Add empty handlers for chat-joined and chat-left signals.

[pidgin-purple-perl-plugins.git] / TODO / xep-0144.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>XEP-0144: Roster Item Exchange</title><link rel="stylesheet" type="text/css" href="xep-0144_soubory/xmpp.css"><link rel="shortcut icon" type="image/x-icon" href="http://xmpp.org/favicon.ico"><meta name="DC.Title" content="Roster Item Exchange"><meta name="DC.Creator" content="Peter Saint-Andre"><meta name="DC.Description" content="This specification defines an XMPP protocol extension for exchanging contact list items, including the ability to suggest whether the item is to be added, deleted, or modified in the contact list of the recipient, as well as the suggested roster group for the item."><meta name="DC.Publisher" content="XMPP Standards Foundation"><meta name="DC.Contributor" content="XMPP Extensions Editor"><meta name="DC.Date" content="2005-08-26"><meta name="DC.Type" content="XMPP Extension Protocol"><meta name="DC.Format" content="XHTML"><meta name="DC.Identifier" content="XEP-0144"><meta name="DC.Language" content="en"><meta name="DC.Rights" content="This XMPP Extension Protocol is copyright © 1999 - 2009 by the XMPP Standards Foundation (XSF)."></head><body><h1>XEP-0144: Roster Item Exchange</h1><table><tbody><tr valign="top"><td><strong>Abstract:</strong></td><td>This
specification defines an XMPP protocol extension for exchanging contact
list items, including the ability to suggest whether the item is to be
added, deleted, or modified in the contact list of the recipient, as
well as the suggested roster group for the item.</td></tr><tr valign="top"><td><strong>Author:</strong></td><td>Peter Saint-Andre</td></tr><tr valign="top"><td><strong>Copyright:</strong></td><td>© 1999 - 2009 XMPP Standards Foundation. <a href="#appendix-legal">SEE LEGAL NOTICES</a>.</td></tr><tr valign="top"><td><strong>Status:</strong></td><td>Draft</td></tr><tr valign="top"><td><strong>Type:</strong></td><td>Standards Track</td></tr><tr valign="top"><td><strong>Version:</strong></td><td>1.0</td></tr><tr valign="top"><td><strong>Last&nbsp;Updated:</strong></td><td>2005-08-26</td></tr></tbody></table><hr><p style="color: green;">NOTICE:
The protocol defined herein is a Draft Standard of the XMPP Standards
Foundation. Implementations are encouraged and the protocol is
appropriate for deployment in production systems, but some changes to
the protocol are possible before it becomes a Final Standard.</p><hr><h2>Table of Contents</h2><div class="indent"><p><br>1.  <a href="#intro">Introduction</a><br>2.  <a href="#reqs">Requirements</a><br>3.  <a href="#usecases">Use Cases</a><br>&nbsp;&nbsp;&nbsp;
      3.1.  <a href="#add">Suggesting Roster Item Addition</a><br>&nbsp;&nbsp;&nbsp;
      3.2.  <a href="#delete">Suggesting Roster Item Deletion</a><br>&nbsp;&nbsp;&nbsp;
      3.3.  <a href="#modify">Suggesting Roster Item Modification</a><br>4.  <a href="#disco">Service Discovery</a><br>5.  <a href="#stanza">Recommended Stanza Type</a><br>&nbsp;&nbsp;&nbsp;
      5.1.  <a href="#stanza-iq">IQ Semantics</a><br>6.  <a href="#bizrules">Business Rules</a><br>7.  <a href="#entities">Types of Sending Entities</a><br>&nbsp;&nbsp;&nbsp;
      7.1.  <a href="#entities-user">Jabber Users</a><br>&nbsp;&nbsp;&nbsp;
      7.2.  <a href="#entities-gateway">Gateways</a><br>&nbsp;&nbsp;&nbsp;
      7.3.  <a href="#entities-groupservice">Group Services</a><br>8.  <a href="#security">Security Considerations</a><br>&nbsp;&nbsp;&nbsp;
      8.1.  <a href="#security-trust">Trusted Entities</a><br>&nbsp;&nbsp;&nbsp;
      8.2.  <a href="#security-dos">Denial of Service</a><br>&nbsp;&nbsp;&nbsp;
      8.3.  <a href="#security-support">Advertising Support</a><br>9.  <a href="#iana">IANA Considerations</a><br>10.  <a href="#registrar">XMPP Registrar Considerations</a><br>&nbsp;&nbsp;&nbsp;
      10.1.  <a href="#registrar-ns">Protocol Namespaces</a><br>&nbsp;&nbsp;&nbsp;
      10.2.  <a href="#registrar-disco">Service Discovery Identities</a><br>11.  <a href="#schema">XML Schema</a></p><p><a href="#appendices">Appendices</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-docinfo">A: Document Information</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-authorinfo">B: Author Information</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-legal">C: Legal Notices</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-xmpp">D: Relation to XMPP</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-discuss">E: Discussion Venue</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-conformance">F: Requirements Conformance</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-notes">G: Notes</a><br>&nbsp;&nbsp;&nbsp;&nbsp;<a href="#appendix-revs">H: Revision History</a></p></div><hr><h2>1.
