This document specifies an XMPP protocol extension that enables an entity to initiate a command session where there is no preferred namespace. It also specifies a protocol extension for describing the types of ad hoc sessions, similar in concept to a menu.
The motivation for such a protocol comes from the desire to expand Jabber technologies outside the domain of instant messaging. Similar to web applications, these "Jabber applications" are systems in which, via a compliant Jabber client, a user (or automated process) can interact with the application. The client need not be specially-written in order to take advantage of this Jabber application.
This mechanism allows for a larger base of Jabber entities to participate as part of larger application architectures. Although specialized clients would be preferred in many environments, this protocol allows for applications to have a wider audience (i.e., any compliant Jabber client).
The namespace governing this protocol is "http://jabber.org/protocol/commands" (hereafter referred to as x-commands). This namespace relies on the <iq/> element for execution, and can use the <message/> element for announcing command lists. This protocol depends on Service Discovery (XEP-0030)  for reporting and announcing command lists. This namespace is intended to complement Data Forms (XEP-0004)  (jabber:x:data), but is not necessarily dependent upon it.
Support of x-commands implies support for "jabber:x:data" (although this requirement may be replaced and/or amended with a requirement to support Feature Negotiation (XEP-0020)  by performing the appropriate negotations before executing commands). x-commands provides a bootstrap for performing ad-hoc "jabber:x:data" processes, while the data itself is conveyed using "jabber:x:data".
The x-commands namespace is not designed to replace machine-to-machine oriented RPC systems such as Jabber-RPC (XEP-0009) , where the two entities fully understand the command's purpose and behavior prior to execution. x-commands is oriented more for human interaction, where the user agent (such as a compliant Jabber client) most likely has no prior knowledge of the command's purpose and behavior.
To determine if an entity supports x-commands, the requester uses Service Discovery. The requester makes an "#info" query to the responder. If supported, the responder includes a <feature/> with the "var" of "http://jabber.org/protocol/commands".
To find what commands an entity provides, the requester uses Service Discovery. Each command is a node of the responder, under the fixed node "http://jabber.org/protocol/commands" (for which the service discovery identity category is "automation" and type is "command-list"). Use of a fixed node for all commands of an entity allows for immediate retrieval of commands.
Each command is a disco item. The node attribute of <item/> identifies the command, and the name attribute is the label for the command.
The requester retrieves the list of commands by querying for the responder's items for the node "http://jabber.org/protocol/commands":
The result can then be used by the client to populate a menu, a dialog of buttons, or whatever is appropriate to the current user interface. The responder is not required to send the same list of commands to all requesters.
If additional information about a command is desired, the requester queries for disco information on the command node:
A responder MUST at least provide <identity category='automation' type='command-node'/> and <feature var='http://jabber.org/protocol/commands'/>, and SHOULD include <feature var='jabber:x:data'/>. It is not required to support additional information about a command. If the command is not available to the requester, the responder SHOULD respond with a 403 "Forbidden" error.
In some cases, a responder entity may find it appropriate to automatically push this information (e.g. a subscribed entity becomes available). In this case, the entity sends a <message/> containing the proper disco#items <query/>:
The only portion required is <query xmlns='http://jabber.org/protocol/disco#items'/>. Any other information (such as the <subject/> in the foregoing example) is OPTIONAL.
To execute a command, the requester sends an <iq/> containing the command to execute:
The requester MAY include the "action='execute'", although this is implied.
If the command does not require any user interaction (returns results only), the responder sends a packet similar to the following:
If the command requires more interaction, the responder sends a result <iq/> that contains the command information and the form to be filled out:
The <command/> SHOULD include an <actions/> element, which specifies the details of what the allowed actions are for this stage of execution. Each element within <action/> matches a possible value for the <command/> element's "action" attribute. The "execute" attribute defines which of the included actions is considered the equivalent to "execute" for this stage. In the above example, the only allowed action is to progress to the next stage, which is also the default.
