XEP-0115: Entity Capabilities

This document defines an XMPP protocol extension for broadcasting and discovering client, device, or generic entity capabilities in a way that minimizes network impact.


NOTICE: The protocol defined herein is a Draft Standard of the XMPP Standards Foundation. Implementations are encouraged and the protocol is appropriate for deployment in production systems, but some changes to the protocol are possible before it becomes a Final Standard.


Document Information

Series: XEP
Number: 0115
Publisher: XMPP Standards Foundation
Status: Draft
Type: Standards Track
Version: 1.2
Last Updated: 2007-02-15
Approving Body: XMPP Council
Dependencies: XMPP Core, XMPP IM, XEP-0030
Supersedes: None
Superseded By: None
Short Name: caps
Schema: <http://www.xmpp.org/schemas/caps.xsd>
Wiki Page: <http://wiki.jabber.org/index.php/Entity Capabilities (XEP-0115)>

Author Information

Joe Hildebrand

Email: jhildebrand@jabber.com
JabberID: hildjj@jabber.org

Peter Saint-Andre

Email: stpeter@jabber.org
JabberID: stpeter@jabber.org

Legal Notice

This XMPP Extension Protocol is copyright 1999 - 2007 by the XMPP Standards Foundation (XSF) and is in full conformance with the XSF's Intellectual Property Rights Policy <http://www.xmpp.org/extensions/ipr-policy.shtml>. This material may be distributed only subject to the terms and conditions set forth in the Creative Commons Attribution License (<http://creativecommons.org/licenses/by/2.5/>).

Discussion Venue

The preferred venue for discussion of this document is the Standards discussion list: <http://mail.jabber.org/mailman/listinfo/standards>.

Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 3920) and XMPP IM (RFC 3921) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.

Conformance Terms

The following keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".


Table of Contents


1. Introduction
2. Assumptions
3. Requirements
4. Use Cases
    4.1. Advertising Capabilities
    4.2. Discovering Capabilities
    4.3. Sending Messages to Unsubscribed Entities
5. Server Optimizations
6. Implementation Notes
7. Error Codes
8. Security Considerations
9. IANA Considerations
10. XMPP Registrar Considerations
11. XML Schema
Notes
Revision History


1. Introduction

It is often desirable for a Jabber/XMPP application (commonly but not necessarily a client) to take different actions depending on the capabilities of another application from which it receives presence information. Examples include:

Some older Jabber clients send one Service Discovery [3] and one Software Version [4] request to each entity from which they received presence after login. That "disco+version flood" results in an excessive use of bandwidth and is impractical on a larger scale, particularly for users or applications with large rosters. Therefore this document proposes a more robust and scalable solution: namely, a presence-based mechanism [5] for exchanging information about entity capabilities. Clients SHOULD NOT engage in the older "disco+version flood" behavior and instead SHOULD use Entity Capabilities as specified herein.

2. Assumptions

This document makes several assumptions:

3. Requirements

The protocol defined herein addresses the following requirements:

  1. Clients MUST be able to participate even if they support only XMPP Core [6], XMPP IM [7], and XEP-0030.
  2. Clients MUST be able to participate even if they are on networks without connectivity to other XMPP servers, services offering specialized XMPP extensions, or HTTP servers. [8]
  3. Clients MUST be able to retrieve information without querying each user.
  4. Since presence is normally broadcasted to many users, the byte size of the proposed extension MUST be as small as possible.
  5. It MUST be possible to write a Multi-User Chat [10] implementation that passes the given information along.
  6. It MUST be possible to publish a change in capabilities within a single session.
  7. Server infrastructure above and beyond that defined in XMPP Core and XMPP IM MUST NOT be required for this approach to work, although additional server infrastructure MAY be used for optimization purposes.

4. Use Cases

4.1

Each time a conformant client sends presence, it annotates that presence with an element that specifies the client type, the version of that client, and which feature bundles (if any) are currently enabled. Unless the server optimizations shown later are being used, the client MUST send this with every presence change (except for unavailable presence) to enable existing servers to remember the last presence for use in responding to probes. The client MUST send the 'node' and 'ver' attributes.

In addition, the client MAY send an 'ext' attribute (short for "extensions") if it has one or more feature bundles to advertise. A feature bundle is any non-standard addition or extension to the core application, such as a client plugin. If more than one feature bundle is advertised, the value of the 'ext' attribute MUST be a space-separated list of bundle names. [11] The client MUST NOT send an 'ext' attribute if there are no interesting non-core features enabled. The names of the feature bundles MUST NOT be used for semantic purposes: they are merely identifiers that will be used in other use cases. If bundles are added or substracted during an entity's session (e.g., a user plugs in a video camera), the entity SHOULD update the value of the 'ext' attribute to reflect the changed capabilities and send a new presence broadcast. If a feature bundle itself changes in any way (e.g., a user installs an updated version of a client plugin), the application MUST change the bundle name and SHOULD send a new presence broadcast.