       <a name="intro" id="intro">Introduction</a></h2>
  <p class="" style="">The
Jabber protocols have long included a method for sending roster items
from one entity to another, making use of the 'jabber:x:roster'
namespace. Because this protocol extension was not required by <span class="ref" style=""><a href="http://tools.ietf.org/html/rfc2779">RFC 2779</a></span>  [<a href="#nt-id2251511">1</a>], it was removed from <span class="ref" style=""><a href="http://tools.ietf.org/html/rfc3921">XMPP IM</a></span>  [<a href="#nt-id2251676">2</a>] and documented for historical purposes in <span class="ref" style=""><a href="http://xmpp.org/extensions/xep-0093.html">Roster Item Exchange</a></span>  [<a href="#nt-id2251703">3</a>]. However, since that time discussions in the <span class="ref" style=""><a href="http://mail.jabber.org/mailman/listinfo/standards/">Standards SIG</a></span>  [<a href="#nt-id2251730">4</a>]
have revealed that it would be helpful to use roster item exchange in
the problem spaces of "shared groups" (e.g., predefined roster groups
used within an organization) and roster synchronization (e.g., keeping
a Jabber roster in sync with a contact list on a legacy IM service).
These problem spaces require a slightly more sophisticated kind of
roster item exchange than was documented in XEP-0093, specifically the
ability to indicate whether a roster item is to be added, deleted, or
modified. Therefore this document redefines roster item exchange to
provide this functionality in a way that is backwards-compatible with
existing implementations, albeit using a modern namespace URI of
'http://jabber.org/protocol/rosterx' rather than the old
'jabber:x:roster' namespace name. Further specifications will define
how to solve the problems of shared groups and roster synchronization
using the protocol defined herein.</p>
<h2>2.
       <a name="reqs" id="reqs">Requirements</a></h2>
  <p class="" style="">XEP-0093 did not define the requirements for roster item exchange. This section remedies that oversight.</p>
  <p class="" style="">Roster item exchange meets the following requirements:</p>
  <ol start="" class="" style="">
    <li class="" style="">Enable
an entity to send one or more roster items to another entity, with the
suggestion that the roster item(s) be added to the recipient's roster.</li>
    <li class="" style="">Enable
an entity to send one or more roster items to another entity, with the
suggestion that the roster item(s) be deleted from the recipient's
roster.</li>
    <li class="" style="">Enable an entity to send one or
more roster items to another entity, with the suggestion that the
roster item(s) be modified in the recipient's roster.</li>
  </ol>
  <p class="" style="">This
document deliberately speaks of rosters and roster items, not presence
subscriptions. Although rosters and subscriptions are closely connected
(as explained in <span class="ref">RFC 3921</span>), they are not
identical. The protocol defined herein enables an entity to suggest
that another entity might want to add, delete, or modify roster items
only, and does not dictate the suggested presence subscription state
associated with those roster items. This is intentional.</p>
<h2>3.