Note: The "execute" action (not the attribute) is ambiguous and may have undefined behaviour in some implementations. Relying on the specific behavior of the execute action is discouraged, especially in cases where the "complete" action is not allowed and the "execute" attribute is not specified (see also Command Actions.
The requester then submits the form, maintaining the command node and sessionid:
The responder then provides the next stage's form in the result :
The requester then submits the second stage's form, again maintaining the node and sessionid:
If the requester wishes to revert to the previous stage, it sends an <iq/> with the command's node and sessionid, and "action='prev'":
If the responder accepts this, it responds with the previous stage's command :
In the case where a command has multiple stages, the requester may wish to cancel at some point. To cancel, the requester sends the continuing command request with an "action='cancel'":
This enables the responder to free any resources allocated during the process. The responder MUST reply with the success of the command:
All commands used in the above examples are for illustrative purposes only. There are no predefined or required commands.
Each command is identified by its 'node' attribute. This matches the 'node' attribute from the service discovery <item/> element. Service Discovery requires that all 'node' values be unique within a given JID. This document requires that the 'node' value used in <command/> exactly match the value used in the <item/> element. It is the responsibility of the responder implementation to ensure each command's node is unique for their JID.
The execution of a command exists within the concept of a session. Each session is identified by the 'sessionid' attribute, and SHOULD be valid only between one requester/responder pair. The responder is responsible for determining the session lifetime, with some help from the requester.
The requester starts a new session for a command by simply sending a <command/> with the 'node' attribute (and optionally the 'status' attribute with a value of "execute"). Once the 'sessionid' attribute is given to the requester, it is the requester's responsibility to maintain it for the session's lifetime. A session ends when the responder sends a <command status='completed'/> or the requester sends a <command action='cancel'/> with the provided 'sessionid' value.
Once a session has ended, its 'sessionid' value SHOULD NOT be used again. It is the responder's responsibility to ensure that each 'sessionid' value is unique.
It may be possible for a requester to be executing more than one session of the same command with a given responder. If the responder does not allow more than one session of the same command with the same requester, the responder MUST return a <not-allowed/> error (see Error Condition Mappings (XEP-0086) ).
The result for each stage (other than the last) of a command's execution SHOULD include an <actions/> element. The user-agent can use this information to present a more-intelligent user interface, such as a "druid" or "wizard".
For a user-agent, a typical interpretation of the <actions/> information (or lack thereof) would be the following:
Responders SHOULD use the following guidelines when providing <actions/>:
On its own, the <command/> has very little usefulness. It relies on its payload to give full meaning to its use. The payload can be elements in any namespace that makes sense and is understood (such as "jabber:x:data"), and/or one or more <note/> elements. Any namespaced elements can be used within a <command/>. The only limitations are that the elements not require certain parent elements (such as <iq/>), or specifically allow for <command/> qualified by the "http://jabber.org/protocol/commands" namespace as a possible parent element.
As a general rule, the payload is provided only by the responder. The primary exception to this rule is with the "jabber:x:data" extension (and other namespaces with similar semantics). In this case, if the responder provides a form to submit, the requester SHOULD respond with the submitted data (using the semantics from XEP-0004).
When the precedence of these payload elements becomes important (such as when both "jabber:x:data" and "jabber:x:oob" elements are present), the order of the elements SHOULD be used. Those elements that come earlier in the child list take precedence over those later in the child list. The requester SHOULD consider those elements qualified by the same namespace as having an equivalent precedence (such as if multiple "jabber:x:oob" elements are included).
When the payload is "jabber:x:data", there are certain conditions applied. The requester SHOULD NOT use a "jabber:x:data" type other than "submit". Responders SHOULD consider any <x type='cancel'/> to be <x type='submit'/>.