The values of the 'node', 'ver', and 'ext' attributes MUST NOT contain the '#' character, since that character is used as a separator in the Discovering Capabilities use case.

Example 1. Annotated presence sent

<presence>
  <c xmlns='http://jabber.org/protocol/caps'
     node='http://exodus.jabberstudio.org/caps'
     ver='0.9'/>
</presence>

Example 2. Annotated presence sent, with feature extensions

<presence>
  <c xmlns='http://jabber.org/protocol/caps'
     node='http://exodus.jabberstudio.org/caps'
     ver='0.9'
     ext='ftrans xhtml'/>
</presence>

4.2 Discovering Capabilities

Once someone on my roster knows what client I am using, they need to be able to figure out what features are supported by that client. In the deprecated "disco flood" approach, this has been done by sending one "disco#info" request to each entity in a user's roster. Entity capabilities makes that unnecessary through the use of annotated presence. In particular, a client that receives the annotated presence sends a disco#info request (as defined in XEP-0030: Service Discovery) to exactly one of the users that sent a particular combination of node and ver. If the requestor has received the same annotation from multiple JIDs, the requestor SHOULD pick a random JID from that list to which the requestor will send the disco#info request.

The disco#info request is sent to a JID + node combination that consists of the chosen <user@host/resource> JID and a service discovery node that is constructed as follows: concatenate (1) the value of the caps 'node' attribute, (2) the "#" character, and (3) the version number specified in the caps 'ver' attribute.

Example 3. Disco#info request for client#version

<iq type='get' from='bard@shakespeare.lit/globe' to='randomuser1@capulet.com/resource' iq='123'>
  <query xmlns='http://jabber.org/protocol/disco#info'
         node='http://exodus.jabberstudio.org/caps#0.9'/>
</iq>
      

The random user then returns all of the capabilities supported by the base installation of the application without plugins or other add-ons:

Example 4. Disco#info response for client#version

<iq type='result' from='randomuser1@capulet.com/resource' to='bard@shakespeare.lit/globe' iq='123'>
  <query xmlns='http://jabber.org/protocol/disco#info'
         node='http://exodus.jabberstudio.org/caps#0.9'>
    <identity category='client' type='pc'/>
    <feature var='http://jabber.org/protocol/disco#info'/>
    <feature var='http://jabber.org/protocol/disco#items'/>
    <feature var='http://jabber.org/protocol/feature-neg'/>
    <feature var='http://jabber.org/protocol/muc'/>
  </query>
</iq>
      

Subsequent requests MAY be made to determine the supported features associated with each extension. These requests MUST be sent to a random <user@host/resource> JID that sent a caps annotation that included a particular node/ext combination. The disco#info request shall be sent to a JID + node combination that consists of the chosen JID and a service discovery node that is constructed as follows: concatenate (1) the value of the caps 'node' attribute, (2) the "#" character, and (3) the extension name specified by one of the space-separated names in the caps 'ext' attribute. The requestor SHOULD try to use different JIDs for each of these requests, as well as for the first request.

Example 5. Disco#info request for client#extension

<iq type='get' from='bard@shakespeare.lit/globe' to='randomuser3@capulet.com/resource' id='234'>
  <query xmlns='http://jabber.org/protocol/disco#info'
         node='http://exodus.jabberstudio.org/caps#ftrans'/>
</iq>
      

Example 6. Disco#info response for client#extension

<iq type='result' from='randomuser3@capulet.com/resource' to='bard@shakespeare.lit/globe' id='234'>
  <query xmlns='http://jabber.org/protocol/disco#info'
         node='http://exodus.jabberstudio.org/caps#ftrans'>
    <identity category='client' type='pc'/>
    <feature var='http://jabber.org/protocol/bytestreams'/>
    <feature var='http://jabber.org/protocol/si'/>
    <feature var='http://jabber.org/protocol/si/profile/file-transfer'/>
  </query>
</iq>
      

Example 7. Disco#info request for client#extension

<iq type='get' from='bard@shakespeare.lit/globe' to='randomuser4@capulet.com/resource' id='345'>
  <query xmlns='http://jabber.org/protocol/disco#info'
         node='http://exodus.jabberstudio.org/caps#xhtml'/>
</iq>
      

Example 8. Disco#info response for client#extension

<iq type='result' from='randomuser4@capulet.com/resource' to='bard@shakespeare.lit/globe' id='345'>
  <query xmlns='http://jabber.org/protocol/disco#info'
         node='http://exodus.jabberstudio.org/caps#xhtml'>
    <identity category='client' type='pc'/>
    <feature var='http://jabber.org/protocol/xhtml-im'/>
  </query>
</iq>
      