       <a name="usecases" id="usecases">Use Cases</a></h2>
  <div class="indent"><h3>3.1 <a name="add" id="add">Suggesting Roster Item Addition</a></h3>
    <p class="" style="">In
order to programatically suggest that the receiving entity should add
one or more items to its roster, the sending entity MUST send a
&lt;message/&gt; or &lt;iq/&gt; stanza containing an &lt;x/&gt; element
qualified by the 'http://jabber.org/protocol/rosterx' namespace (see <a href="#stanza">Recommended Stanza Type</a>
regarding when to use &lt;message/&gt; and when to use &lt;iq/&gt;);
the &lt;x/&gt; element in turn MUST contain one or more &lt;item/&gt;
child elements, each of which SHOULD possess an 'action' attribute
whose value is "add" [<a href="#nt-id2251653">5</a>], MUST possess a
'jid' attribute that specifies the JabberID of the item to be added,
MAY possess a 'name' attribute that specifies a natural-language name
or nickname for the item, and MAY contain one or more &lt;group/&gt;
elements specifying roster groups into which to place the item. If a
&lt;message/&gt; stanza is sent, it MAY contain a &lt;body/&gt; element
but SHOULD NOT contain any other child elements. Here is an example:</p>
    <p class="caption"><a name="example-1" id="example-1"></a>Example 1. Suggesting Addition</p><div class="indent"><pre>&lt;message from='horatio@denmark.lit' to='hamlet@denmark.lit'&gt;
  &lt;body&gt;Some visitors, m'lord!&lt;/body&gt;
  &lt;x xmlns='http://jabber.org/protocol/rosterx'&gt; 
    &lt;item action='add'
          jid='rosencrantz@denmark.lit'
          name='Rosencrantz'&gt;
      &lt;group&gt;Visitors&lt;/group&gt;
    &lt;/item&gt;
    &lt;item action='add'
          jid='guildenstern@denmark.lit'
          name='Guildenstern'&gt;
      &lt;group&gt;Visitors&lt;/group&gt;
    &lt;/item&gt;
  &lt;/x&gt;
&lt;/message&gt;
    </pre></div>
    <p class="" style="">In
determining how to handle any given roster item whose 'action'
attribute has a value of "add" (either explicitly or as the default
value), the receiving application SHOULD proceed as follows:</p>
    <ol start="" class="" style="">
      <li class="" style="">If
the item already exists in the roster and the item is in the specified
group (or no group is specified), the receiving application MUST NOT
prompt a human user for approval regarding that item and MUST NOT add
that item to the roster.</li>
      <li class="" style="">If the item
does not already exist in the roster, the receiving application SHOULD
prompt a human user for approval regarding that item and, if approval
is granted, MUST add that item to the roster.</li>
      <li class="" style="">If
the item already exists in the roster but not in the specified group,
the receiving application MAY prompt the user for approval and SHOULD
edit the existing item so that will also belong to the specified group
(in addition to the existing group, if any).</li>
    </ol>
    <p class="" style="">If
the roster item addition stanza will result in adding the item to the
roster, the receiving application MUST (either with approval by a human
user or automatically subject to configuration) send a roster set to
the user's server containing the new item as described in <span class="ref">RFC 3921</span>.
