JEP-0134: Protocol Design Guidelines

This JEP defines best practices for the intelligent design of Jabber protocols and other XMPP extensions.


WARNING: This Informational JEP is Experimental. Publication as a Jabber Enhancement Proposal does not imply approval of this proposal by the Jabber Software Foundation. Implementation of the best practice or protocol profile described herein is encouraged in exploratory implementations, although production systems should not deploy implementations of this protocol until it advances to a status of Draft.


JEP Information

Status: Experimental
Type: Informational
Number: 0134
Version: 0.2
Last Updated: 2004-08-31
JIG: Standards JIG
Approving Body: Jabber Council
Dependencies: None
Supersedes: None
Superseded By: None
Short Name: N/A

Author Information

Peter Saint-Andre

Email: stpeter@jabber.org
JID: stpeter@jabber.org

Legal Notice

This Jabber Enhancement Proposal is copyright 1999 - 2004 by the Jabber Software Foundation (JSF) and is in full conformance with the JSF's Intellectual Property Rights Policy <http://www.jabber.org/jsf/ipr-policy.php>. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at <http://www.opencontent.org/openpub/>).

Discussion Venue

The preferred venue for discussion of this document is the Standards-JIG discussion list: <http://mail.jabber.org/mailman/listinfo/standards-jig>.

Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core and XMPP IM specifications contributed by the Jabber Software Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocols defined in this JEP have been developed outside the Internet Standards Process and are to be understood as extensions to XMPP rather than as an evolution, development, or modification of XMPP itself.

Conformance Terms

The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.


Table of Contents

1. Introduction
2. Guidelines
2.1. XMPP is Sacred
2.2. Keep Clients Simple
2.3. Re-Use Existing Protocols
2.4. Modular is Better
2.5. Know Your Strengths
2.6. Be Explicit
2.7. Stay Flexible
2.8. Privacy and Security Matter
3. Security Considerations
4. IANA Considerations
5. Jabber Registrar Considerations
Notes
Revision History


1. Introduction

The Extensible Messaging and Presence Protocol (XMPP) provides a solid, flexible foundation for a wide variety of applications on top of XMPP's core XML streaming technology. With the advancement of XMPP Core [1] and XMPP IM [2] within the Internet Standards Process, interest in building XMPP-based applications and extensions has accelerated even further. Unfortunately, not everyone who wants to build public or private XMPP extensions is familiar with the key design criteria that motivated the original developers of the Jabber technologies or that guide successful XMPP-based protocol design today. Thus there is value in attempting to translate the often-implicit knowledge held by long-time Jabber developers and protocol designers into more explicit policies and principles to which others can adhere (for more general insights into Internet protocol design, see RFC 3117 [3]). The end result of explicating "The Jabber Way" will hopefully be a wider and deeper understanding of good protocol design practices within the Jabber/XMPP community.

2. Guidelines

2.1 XMPP is Sacred

Background

When the Jabber Software Foundation (JSF) [4] submitted the XMPP Core and XMPP IM specifications to the Internet Engineering Task Force (IETF) [5], it ceded change control over the core XML streaming technology developed by the Jabber community. However, the JSF has reserved the right to define extensions to XMPP; furthermore, that right is not exclusive to the JSF, since anyone can define their own public or private extensions to XMPP. These extensions are usually in the form of structured XML data that is qualified by a unique namespace other than those currently reserved by the IETF or the JSF.

Meaning

When we say that "XMPP is Sacred", we mean that good protocol design must work within the context of XMPP and not require changes to the core protocols. For one thing, any such changes would need to be pursued within the IETF. Further, the core semantics most likely provide everything that a protocol designer needs. If you think that you need to define a new kind of top-level stanza (other than <message/>, <presence/>, and <iq/>) or a new value of the 'type' attribute for any stanza kind, then you probably need to think again. Use XMPP as a set of building blocks and don't modify the foundation when you are working on higher-level structures; instead, treat XMPP as a transport layer and build extensions on top of that layer. A further implication of respecting XMPP is using structured data formats (e.g., applications of XML 1.0 [6] rather than binary or plaintext formats) whenever possible.