Note: The set of features that a given entity advertises in response to a "client#version" request and all "client#extension" requests MUST be equivalent to the response it gives to a disco#info request with no 'node' attribute:

Example 9. Generic disco#info response

<iq type='result' from='randomuser2@capulet.com/resource' to='bard@shakespeare.lit/globe' iq='456'>
  <query xmlns='http://jabber.org/protocol/disco#info'>
    <identity category='client' type='pc'/>
    <feature var='http://jabber.org/protocol/disco#info'/>
    <feature var='http://jabber.org/protocol/disco#items'/>
    <feature var='http://jabber.org/protocol/feature-neg'/>
    <feature var='http://jabber.org/protocol/muc'/>
    <feature var='http://jabber.org/protocol/bytestreams'/>
    <feature var='http://jabber.org/protocol/si'/>
    <feature var='http://jabber.org/protocol/si/profile/file-transfer'/>
    <feature var='http://jabber.org/protocol/xhtml-im'/>
  </query>
</iq>
      

All of the responses to the disco#info queries SHOULD be cached. If a particular entity cannot store the responses, it SHOULD NOT make the requests. An entity SHOULD NOT make the service discovery requests unless the information is required for some local functionality. An entity MUST NOT ever make a request to another entity that has the same version of the same application as the requesting entity, except for extensions that are not supported by the requestor's installation (e.g., one "Exodus 0.9" client MUST NOT query another "Exodus 0.9" client unless the second client has advertised an extension or plugin that the first client does not have).

4.3 Sending Messages to Unsubscribed Entities

If an application sends message to an entity from which it has not received presence, it MAY choose to append a capabilities annotation to only the first message sent to that entity within a particular conversation thread or "session". The application MUST NOT append a capabilities annotation to later messages unless its capabilities have changed (e.g., the value of the 'ext' has changed as described above) and MUST NOT send the annotation to entities from which it has received presence. Also, an application MUST NOT send the capabilities annotation to entities which are in a user's roster (or equivalent entity store, as in a gateway) with subscription='both' or subscription='to' (since presence would have been received from these entities if they were online).

Example 10. Message including capabilities

<message to='romeo@example.net' 
         from='juliet@example.com/balcony'>
  <thread>thread1</thread>
  <body>Art thou not Romeo, and a Montague?</body>
  <c xmlns='http://jabber.org/protocol/caps'
     node='http://exodus.jabberstudio.org/caps'
     ver='0.9'
     ext='xhtml'/>
</message>

If the recipient responds to one of these annotated messages, the first message back in the other direction SHOULD be annotated with capabilities.

Example 11. Response message including capabilities

<message from='romeo@example.net/orchard' 
         to='juliet@example.com/balcony'>
  <thread>thread1</thread>
  <body>Neither, fair saint, if either thee dislike.</body>
  <c xmlns='http://jabber.org/protocol/caps'
     node='http://exodus.jabberstudio.org/caps'
     ver='0.9'/>
</message>

Alternatively, unsubscribed entities MAY send directed presence to each other, for which the same rules apply as listed above for messages.

5. Server Optimizations

A server that is managing an entity's session MAY choose to optimize traffic through the server. In this case, the server MAY strip off redundant capabilities annotations. Because of this, receivers of annotations MUST NOT expect an annotation on every presence packet they receive. If the server wants to perform this traffic optimization, it MUST ensure that the first presence each subscriber receives contains the annotation. The server MUST also ensure that any changes in the annotation (typically in the 'ext' attribute) are sent to all subscribers.

A client MAY query the server using disco#info to determine if the server supports the 'http://jabber.org/protocol/caps' feature. If so, the server MUST perform the optimization delineated above, and the client MAY choose to only send the capabilities annotation on the first presence packet, as well as whenever its capabilities change.

Example 12. Disco#info request for server optimization

<iq from='juliet@capulet.com/balcony'
    to='capulet.com'
    type='get'>
  <query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>

<iq from='capulet.com'
    to='juliet@capulet.com/balcony'
    type='result'>
  <query xmlns='http://jabber.org/protocol/disco#info'>
    ...
    <feature var='http://jabber.org/protocol/caps'/>
    ...
  </query>
</iq>

6. Implementation Notes

If capabilities information has not been received from another entity, an application MUST assume that the other entity does not support capabilities.

7. Error Codes

No application-specific error codes are defined by this document. See XEP-0030: Service Discovery for a list of potential service discovery error codes.

8. Security Considerations

Use of the protocol specified in this document might make some client-specific forms of attack slightly easier, since the attacker could more easily determine the type of client being used. However, since most clients respond to jabber:iq:version requests without performing access control checks, there is no new vulnerability. Entities that wish to restrict access to capabilities information SHOULD use the privacy lists protocol defined in XMPP IM to define appropriate communications blocking (e.g., an entity MAY choose to allow IQ requests only from "trusted" entities, such as those with whom it has a subscription of "both").