After completing the roster set, the receiving application SHOULD also
send a &lt;presence/&gt; stanza of type "subscribe" to the JID of the
new item.</p>
    <p class="" style="">For a description of the
recommended application behavior when a roster item addition stanza
actually results in editing of an existing roster item, refer to the <a href="#modify">Suggesting Roster Item Modification</a> section of this document.</p>
  </div>
  <div class="indent"><h3>3.2 <a name="delete" id="delete">Suggesting Roster Item Deletion</a></h3>
    <p class="" style="">In
order to programatically suggest that the receiving entity should
delete one or more items from its roster, the sending entity MUST send
a &lt;message/&gt; or &lt;iq/&gt; stanza containing an &lt;x/&gt;
element qualified by the 'http://jabber.org/protocol/rosterx'
namespace; the &lt;x/&gt; element in turn MUST contain one or more
&lt;item/&gt; child elements, each of which MUST possess an 'action'
attribute whose value is "delete", MUST possess a 'jid' attribute that
specifies the JabberID of the item to be deleted, MAY possess a 'name'
attribute that specifies a natural-language name or nickname for the
item, and MAY contain one or more &lt;group/&gt; elements specifying
roster groups for the item. If a &lt;message/&gt; stanza is sent, it
MAY contain a &lt;body/&gt; element but SHOULD NOT contain any other
child elements. Here is an example:</p>
    <p class="caption"><a name="example-2" id="example-2"></a>Example 2. Suggesting Deletion</p><div class="indent"><pre>&lt;message from='horatio@denmark.lit' to='hamlet@denmark.lit'&gt;
  &lt;x xmlns='http://jabber.org/protocol/rosterx'&gt; 
    &lt;item action='delete'
          jid='rosencrantz@denmark'
          name='Rosencrantz'&gt;   
       &lt;group&gt;Visitors&lt;/group&gt;   
     &lt;/item&gt;     
     &lt;item action='delete'       
           jid='guildenstern@denmark'    
           name='Guildenstern'&gt;          
       &lt;group&gt;Visitors&lt;/group&gt;   
     &lt;/item&gt;
  &lt;/x&gt;
&lt;/message&gt;
    </pre></div>
    <p class="" style="">In
determining how to handle any given roster item whose 'action'
attribute has a value of "delete", the receiving application SHOULD
proceed as follows:</p>
    <ol start="" class="" style="">
      <li class="" style="">If
the item does not exist in the roster, the receiving application MUST
NOT prompt a human user for approval regarding that item and MUST NOT
delete that item from the roster.</li>
      <li class="" style="">If
the item exists in the roster but not in the specified group, the
receiving application MUST NOT prompt the user for approval and MUST
NOT delete the existing item.</li>
      <li class="" style="">If the
item exists in the roster and is in both the specified group and
another group, the receiving application MAY prompt the user for
approval and SHOULD edit the existing item so that it no longer belongs
to the specified group.</li>
    </ol>
    <p class="" style="">If the
item is to be deleted, the receiving application SHOULD remove the item
from the roster by sending a roster set to the user's server with the
'subscription' attribute set to a value of "remove" as described in <span class="ref">RFC 3921</span>, since this results in generation of the appropriate &lt;presence/&gt; stanzas by the user's server.</p>
  </div>
  <div class="indent"><h3>3.3 <a name="modify" id="modify">Suggesting Roster Item Modification</a></h3>
    <p class="" style="">In
order to programatically suggest that the receiving entity should
modify one or more items from its roster, the sending entity MUST send
a &lt;message/&gt; or &lt;iq/&gt; stanza containing an &lt;x/&gt;
element qualified by the 'http://jabber.org/protocol/rosterx'
namespace; the &lt;x/&gt; element in turn MUST contain one or more
&lt;item/&gt; child elements, each of which MUST possess an 'action'
attribute whose value is "modify", MUST possess a 'jid' attribute that
specifies the JabberID of the item to be modified, MAY possess a 'name'
attribute that specifies a natural-language name or nickname for the
item, and MAY contain one or more &lt;group/&gt; elements specifying
roster groups into which to place the item. If a &lt;message/&gt;
