This document specifies best practices for using the publish-subscribe protocol to broadcast state change events associated with an XMPP user or account.
NOTICE: This JEP is currently within Last Call or under consideration by the Jabber Council for advancement to the next stage in the JSF standards process. For further details, visit <http://www.jabber.org/council/queue.shtml>.
Status:
Proposed
Type:
Standards Track
Number: 0163
Version: 0.11
Last Updated: 2006-07-20
JIG: Standards JIG
Approving Body: Jabber Council
Dependencies: XMPP Core, XMPP IM, JEP-0030, JEP-0060
Supersedes: None
Superseded By: None
Short Name: pep
Wiki Page: <http://wiki.jabber.org/index.php/Personal Eventing via Pubsub (JEP-0163)>
Email:
stpeter@jabber.org
JID:
stpeter@jabber.org
Email:
kevin@kismith.co.uk
JID:
kevdadrum@jabber.ex.ac.uk
This Jabber Enhancement Proposal is copyright 1999 - 2006 by the Jabber Software Foundation (JSF) and is in full conformance with the JSF's Intellectual Property Rights Policy <http://www.jabber.org/jsf/ipr-policy.shtml>. This material may be distributed only subject to the terms and conditions set forth in the Creative Commons Attribution License (<http://creativecommons.org/licenses/by/2.5/>).
The preferred venue for discussion of this document is the Standards-JIG discussion list: <http://mail.jabber.org/mailman/listinfo/standards-jig>.
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 3920) and XMPP IM (RFC 3921) specifications contributed by the Jabber Software Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this JEP has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
The following keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
The XMPP Publish-Subscribe [1] extension ("pubsub") can be used to broadcast state change events associated with a Jabber/XMPP account or user, such as those described in User Geolocation [2], User Mood [3], User Activity [4], and User Tune [5]. [6] However, the full, generic pubsub protocol is often thought of as complicated and therefore has not been widely implemented in clients. To make publish-subscribe functionality more accessible (especially to instant messaging and presence applications that conform to XMPP IM [7]), this document defines a set of best practices that can be followed by instant messaging client and server developers, hopefully resulting in the deployment of personal eventing services across the Jabber/XMPP network.
Personal eventing via pubsub ("PEP") is based on five principles:
These principles are described more fully below.
When a user creates an account (or has an account provisioned) at a Jabber/XMPP server, that account should have associated with it a virtual pubsub service. This greatly simplifies the task of discovering the account owner's personal pubsub nodes, since the root pubsub node simply is the account owner's bare JID (<node@domain.tld>). This assumption also simplifies publishing and subscribing.
To further simplify matters, we assume that there is only one publish-subscribe node associated with any given payload type (XML namespace) for the owner-publisher. For example, there is one pubsub node for location events, one node for tune events, one node for mood events, and so on. This simplifies discovery, publishing, and subscribing.
There is no need for multiple publishers to a personal eventing service, since by definition the service generates information associated with only one entity. The owner-publisher for every node is the bare JID of the account owner.
Most pubsub configuration options and metadata are not needed for personal eventing. Instead, servers should offer smart defaults to simplify node creation and management.
Although generic publish-subscribe service do not necessarily have access to presence information about subscribers, personal eventing services are closely integrated with presence, since each account simply is a virtual publish-subscribe service and the recommended access models are "presence" and "roster" (both of which involve presence subscriptions in XMPP instant messaging and presence systems). This presence information can be used to make notifications more intelligent, thus simplifying the task of developing compliant clients (see Protocol Design Guidelines [8]).
In order to discover whether a server or other entity supports PEP, an entity MUST use Service Discovery [9].
<iq from='juliet@capulet.com/balcony' to='capulet.com' id='disco1' type='get'> <query xmlns='http://jabber.org/protocol/disco#info'/> </iq>
If a server supports PEP, it MUST return an identity of "pubsub/pep" and a list of the JEP-0060 features it supports.
<iq from='capulet.com' to='juliet@capulet.com/balcony' id='disco1' type='result'> <query xmlns='http://jabber.org/protocol/disco#info'> <identity category='pubsub' type='pep'/> <feature var='http://jabber.org/protocol/pubsub'/> ... </query> </iq>
It is RECOMMENDED for a PEP-aware client to advertise its support for PEP only if the server to which it is connected also supports PEP. This is true both for Service Discovery and for the dynamic "profile" of Service Discovery specified in Entity Capabilities [10].
As described in the Recommended Defaults section of this document, a PEP service MUST support the node creation, node deletion, and publish item use cases (note: the node deletion use case is not shown below, since it is fully specified in JEP-0060).
First, the account owner creates the node. (We use as our example a node to publish information about the user's current tune as specified in JEP-0118.) Here we assume that the default access model for the service is "presence" [11] and that the account owner desires a node with that access model.