The status of command execution signals only if the command is executing, has been completed, or been canceled. If completed, the "status" attribute does not specify if it completed successfully or not. If a command completes but fails, the responder MUST include at least one <note type='error'/> with the <command status='completed'/> it returns.
The requester SHOULD provide its locale information using the "xml:lang" attribute on either the <iq/> (RECOMMENDED) or <command/> element. Each execution session (identified by the "sessionid" attribute) SHOULD use only one language/locale, and requesters and responders SHOULD assume the first language/locale specified applies. The responder SHOULD specify the language/locale with the every command session's response.
Within the "http://jabber.org/protocol/commands" schema, the language/locale applies only to the human-readable character data for <info/> elements. It SHOULD also apply to all payload elements, appropriate to their respective specifications.
Responders MUST take this into consideration, and properly account for the language/locale settings within payloads. If the responder cannot accomodate the requested language/locale, it SHOULD respond with a <bad-request/> (<bad-locale/>) error condition.
The focal element in x-commands is <command/>. It is the element used to guide the process, and the element used to report command options.
Each <command/> contains attributes for a node, a "session id", an action type, a status type, and a language/locale specifier. A command MAY contain zero or more <note/> elements and MAY contain other namespaced elements as payload. Elements qualified by the "jabber:x:data" and "jabber:x:oob" namespaces are the typical payload.
The "node" attribute uniquely identifies the command. This attribute MUST be present.
The "sessionid" attribute helps to track a command execution across multiple stages. This attribute MUST be present for subsequent stages, and the responder SHOULD initialize (if not provided) or maintain this attribute. The value of this attribute MUST NOT be empty or null, but otherwise can be any string value. This value MUST be maintained by a requester while executing a command.
The "status" attribute describes the current status of this command. This value SHOULD be set only by the responder. If specified by the requester, the responder MUST ignore it. The value of "status" MUST be one of the following:
|executing||The command is being executed.|
|completed||The command has completed. The command session has ended.|
|canceled||The command has been canceled. The command session has ended.|
The "action" attribute specifies the action to undertake with the given command. This value SHOULD be set only by the requester. If specified by the responder, the requester MUST ignore it. The value of "action" MUST be one of the following:
|execute||The command should be executed or continue to be executed. This is the default value.|
|cancel||The command should be canceled.|
|prev||The command should be digress to the previous stage of execution.|
|next||The command should progress to the next stage of execution.|
|complete||The command should be completed (if possible).|
The "xml:lang" attribute specifies the language/locale this <command/> is intended for. This attribute MAY be specified by the requester to request a specific language/locale, and SHOULD be included by the responder to indicate the language/locale in use.
The children of a <command/> element (other than <actions/> and <note/>) pertain to the command's execution. The order of these elements denote their precedence, so that those elements earlier in the list have higher precedence.
The allowed actions for a particular stage of execution are provided by the <actions/> element. This element SHOULD be provided by the responder if the command's execution is not complete, and SHOULD NOT ever be provided by the requester. It contains a single attribute to specify what the "execute" action equals. It contains child elements to specify what the allowed actions are.
The "execute" attribute specifies what the action "execute" is equivalent to. In user-agent interfaces, this represents the default behavior. This attribute MAY be specified by the responder, and MUST equal one of the "action" attribute values for <command/>. The value of this attribute SHOULD match the local name of one of the contained child elements.
The child elements contained by <action/> specify the allowed actions. The name of each child element MUST be one of the following:
Notes about the current status of commands are provided by <note/> elements. This element contains information about current conditions in a command sequence. This element has an attribute that defines the type of note. The body of a <note/> should contain a user-readable text message.