stanza is sent, it MAY contain a &lt;body/&gt; element but SHOULD NOT
contain any other child elements. Here is an example:</p>
    <p class="caption"><a name="example-3" id="example-3"></a>Example 3. Suggesting Modification</p><div class="indent"><pre>&lt;message from='horatio@denmark.lit' to='hamlet@denmark.lit'&gt;
  &lt;x xmlns='http://jabber.org/protocol/rosterx'&gt; 
    &lt;item action='modify'
          jid='rosencrantz@denmark.lit'
          name='Rosencrantz'&gt;
      &lt;group&gt;Retinue&lt;/group&gt;
    &lt;/item&gt;
    &lt;item action='modify'
          jid='guildenstern@denmark.lit'
          name='Guildenstern'&gt;
      &lt;group&gt;Retinue&lt;/group&gt;
    &lt;/item&gt;
  &lt;/x&gt;
&lt;/message&gt;
    </pre></div>
    <p class="" style="">In
determining how to handle any given roster item whose 'action'
attribute has a value of "modify", the receiving application SHOULD
proceed as follows:</p>
    <ol start="" class="" style="">
      <li class="" style="">If
the item does not exist in the roster, the receiving application MUST
NOT prompt a human user for approval regarding that item and MUST NOT
add that item to the roster.</li>
      <li class="" style="">If the
item exists in the roster and the modification results in a change of
group only, the receiving application MAY prompt the user for approval
and SHOULD move the item to the specified group.</li>
      <li class="" style="">If
the item exists in the roster and the modification results in adding
the item to a new group in addition to its existing group, the
receiving application MAY prompt the user for approval and SHOULD add
the item to the specified group.</li>
      <li class="" style="">If
the item exists in the roster and the modification results in a change
of name only, the receiving application MAY prompt the user for
approval and SHOULD modify the name to that specified in the
modification suggestion.</li>
    </ol>
    <p class="" style="">If a
roster item addition, deletion, or modification stanza will result in
editing of an existing item in the roster, the receiving application
MUST (either with approval by a human user or automatically subject to
configuration) send a roster set to the user's server with no changes
to the 'subscription' attribute but rather with appropriate changes to
the value of 'name' attribute or the &lt;group/&gt; child element or
elements, as described in <span class="ref">RFC 3921</span>.</p>
  </div>
<h2>4.
       <a name="disco" id="disco">Service Discovery</a></h2>
  <p class="" style="">In order to determine whether a receiving entity supports the protocol defined herein, the sending entity SHOULD use <span class="ref" style=""><a href="http://xmpp.org/extensions/xep-0030.html">Service Discovery</a></span>  [<a href="#nt-id2262769">6</a>] but MAY depend on the "profile" of Service Discovery defined in <span class="ref" style=""><a href="http://xmpp.org/extensions/xep-0115.html">Entity Capabilities</a></span>  [<a href="#nt-id2262795">7</a>]. If an entity supports roster item exchange, it MUST (subject to appropriate security considerations as described under <a href="#security-support">Advertising Support</a>)
include &lt;feature var='http://jabber.org/protocol/rosterx'/&gt; in
its responses to disco#info queries. Thus a sending entity can discover
if a receiving entity supports the protocol defined herein by sending
an IQ request of the following form:</p>
  <p class="caption"><a name="example-4" id="example-4"></a>Example 4. Sending Entity Queries for Support</p><div class="indent"><pre>&lt;iq from='horatio@denmark.lit/castle'
    to='hamlet@denmark.lit/throne'
    type='get'
    id='disco1'&gt;
  &lt;query xmlns='http://jabber.org/protocol/disco#info'/&gt;
&lt;/iq&gt;
  </pre></div>
  <p class="" style="">The receiving entity then indicates its support:</p>
  <p class="caption"><a name="example-5" id="example-5"></a>Example 5. Receiving Entity Advertises Support</p><div class="indent"><pre>&lt;iq from='hamlet@denmark.lit/throne'
    to='horatio@denmark.lit/castle'
    type='get'
    id='disco1'&gt;
  &lt;query xmlns='http://jabber.org/protocol/disco#info'&gt;
    ...
    &lt;feature var='http://jabber.org/protocol/rosterx'/&gt;
    ...
  &lt;/query&gt;
&lt;/iq&gt;
  </pre></div>
<h2>5.