<iq from='juliet@capulet.com/balcony' type='set' id='create1'> <pubsub xmlns='http://jabber.org/protocol/pubsub'> <create node='http://jabber.org/protocol/tune'/> <configure/> </pubsub> </iq>
There are several things to note about this node creation request:
If no error occurs (see JEP-0060 for error scenarios), the server acknowledges success.
<iq to='juliet@capulet.com/balcony' type='result' id='create1'/>
In order to request an access model other than the default, the account owner MUST include a data form (see Data Forms [12]) that contains a node configuration field of "pubsub#access_model" set to a value of "presence", "roster", or "open" (the value MAY be "authorize" or "whitelist" but these values are NOT RECOMMENDED for PEP nodes since maintenance of such nodes requires interaction on the part of the node owner).
If the account owner desires a roster access model for a node, it MUST specify that in the creation request:
<iq from='juliet@capulet.com/balcony' type='set' id='create-roster-1'> <pubsub xmlns='http://jabber.org/protocol/pubsub'> <create node='http://jabber.org/protocol/geoloc'/> <configure> <x xmlns='jabber:x:data' type='form'> <field var='FORM_TYPE' type='hidden'> <value>http://jabber.org/protocol/pubsub#node_config</value> </field> <field var='pubsub#access_model'> <option><value>roster</value></option> </field> <field var='pubsub#roster_groups_allowed'> <option><value>friends</value></option> </field> </x> </configure> </pubsub> </iq>
Next, the account owner publishes an item to the node.
<iq from='juliet@capulet.com/balcony' type='set' id='pub1'> <pubsub xmlns='http://jabber.org/protocol/pubsub'> <publish node='http://jabber.org/protocol/tune'> <item> <tune xmlns='http://jabber.org/protocol/tune'> <artist>Gerald Finzi</artist> <title>Introduction (Allegro vigoroso)</title> <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source> <track>1</track> <length>255</length> </tune> </item> </publish> </pubsub> </iq>
If no error occurs (see JEP-0060 for error scenarios), the server acknowledges success.
<iq to='juliet@capulet.com/balcony' type='result' id='pub1'/>
The notification (with payload) is then delivered to all subscribers (see the Generating Notifications section of this document regarding proper generation of the 'to' address):
<message from='juliet@capulet.com' to='romeo@montague.net/home' type='headline' id='foo'> <event xmlns='http://jabber.org/protocol/pubsub#event'> <items node='http://jabber.org/protocol/tune'> <item> <tune xmlns='http://jabber.org/protocol/tune'> <artist>Gerald Finzi</artist> <title>Introduction (Allegro vigoroso)</title> <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source> <track>1</track> <length>255</length> </tune> </item> </items> </event> <addresses xmlns='http://jabber.org/protocol/address'> <address type='replyto' jid='juliet@capulet.com/balcony'/> </addresses> </message> . . .
The server MUST set the 'from' address on the notification to the bare JID (<node@domain.tld>) of the publishing entity (in this example, "juliet@capulet.com"). The server SHOULD include an Extended Stanza Addressing [13] "replyto" extension specifying the publishing resource (in this example, "juliet@capulet.com/balcony"); this enables the subscriber's client to differentiate between information received from each of an account owner's resources (for example, different resources may be in different places and therefore may need to specify distinct geolocation data). However, any errors related to the notification MUST be directed to the JID of the 'from' address on the notification (i.e., the bare JID) so that bounce processing can be handled by the PEP service rather than by the publishing client.
As described in the Generating Notifications section of this document, a PEP service MUST send the last published item to all new subscribers and to all newly-available resources for each subscriber. [14]
<presence from='romeo@montague.net/orchard'/>
<presence from='romeo@montague.net/orchard' to='juliet@capulet.com'/>
<message from='juliet@capulet.com' to='romeo@montague.net/orchard' type='headline' id='foo'> <event xmlns='http://jabber.org/protocol/pubsub#event'> <items node='http://jabber.org/protocol/tune'> <item> <tune xmlns='http://jabber.org/protocol/tune'> <artist>Gerald Finzi</artist> <title>Introduction (Allegro vigoroso)</title> <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source> <track>1</track> <length>255</length> </tune> </item> </items> </event> <x xmlns='jabber:x:delay' stamp='20031213T23:58:37'/> </message>
As described in the Recommended Defaults section of this document, a PEP service MUST support the discover nodes, subscribe, unsubscribe, and items retrieval use cases (note: the unsubscribe and items retrieval use cases are not shown below, since they are fully specified in JEP-0060).
Node discovery is straightforward since there is only one node per namespace. The potential subscriber may send a service discovery items request to the bare JID to discover all active pubsub nodes.