Examples

A good example of honoring the XMPP specifications is Invisibility [7]; while the Jabber community had informally defined <presence type='invisible'/> at one point, that protocol was abandoned in favor of an XMPP-compliant approach. Another example is XHTML-IM [8], which re-uses XHTML 1.0 [9] (a structured format that shares with XMPP a common root in XML) rather than Rich Text Format (RTF) [10] (an unstructured format that does not derive from XML).

2.2 Keep Clients Simple

Background

Almost all Jabber technologies are implemented in a client-server architecture. While that's not necessary (and there do exist some peer-to-peer applications of XMPP), it usually makes good sense. Among other things, a client-server architecture has enabled the Jabber community to force most of the complexity onto servers and components, thus keeping clients relatively simple. This principle has served the Jabber community well since the very beginning, and forms an important basis for further innovation.

Meaning

The principle of "keep clients simple" has many implications, among them:

Examples

One good example of keeping clients simple is the presence stanza: the client has only to send <presence/> and the server takes care of presence probes, broadcasts, and appropriate routing decisions. Another example is Multi-User Chat [11]: although the protocol involves some complexity, it was written so that older clients can join and participate in MUC rooms even if they don't understand the more advanced MUC extensions.

2.3 Re-Use Existing Protocols

Background

The Jabber community has been developing wire protocols for XML streaming, presence, and instant messaging since 1999. In that time, members of the community have defined a number of building blocks that can be used as the basis for further development. Furthermore, many smart people have created open protocols within other standards development organizations, including the IETF, the World Wide Web Consortium (W3C) [12], OASIS [13], the International Telecommunication Union (ITU) [14], and the Dublin Core Metadata Initiative (DCMI) [15].

Meaning

Good protocol designers "stand on the shoulders of giants" by re-using protocols that have been defined within the JSF and within other standards development organizations. That does not mean we don't define new protocols, because sometimes that is necessary. However, we are aware of work completed by others and we make use of it, especially when that work is outside the Jabber community's core competence areas (e.g., security or multimedia data formats rather than XML streaming, presence, and real-time messaging). Furthermore, the JSF prefers to re-use open protocols wherever possible.

Examples

Examples of re-using existing Jabber protocols include Stream Initiation [16] (which re-uses Feature Negotiation [17]) and JEP-0126: Invisibility (which re-uses the privacy lists protocol defined in XMPP IM). Examples of re-using non-Jabber protocols include SOCKS5 Bytestreams [18] (which makes use of RFC 1928 [19]) and Common Alerting Protocol (CAP) over XMPP [20] (which defines a way to send Common Alerting Protocol [21] data via Jabber). Here again JEP-0071 provides an example: it re-uses XHTML 1.0 (an open protocol developed by a recognized standards development organization) rather than RTF (a closed protocol maintained by Microsoft).

2.4 Modular is Better

Background

Most Jabber implementations are built using modular architectures, wherein pieces of functionality are coded as separate components and then assembled into larger wholes, with core routing logic that integrates the system (examples include clients that enable the development of plugins and servers that enable the attachment of external components). We can view many Jabber protocols the same way: each one specifies a well-defined domain of functionality that is loosely connected to other domains and integrated by the core transport layer provided by XMPP.

Meaning

The best Jabber protocols are quite focused and provide limited but powerful functionality that can be applied in a specific domain or, sometimes, re-used by other Jabber protocols. Even if the domain is more complex, a protocol that addresses it needs to clearly define its scope, limit that scope as much as possible, and specify only the protocols necessary to meet the core requirements.

Examples

Service Discovery [22] and Data Forms [23] are good examples of focused, single-purpose protocols. By contrast, Multi-User Chat is more complex, but it limits itself to the domain of text conferencing in the context of virtual rooms (e.g., it does not address service-level administration) and consists of separate namespaces for end-user, moderator, and room owner functionality. A good example of a protocol that is focused on a smaller domain is Roster Item Exchange [24].

2.5 Know Your Strengths

Background

The core strength of Jabber technologies is the streaming of relatively small XML fragments between presence-aware network endpoints. As is usually the case, our greatest strength is also our greatest weakness. Thus XMPP is not optimized for binary data, large XML files, multimedia streaming, or other such applications.

