Abstract: | This specification describes a method for using PEP based avatars and vCard based avatars in parallel by having the user’s server do a conversion between the two. |
Author: | Daniel Gultsch |
Copyright: | © 1999 – 2017 XMPP Standards Foundation. SEE LEGAL NOTICES. |
Status: | Experimental |
Type: | Standards Track |
Version: | 0.2.0 |
Last Updated: | 2018-01-25 |
WARNING: This Standards-Track document is Experimental. Publication as an XMPP Extension Protocol does not imply approval of this proposal by the XMPP Standards Foundation. Implementation of the protocol described herein is encouraged in exploratory implementations, but production systems are advised to carefully consider whether it is appropriate to deploy implementations of this protocol before it advances to a status of Draft.
1. Introduction
2. Discovery
3. Conversion
3.1. From PEP to vCard
3.2. From vCard to PEP
4. Presence Broadcast
5. Implementation Notes
6. Security Considerations
7. IANA Considerations
8. XMPP Registrar Considerations
9. XML Schema
10. Acknowledgements
Appendices
A: Document Information
B: Author Information
C: Legal Notices
D: Relation to XMPP
E: Discussion Venue
F: Requirements Conformance
G: Notes
H: Revision History
User Avatar (XEP-0084) [1] and vCard-Based Avatars (XEP-0153) [2] are usually considered to stand in competition with each other. XEP-0084 even talks about superseeding XEP-0153 in the future. While XEP-0084 provides a more efficient interface to upload avatars by seperating meta data and data (thus saving the client from having to download its own avatar on every connect) it has the significant downside of not working with Multi-User Chat (XEP-0045) [3].
Server implementations can aid to resolve this conflict by automatically putting avatars uploaded with XEP-0084 into XEP-0153 storage and vice versa. This allows clients to use the more efficient XEP-0084 for uploading avatars and XEP-0153 to retrieve avatars in Multi-User Chats.
The conversion is transparent to the uploading entity. However an entity might want to discover if a service will be performing the conversion from XEP-0084 to XEP-0153 since using vCard-Based Avatars will make the uploaded avatar publicly available. (See the »Security Considerations« section of this XEP.)
The service MUST include a Service Discovery (XEP-0030) [4] feature of "urn:xmpp:pep-vcard-conversion:0" on the account.
<iq from='romeo@montague.tld/garden' id='01' type='get' to='remeo@montague.tld'> <query xmlns='http://jabber.org/protocol/disco#info'/> </iq>
<iq from='romeo@montague.tld' id='01' type='result' to='romeo@montague.tld/garden'> <query xmlns='http://jabber.org/protocol/disco#info'> <feature var='urn:xmpp:pep-vcard-conversion:0'/> </query> </iq>
Modern clients are expected to use PEP (XEP-0084) as interface to upload their avatar and use vCard (XEP-0153) only as a read only fallback. Thus a service MUST support conversion from PEP to vCard. A service MAY support conversion from vCard to PEP in order to display avatars in clients that only support XEP-0084.
Upon receiving a publication request to the 'urn:xmpp:avatar:metadata' node the service MUST look up the corresponding item published in the 'urn:xmpp:avatar:data' node and store the content of the data element as a photo in the vcard. Services MUST consider the fact that the metadata node might contain multiple info elements and MUST pick the info element that does not point to an exernal URL. Services SHOULD verify that the SHA-1 hash of the image matches the id.
Upon receiving a vCard publication request with a valid photo attached to it a service MUST first publish an item to the 'urn:xmpp:avatar:data' node on behalf of the requesting entity. The id of that item MUST be the SHA-1 hash of the image as described in XEP-0084. Afterwards the service MUST publish a new item to the 'urn:xmpp:avatar:metadata' node with one info element that represents the newly published image using the type value from the vCard as a type attribute in the info element.
After publication the service SHOULD send out notification messages to all subscribers of the metadata node.