<iq type='set' id='disco1' from='romeo@montague.net/home' to='juliet@capulet.com'> <query xmlns='http://jabber.org/protocol/disco#items'/> </iq>
Subject to access restrictions as described in JEP-0030, the account owner's server would then return a list of all pubsub nodes (as well as any other associated items as described in JEP-0030):
<iq type='result' id='disco1' to='romeo@montague.net/home' from='juliet@capulet.com'> <query xmlns='http://jabber.org/protocol/disco#items'> <item jid='juliet@capulet.com' node='http://jabber.org/protocol/tune'/> <item jid='juliet@capulet.com' node='http://jabber.org/protocol/activity'/> <item jid='juliet@capulet.com' node='http://jabber.org/protocol/geolocation'/> </query> </iq>
In order to subscribe, a contact sends a subscription request to the account owner's bare JID (<node@domain.tld>) and specifies the desired node:
<iq type='set' from='romeo@montague.net/home' to='juliet@capulet.com' id='sub1'> <pubsub xmlns='http://jabber.org/protocol/pubsub'> <subscribe node='http://jabber.org/protocol/tune' jid='romeo@montague.net'/> </pubsub> </iq>
The following scenarios are possible:
The only exception foreseen to the SHOULD requirements in the foregoing scenarios is the enforcement of local privacy and security policies as specified more fully in the Security Considerations section of this document. (In addition, a service MUST always allow the account owner to subscribe and to retrieve items.)
If no error occurs (see JEP-0060 for error conditions related to subscription requests), the server shall allow the subscription and return an IQ-result:
<iq type='result' from='juliet@capulet.com' to='romeo@montague.net/home' id='sub1'> <pubsub xmlns='http://jabber.org/protocol/pubsub'> <subscription node='http://jabber.org/protocol/tune' jid='romeo@montague.net' subscription='subscribed'/> </pubsub> </iq>
The service then MUST send the last published item to the new subscriber:
<message from='juliet@capulet.com' to='romeo@montague.net' type='headline' id='foo'> <event xmlns='http://jabber.org/protocol/pubsub#event'> <items node='http://jabber.org/protocol/tune'> <item> <tune xmlns='http://jabber.org/protocol/tune'> <artist>Gerald Finzi</artist> <title>Introduction (Allegro vigoroso)</title> <source>Music for "Love's Labors Lost" (Suite for small orchestra)</source> <track>1</track> <length>255</length> </tune> </item> </items> </event> <x xmlns='jabber:x:delay' stamp='20031213T23:58:37'/> </message>
A PEP service MUST support the node discovery, node creation, node deletion, publish item, subscribe, unsubscribe, and items retrieval use cases specified in JEP-0060, and MAY support other use cases according to implementation decisions or deployment policies.
A PEP service MUST support the "owner" and "subscriber" affiliations but SHOULD NOT support other affiliations.
The default access model for a PEP service SHOULD be "presence" for IM servers and SHOULD be "open" for non-IM servers; a PEP service associated with an IM server SHOULD also support the "roster" access model; a PEP service MAY also support the "authorize" and "whitelist" access models.
A PEP service SHOULD use the following "smart defaults" for every node:
A PEP service SHOULD treat the owner-publisher's bare JID (<node@domain.tld>) as a collection node (i.e., as the root collection node for the account's virtual pubsub service), but SHOULD NOT support any other collection nodes.
A PEP service SHOULD NOT support instant nodes, since the "one node per namespace" rule makes instant nodes unnecessary.
If a subscriber subscribed using a full JID (<node@domain.tld/resource>), domain identifier (<domain.tld>), or domain plus resource (<domain.tld/resource>), a PEP service MUST send one notification only, addressed to the subscribed JID.
If a subscriber subscribed using a bare JID (<node@domain.tld>) and a PEP service has presence information about the subscriber, the service MUST send one notification to the full JID (<node@domain.tld/resource>) of each of the subscriber's available resources that have specified non-negative presence priority. [15]
If a subscriber subscribed using a bare JID (<node@domain.tld>) and a PEP service does not have presence information about the subscriber, it MUST send at most one notification, addressed to the bare JID (<node@domain.tld>) of the subscriber.
When an account owner publishes an item to a node, a PEP service MUST generate a notification and send it to all subscribers (where the number of notifications is determined by the foregoing rules).
When a PEP service successfully processes a new subscription, it MUST generate a notification containing the last published item for that node and send it to the subscribing JID (where the number of notifications is determined by the foregoing rules).
When a PEP service receives initial presence information from a subscriber's resource with a non-negative priority, it MUST generate a notification containing the last published item for that node and send it to the newly-available resource.