Meaning

It's not a bad thing that we don't solve the problems of exchanging binary data, transferring large files, or streaming multimedia, because other protocols and technologies have addressed those domains. But it's important to recognize what we do well and what we don't. For example, the average size of an XMPP stanza is probably on the order of 200 bytes, and in general the largest effective size for stanzas is perhaps ten times that large; although stanzas can be much larger than that, normally it is not wise to consistently generate larger stanzas, and applications that might depend on large stanzas would do better to communicate their data outside of the Jabber band.

Examples

File Transfer [25] is a good example of respecting the strengths and weaknesses of XMPP, since it specifies that going out of band is the preferred mechanism for bandwidth-heavy data transfers.

2.6 Be Explicit

Background

In the beginning was the code (mainly jabberd [26]). Although code is explicit in its own way, not everyone reads code, and detailed specifications are necessary in order to make functionality reproducible in different codebases. The Jabber community has learned that lesson the hard way.

Meaning

Detailed, explicit specifications are good specifications. Define your terms. Use conformance terminology such as MUST and SHOULD rather than loose English words such as "does" and "will". Follow the Guidelines for JEP Authors [27]. Specify error conditions. Include lots of examples. Restrict the allowable XML via schemas and datatypes as specified in XML Schema Part 1 [28] and XML Schema Part 2 [29].

Examples

XMPP Core and XMPP IM are large documents that define the Extensible Messaging and Presence Protocol in excruciating detail. Although such specifications are not fun to write, they provide a model for good protocol design and documentation.

2.7 Stay Flexible

Background

The need for explicit definition must be balanced against the need for flexibility. A completely rigid protocol may break under stress or when conditions change, whereas a more flexible protocol may bend and adapt. Knowing when to be explicit and when to be flexible is a key to good protocol design.

Meaning

In general, a protocol needs to define the skeleton of functionality, but not necessarily specific parameters or values to be used within a certain domain. In order to allow for growth and changes, it often makes sense to specify that the Jabber Registrar [30] shall keep track of certain parameters and values, rather than to explicitly limit them in the protocol itself.

Examples

Whereas the old Agent Information [31] and Jabber Browsing [32] protocols defined certain hardcoded values for entity types and categories, Service Discovery has left that function up to the Jabber Registrar. Similarly, Stream Initiation [33] defines a registry for its profiles, Advanced Message Processing [34] defines registries for processing conditions and actions, and a number of JEPs register FORM_TYPE values as specified in Field Standardization for Data Forms [35].

2.8 Privacy and Security Matter

Background

Since the beginning, privacy and security have been important priorities within the Jabber community. That must not change.

Meaning

Good protocols respect the confidentiality of data generated or communicated by users and applications as well as the security of the system or network as a whole. Although privacy and security considerations have been dealt with at the core XMPP layer, application-level protocols must not compromise privacy and security. Attention to these matters, along with rigorous cross-area review and close scrutiny by protocol designers and reviewers, will help ensure that the protocols we develop will provide a strong foundation for communication over the Internet.

Examples

As is well-known, the presence subscription model developed by the Jabber community and specified in XMPP IM requires approval before a contact can view a user's presence. Similarly, Jabber has always included strong authentication methods, which have been further improved through the use of SASL (RFC 2222 [36]).

3. Security Considerations

There are no security features or concerns directly related to this proposal, which is informational in nature. However, as discussed above, protocols that are developed following these guidelines should appropriately address privacy and security considerations. Helpful guidelines for security in relation to Internet protocol design can be found in RFC 3552 [37].

4. IANA Considerations

This JEP requires no interaction with the Internet Assigned Numbers Authority (IANA) [38].

5. Jabber Registrar Considerations

This JEP requires no interaction with the Jabber Registrar.


Notes

1. XMPP Core <http://www.jabber.org/ietf/> (Proposed Standard, RFC number to follow).

2. XMPP IM <http://www.jabber.org/ietf/> (Proposed Standard, RFC number to follow).

3. RFC 3117: On the Design of Application Protocols <http://www.ietf.org/rfc/rfc3117.txt>.

4. The Jabber Software Foundation (JSF) is an independent, non-profit organization that develops open application protocols on top of the IETF's Extensible Messaging and Presence Protocol (XMPP). For further information, see <http://www.jabber.org/jsf/>.