The »Business Rules« section of XEP-0153 tells entities to include a hash of the vCard avatar in their presence. However this requires clients to retrieve the avatar on every connect to calculate the hash. To avoid this, services MUST include the hash on behalf of their users in every available presence that does not contain an empty photo element wrapped in an x element qualified by the 'vcard-temp:x:update' namespace. Empty x elements qualified by the 'vcard-temp:x:update' namespace (those without a photo element as child) MUST be overwritten. Presences where the content of the photo element is not empty and not equal to the hash calculated by the service MAY be overwritten.
<presence/>
<presence to='juliet@capulet.tld' from='romeo@montague.tld/garden'> <x xmlns='vcard-temp:x:update'> <photo>sha1-hash-of-image</photo> </x> </presence>
<presence> <x xmlns='vcard-temp:x:update'> <photo/> </x> </presence>
<presence to='juliet@capulet.tld' from='romeo@montague.tld/garden'> <x xmlns='vcard-temp:x:update'> <photo/> </x> </presence>
The hash MUST also be injected into directed presences such as MUC joins
Implementing clients SHOULD use the more efficient XEP-0084 to access their own avatar storage and implement XEP-0153 only to download avatars from other entities if they do not have mutual presence subscription with said entity. (For example participants in a Multi-User Chat.)
Services will inject the hash in directed presences automatically but will not resend the presence if the avatar gets updated. Thus clients MAY resend directed available presence to all Multi-User Chats after receiving a 'urn:xmpp:avatar:metadata' update notification. The service will then inject an updated version of the hash. To avoid sending unnecassary presence updates, resending should only occur if the service annouces the 'urn:xmpp:pep-vcard-conversion:0' feature.
XEP-0084 has a default access model that only allows entities with mutual presence subscription to access the published avatar. XEP-0153 has no access control at all. Clients that discover the disco feature 'urn:xmpp:pep-vcard-conversion:0' on the account MAY warn users that uploading an avatar will make that avatar accessible to anyone who knows the Jabber ID.
In the future services MAY decide to perform PEP to vCard conversion only if the access model of the 'urn:xmpp:avatar:data' node has been set to 'open' as described in Publish-Subscribe (XEP-0060) [5]. However the ability to change the access model of nodes isn’t widely implemented yet and thus this paragraph exists only to act as a reminder that the privacy implications described in the previous paragraph can be avoided
This document requires no interaction with the Internet Assigned Numbers Authority (IANA).
This specification defines the following XML namespace:
tbd
Special thanks to Evgeny Khramtsov who implemented what is now written down as a XEP in ejabberd and created the inspiration for this XEP.
Series: XEP
Number: 0398
Publisher: XMPP Standards Foundation
Status:
Experimental
Type:
Standards Track
Version: 0.2.0
Last Updated: 2018-01-25
Approving Body: XMPP Council
Dependencies: XMPP Core, XEP-0084, XEP-0153
Supersedes: None
Superseded By: None
Short Name: pep-vcard-conversion
Source Control:
HTML
This document in other formats:
XML
PDF
Email:
daniel@gultsch.de
JabberID:
daniel@gultsch.de
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
The primary venue for discussion of XMPP Extension Protocols is the <standards@xmpp.org> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <http://xmpp.org/about/discuss.shtml> for a complete list.
Errata can be sent to <editor@xmpp.org>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
1. XEP-0084: User Avatar <https://xmpp.org/extensions/xep-0084.html>.
2. XEP-0153: vCard-Based Avatars <https://xmpp.org/extensions/xep-0153.html>.
3. XEP-0045: Multi-User Chat <https://xmpp.org/extensions/xep-0045.html>.
4. XEP-0030: Service Discovery <https://xmpp.org/extensions/xep-0030.html>.
5. XEP-0060: Publish-Subscribe <https://xmpp.org/extensions/xep-0060.html>.
Note: Older versions of this specification might be available at http://xmpp.org/extensions/attic/
First draft.
(dg)END