The "type" attribute specifies the severity of the note. This attribute is OPTIONAL, and implies "info" if not present. The value of this attribute MUST be one of the following:
|info||The note is informational only. This is not really an exceptional condition.|
|warn||The note indicates a warning. Possibly due to illogical (yet valid) data.|
|error||The note indicates an error. The text should indicate the reason for the error.|
To simplify the discussion on error conditions, this document uses the following mapping between namespace URIs and namespace prefixes :
Below are the possible errors that can occur during execution.
|Error Type||General Condition||Specific Condition||Description|
|modify||<xmpp:bad-request/>||<cmd:malformed-action/>||The responding JID does not understand the specified action.|
|modify||<xmpp:bad-request/>||<cmd:bad-action/>||The responding JID cannot accept the specified action.|
|modify||<xmpp:bad-request/>||<cmd:bad-locale/>||The responding JID cannot accept the specified language/locale.|
|modify||<xmpp:bad-request/>||<cmd:bad-payload/>||The responding JID cannot accept the specified payload (e.g. the data form did not provide one or more required fields).|
|modify||<xmpp:bad-request/>||<cmd:bad-sessionid/>||The responding JID cannot accept the specified sessionid.|
|cancel||<xmpp:not-allowed/>||<cmd:session-expired/>||The requesting JID specified a sessionid that is no longer active (either because it was completed, canceled, or timed out).|
|cancel||<xmpp:forbidden/>||NONE||The requesting JID is not allowed to execute the command.|
|cancel||<xmpp:item-not-found/>||NONE||The responding JID cannot find the requested command node.|
|cancel||<xmpp:feature-not-implemented/>||NONE||The responding JID does not support "http://jabber.org/protocol/commands".|
Determining when a command can be executed based on permissions or rights is considered outside the scope of this document. Although such mechanisms are considered specific to the application and/or implementation of this document, future specifications may address these concerns.
When processing reported commands, the requester SHOULD consider any command node that does not match the JID of the responder to be suspicious, and ignore those command nodes. Responders MUST report their own command nodes only, and not the command nodes of other entities. This can help prevent limited cases of spoofing and "social engineering".
This document requires no interaction with the Internet Assigned Numbers Authority (IANA) .
The XMPP Registrar includes "automation" in its registry of Service Discovery categories for use for any entities and nodes that provide automated or programmed interaction. This category has the following types:
|command-list||The node for a list of commands; valid only for the node "http://jabber.org/protocol/commands".|
|command-node||A node for a specific command; the 'node' attribute uniquely identifies the command.|
The registry submission is as follows:
The XMPP Registrar includes "http://jabber.org/protocol/commands" in its registry of well-known Service Discovery nodes.
As authorized by XMPP URI Query Components (XEP-0147) , the XMPP Registrar maintains a registry of queries and key-value pairs for use in XMPP URIs (see <https://xmpp.org/registrar/querytypes.html>).
The "command" querytype is defined herein for interaction with entities that support the ad-hoc command protocol, with keys of "action" and "node".
The following submission registers the "command" querytype.
Many thanks to Florian Schmaus, Christian Schudt and Anno van Vliet for their input and feedback on this specification.
This document in other formats: XML PDF
This XMPP Extension Protocol is copyright © 1999 – 2020 by the XMPP Standards Foundation (XSF).
Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <https://xmpp.org/about/xsf/ipr-policy> or obtained by writing to XMPP Standards Foundation, P.O. Box 787, Parker, CO 80134 USA).
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
The primary venue for discussion of XMPP Extension Protocols is the <firstname.lastname@example.org> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <http://xmpp.org/about/discuss.shtml> for a complete list.
Errata can be sent to <email@example.com>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
6. Note that the second stage can be reverted to the first stage or completed (signaled by the inclusion of the <prev/> and <complete/> elements), and that the default action is to complete execution (signaled by the "execute" attribute's value of "complete").
7. The responder MAY present "remembered" field values, but doing so is OPTIONAL.
9. This mapping is provided solely for the purpose of simplifying this discussion.
10. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.
11. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the XMPP Standards Foundation. For further information, see <https://xmpp.org/registrar/>.
Note: Older versions of this specification might be available at http://xmpp.org/extensions/attic/