Jabber Software Foundation and are not part of the XMPP specification.

C.10 Changes from draft-ietf-xmpp-im-01

• Made numerous small editorial changes.

C.11 Changes from draft-ietf-xmpp-im-00

• Moved registration and authentication via jabber:iq:auth to non-normative appendices.
• Changed initial presence stanza from MUST be empty to SHOULD be empty.
• Specified that user or clients should not send presence stanzas of type='probe'.
• Specified the algorithm for digest passwords.

C.12 Changes from draft-miller-xmpp-im-02

• Added information about the 'jabber:iq:last' protocol to meet the requirement defined in section 3.2.4 of RFC 2779.
• Added information about the 'jabber:iq:privacy' protocol to meet the requirement defined in section 2.3.5 of RFC 2779.
• Added information about the vCard XML protocol to meet the requirement defined in sections 3.1.3 and 4.1.4 of RFC 2779.
• Changed the material describing authentication (but not resource authorization) with 'jabber:iq:auth' to non-normative.
• Noted that the only watchers are subscribers.
• Nomenclature changes: (1) from "chunks" to "stanzas"; (2) from "host" to "server"; (3) from "node" to "client" or "user" (as appropriate).

Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.

Full Copyright Statement

Copyright (C) The Internet Society (2003). All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Funding for the RFC Editor function is currently provided by the Internet Society.