It is possible (though unlikely) for a bad actor or rogue application to poison other entities by providing incorrect information in response to disco#info requests. To guard against such poisoning, a requesting entity MAY send disco#info requests to multiple entities that match the same node/ver or node/ext combination and then compare the results to ensure consistency. The requesting entity SHOULD NOT send the same request to more than five entities and MUST ensure that the entities are truly different by not sending the same request to multiple entities for which the <user@host> portion matches.

9. IANA Considerations

This document requires no interaction with the Internet Assigned Numbers Authority (IANA) [13].

10. XMPP Registrar Considerations

The XMPP Registrar [14] includes 'http://jabber.org/protocol/caps' in its registries of protocol namespaces and service discovery features.

If it is useful or interesting, the Registrar may also provide registration of the URIs to be used in the 'node' attribute, but since these URIs can be scoped according to well-defined existing rules, this is not necessary.

11. XML Schema

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='http://jabber.org/protocol/caps'
    xmlns='http://jabber.org/protocol/caps'
    elementFormDefault='qualified'>

  <xs:annotation>
    <xs:documentation>
      The protocol documented by this schema is defined in
      XEP-0115: http://www.xmpp.org/extensions/xep-0115.html
    </xs:documentation>
  </xs:annotation>

  <xs:element name='c'>
    <xs:complexType>
      <xs:simpleContent>
        <xs:extension base='empty'>
          <xs:attribute name='ext' type='xs:NMTOKENS' use='optional'/>
          <xs:attribute name='node' type='xs:string' use='required'/>
          <xs:attribute name='ver' type='xs:string' use='required'/>
        </xs:extension>
      </xs:simpleContent>
    </xs:complexType>
  </xs:element>

  <xs:simpleType name='empty'>
    <xs:restriction base='xs:string'>
      <xs:enumeration value=''/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>
    

Notes

1. XEP-0071: XHTML-IM <http://www.xmpp.org/extensions/xep-0071.html>.

2. XEP-0096: File Transfer <http://www.xmpp.org/extensions/xep-0096.html>.

3. XEP-0030: Service Discovery <http://www.xmpp.org/extensions/xep-0030.html>.

4. XEP-0092: Software Version <http://www.xmpp.org/extensions/xep-0092.html>.

5. This proposal is not limited to clients, and can be used by any entity that exchanges presence with another entity, e.g., a gateway. However, this document uses the example of clients throughout.

6. RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core <http://tools.ietf.org/html/rfc3920>.

7. RFC 3921: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence <http://tools.ietf.org/html/rfc3921>.

8. These first two requirements effectively eliminated Publish-Subscribe [9] as a possible implementation of entity capabilities.

9. XEP-0060: Publish-Subscribe <http://www.xmpp.org/extensions/xep-0060.html>.

10. XEP-0045: Multi-User Chat <http://www.xmpp.org/extensions/xep-0045.html>.

11. Each extension name MUST be of type NMTOKEN, where multiple extension names are separated by the white space character #x20, resulting in a tokenized attribute type of NMTOKENS (see Section 3.3.1 of XML 1.0 [12]).

12. Extensible Markup Language (XML) 1.0 (Fourth Edition) <http://www.w3.org/TR/REC-xml/>.

13. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.

14. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the XMPP Standards Foundation. For further information, see <http://www.xmpp.org/registrar/>.


Revision History

Version 1.2 (2007-02-15)

Clarified motivation and handling of service discovery requests.

(psa)

Version 1.1 (2004-10-29)

Clarified meaning of service discovery results for client#ver and client#ext.

(psa)

Version 1.0 (2004-08-01)

Per a vote of the Jabber Council, advanced status to Draft.

(psa)

Version 0.7 (2004-06-29)

Added several items to the Security Considerations; clarified naming requirements regarding 'node', 'ver', and 'ext' attributes.

(jjh/psa)

Version 0.6 (2004-04-25)

Made a number of editorial adjustments.

(psa)

Version 0.5 (2004-01-05)

Specified that the protocol can be used whenever presence is used (e.g., by gateways); improved the XML schema; made several editorial adjustments.

(psa)

Version 0.4 (2003-09-04)

IQ gets must be to a resource, since they are intended to go to a particular session.

(jjh)

Version 0.3 (2003-09-02)

Servers MUST strip extras changed to MAY, due to implementer feedback.

(jjh)

Version 0.2 (2003-08-28)

Add more clarifying assumptions and requirements, make it clear that clients don't have to send capabilities every time if the server is optimizing.

(jjh)

Version 0.1 (2003-08-27)

Initial version.

(jjh)

END