As an exception to the foregoing MUST rules, a PEP service MAY choose not to send notifications to a subscriber if the subscribed JID is a bare JID (<node@domain.tld>) and the service does not have presence information about the subscriber. [16]
As an exception to the foregoing MUST rules, a PEP service MAY choose not to send notifications to a particular resource for a subscriber if it knows via Entity Capabilities that the resource does not support PEP or does not support the payload namespace associated with a particular node.
As an exception to the foregoing MUST rules, a PEP service MUST NOT send notifications to a subscriber if the user has blocked the subscriber from receiving all or any kinds of stanza (presence, message, IQ, or any combination thereof) using privacy lists as specified in XMPP IM.
In order to ensure appropriate access to information published at nodes of type "presence" and "roster"", a PEP service MUST re-calculate access controls when:
If the modification results in a loss of access, the service MUST cancel the entity's subscription and SHOULD send a message to the (former) subscriber informing it of the cancellation. For information about the format of messages sent to notify subscribers of subscription cancellation, see the "Notification of Subscription Denial or Cancellation" section of JEP-0060.
A PEP service MAY enforce additional privacy and security policies when determining whether an entity is allowed to subscribe to a node or retrieve items from a node; however, any such policies shall be considered specific to an implementation or deployment and are out of scope for this document.
This JEP requires no interaction with the Internet Assigned Numbers Authority (IANA) [17].
The Jabber Registrar includes a category of "pubsub" in its registry of Service Discovery identities (see <http://www.jabber.org/registrar/disco-features.html>); as a result of this JEP, the Registrar shall add a type of "pep" to that category.
The registry submission is as follows:
<category> <name>pubsub</name> <type> <name>pep</name> <desc> A personal eventing service that supports the publish-subscribe subset defined in JEP-0163. </desc> <doc>JEP-0163</doc> </type> </category>
Because the Personal Eventing Protocol is all and only a subset of Publish-Subscribe, the schemas defined in JEP-0060 apply to PEP as well.
1. JEP-0060: Publish-Subscribe <http://www.jabber.org/jeps/jep-0060.html>.
2. JEP-0080: User Geolocation <http://www.jabber.org/jeps/jep-0080.html>.
3. JEP-0107: User Mood <http://www.jabber.org/jeps/jep-0107.html>.
4. JEP-0108: User Activity <http://www.jabber.org/jeps/jep-0108.html>.
5. JEP-0118: User Tune <http://www.jabber.org/jeps/jep-0118.html>.
6. Currently, many "extended presence" formats are sent using the <presence/> stanza type; however, this overloads presence, results in unnecessary presence traffic, and does not provide fine-grained control over access. The use of publish-subscribe rather than presence is therefore preferable.
7. RFC 3921: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence <http://www.ietf.org/rfc/rfc3921.txt>.
8. JEP-0134: Protocol Design Guidelines <http://www.jabber.org/jeps/jep-0134.html>.
9. JEP-0030: Service Discovery <http://www.jabber.org/jeps/jep-0030.html>.
10. JEP-0115: Entity Capabilities <http://www.jabber.org/jeps/jep-0115.html>.
11. Naturally, the default node configuration needs to be discovered via the method defined in JEP-0060.
12. JEP-0004: Data Forms <http://www.jabber.org/jeps/jep-0004.html>.
13. JEP-0033: Extended Stanza Addressing <http://www.jabber.org/jeps/jep-0033.html>.
14. That is, the default value of the "pubsub#send_last_published_item" node configuration field must be "on_sub_and_presence"; this behavior essentially mimics the functionality of presence as defined in XMPP IM.
15. If the only presence information received by the service is from resources that have specified negative priorities, the service MUST NOT send any notifications.
16. If the only presence information received by the service is from resources that have specified negative priorities, the service MUST NOT send any notifications.
17. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.
Clarified rules regarding number of notifications and when to generate notifications; corrected several errors in the text and examples.
(psa)Updated to reflect version 1.8 of JEP-0060.
(psa)Updated to reflect use of data forms in JEP-0060.
(psa)Clarified terminology and defaults.
(psa)Specified that notifications are to be sent from bare JID, not full JID.
(psa)Updated to reflect pubsub changes; clarified business rules for generation of notifications and cancellation of subscriptions.
(psa)Modified roster groups example to use jabber:x:data; added note about advertising client support for PEP.
(psa)Specified rules for generation of notifications, including use of presence in determining address of intended recipient for notifications and sending of last published item on receipt of presence information; changed name to Personal Eventing Protocol; specified service discovery identity of pubsub/pep; removed section on service types; added Kevin Smith as co-author.
(psa/ks)Specified that a service may enforce additional privacy and security policies; specified that an account owner must always be allowed to subscribe and to retrieve items; specified that an implementation should enforce access modifications resulting from roster state changes.
(psa)Updated to reflect proposed JEP-0060 modifications.
(psa)Initial JEP version.
(psa)Added more details and examples.
(psa)First draft.
(psa)END