5. The Internet Engineering Task Force is the principal body engaged in the development of new Internet standard specifications, best known for its work on standards such as HTTP and SMTP. For further information, see <http://www.ietf.org/>.

6. Extensible Markup Language (XML) 1.0 (Third Edition) <http://www.w3.org/TR/REC-xml/>.

7. JEP-0126: Invisibility <http://www.jabber.org/jeps/jep-0126.html>.

8. JEP-0071: XHTML-IM <http://www.jabber.org/jeps/jep-0071.html>.

9. XHTML 1.0 <http://www.w3.org/TR/xhtml1>.

10. Rich Text Format (RTF) Version 1.5 Specification <http://msdn.microsoft.com/library/en-us/dnrtfspec/html/rtfspec.asp>.

11. JEP-0045: Multi-User Chat <http://www.jabber.org/jeps/jep-0045.html>.

12. The World Wide Web Consortium defines data formats and markup languages (such as HTML and XML) for use over the Internet. For further information, see <http://www.w3.org/>.

13. OASIS is a not-for-profit, international consortium that drives the development, convergence and adoption of e-business standards. For further information, see <http://www.oasis-open.org/>.

14. The International Telecommunication Union develops technical and operating standards (such as H.323) for international telecommunication services. For further information, see <http://www.itu.int/>.

15. The Dublin Core Metadata Initiative (DCMI) is an organization dedicated to promoting the widespread adoption of interoperable metadata standards. For further information, see <http://www.dublincore.org/>.

16. JEP-0095: Stream Initiation <http://www.jabber.org/jeps/jep-0095.html>.

17. JEP-0020: Feature Negotiation <http://www.jabber.org/jeps/jep-0020.html>.

18. JEP-0065: SOCKS5 Bytestreams <http://www.jabber.org/jeps/jep-0065.html>.

19. RFC 1928: SOCKS Protocol Version 5 <http://www.ietf.org/rfc/rfc1928.txt>.

20. JEP-0127: Common Alerting Protocol (CAP) over XMPP <http://www.jabber.org/jeps/jep-0127.html>.

21. Common Alerting Protocol, v. 1.0 <http://www.oasis-open.org/committees/documents.php?wg_abbrev=emergency>.

22. JEP-0030: Service Discovery <http://www.jabber.org/jeps/jep-0030.html>.

23. JEP-0004: Data Forms <http://www.jabber.org/jeps/jep-0004.html>.

24. JEP-0093: Roster Item Exchange <http://www.jabber.org/jeps/jep-0093.html>.

25. JEP-0096: File Transfer <http://www.jabber.org/jeps/jep-0096.html>.

26. The jabberd server is the original server implementation of the Jabber protocols, first developed by Jeremie Miller, inventor of Jabber. For further information, see <http://jabberd.jabberstudio.org/>.

27. JEP-0143: Guidelines for JEP Authors <http://www.jabber.org/jeps/jep-0143.html>.

28. XML Schema Part 1: Structures <http://www.w3.org/TR/xmlschema-1/>.

29. XML Schema Part 2: Datatypes <http://www.w3.org/TR/xmlschema-2/>.

30. The Jabber Registrar maintains a list of reserved Jabber protocol namespaces as well as registries of parameters used in the context of protocols approved by the Jabber Software Foundation. For further information, see <http://www.jabber.org/registrar/>.

31. JEP-0094: Agent Information <http://www.jabber.org/jeps/jep-0094.html>.

32. JEP-0011: Jabber Browsing <http://www.jabber.org/jeps/jep-0011.html>.

33. JEP-0095: Stream Initiation <http://www.jabber.org/jeps/jep-0095.html>.

34. JEP-0079: Advanced Message Processing <http://www.jabber.org/jeps/jep-0079.html>.

35. JEP-0068: Field Data Standardization for Data Forms <http://www.jabber.org/jeps/jep-0068.html>.

36. RFC 2222: Simple Authentication and Security Layer (SASL) <http://www.ietf.org/rfc/rfc2222.txt>.

37. RFC 3552: Guidelines for Writing RFC Text on Security Considerations <http://www.ietf.org/rfc/rfc3552.txt>.

38. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.


Revision History

Version 0.2 (2004-08-31)

Added references to several additional RFCs and JEPs. (psa)

Version 0.1 (2004-04-28)

Initial version. (psa)


END