       <a name="stanza" id="stanza">Recommended Stanza Type</a></h2>
  <p class="" style="">If
the sending entity has knowledge (e.g., via presence or an active chat
conversation) that the receiving entity is online and available, it
SHOULD: [<a href="#nt-id2262856">8</a>]</p>
  <ol start="" class="" style="">
    <li class="" style="">Discover if the receiving entity supports the protocol defined herein (see the <a href="#disco">Service Discovery</a> section of this document).</li>
    <li class="" style="">If
so, send its roster item exchange stanza to a particular resource
(user@host/resource) of the receiving entity using an &lt;iq/&gt;
stanza rather than a &lt;message/&gt; stanza.</li>
  </ol>
  <p class="" style="">If
the sending entity does not know that the receiving entity is online
and available, it MUST send a &lt;message/&gt; stanza to the receiving
entity's "bare JID" (user@host) rather than an &lt;iq/&gt; stanza to a
particular resource.</p>
  <div class="indent"><h3>5.1 <a name="stanza-iq" id="stanza-iq">IQ Semantics</a></h3>
    <p class="" style="">If
the sending entity uses &lt;iq/&gt; stanzas to communicate its roster
item exchange suggestions, the receiving entity MUST adhere to the IQ
semantics defined in <span class="ref" style=""><a href="http://tools.ietf.org/html/rfc3920">XMPP Core</a></span>  [<a href="#nt-id2262953">9</a>]. Specifically:</p>
    <ol start="" class="" style="">
      <li class="" style="">If
the receiving entity successfully processes the suggested action(s)
(which may include ignoring certain suggestions), the receiving entity
MUST return an empty IQ result to the sending entity.</li>
      <li class="" style="">If
the receiving entity does not understand the roster item exchange
namespace, the receiving entity MUST return an error to the sending
entity, which error SHOULD be &lt;service-unavailable/&gt;.</li>
      <li class="" style="">If
the receiving entity will not process the suggested action(s) because
the receiving entity is not registered with the sending entity, the
receiving entity MUST return an error to the sending entity, which
error SHOULD be &lt;registration-required/&gt;.</li>
      <li class="" style="">If
the receiving entity will not process the suggested action(s) because
the sending entity is not in the receiving entity's roster, the
receiving entity MUST return an error to the sending entity, which
error SHOULD be &lt;not-authorized/&gt;.</li>
      <li class="" style="">If the receiving entity will not process the suggested action(s) because the sending entity is not trusted (see <a href="#security-trust">Trusted Entities</a>), the receiving entity MUST return an error to the sending entity, which error SHOULD be &lt;forbidden/&gt;.</li>
    </ol>
    <p class="" style="">Naturally,
other IQ errors may be more appropriate; however, if the receiving
entity will not or cannot process the suggested action(s), it MUST
return an error to the sending entity.</p>
  </div>
<h2>6.
       <a name="bizrules" id="bizrules">Business Rules</a></h2>
  <ol start="" class="" style="">
    <li class="" style=""><p class="" style="">The
sending entity or sending application MUST NOT send additions,
deletions, and modifications in the same &lt;x/&gt; element and
&lt;message/&gt; or &lt;iq/&gt; stanza; instead, it SHOULD send
separate stanzas for the additions, deletions, and modifications.</p></li>
    <li class="" style=""><p class="" style="">If
approval is required or recommended regarding more than one item
suggested by the sending entity, the receiving entity SHOULD present
all of the items for approval at the same time or in the same interface.</p></li>
    <li class="" style=""><p class="" style="">If the sending entity is in some sense "trusted" (see <a href="#security-trust">Trusted Entities</a>), then the receiving application MAY skip the approval steps described above.</p></li>
    <li class="" style=""><p class="" style="">The
receiving application SHOULD NOT accept an unreasonable number of
roster items from any one sending entity at one time. Unfortunately, it
can be difficult to determine how many roster items count as
"unreasonable". For example, when a user registers with a gateway, it
is possible that the initial set of roster items may be quite large
(however, note that most existing consumer IM services enforce a limit
of 100 to 150 items in their contact lists). Users who have newly
registered with or been newly created on a server (e.g., within an
organization) may also receive a large set of initial roster items in
order to sync up with shared groups established on the server. However,
after such initialization, the subsequent roster item sets should be
much smaller. In any case, sets of more than 150 or 200 roster items
SHOULD be treated with suspicion, and entities that repeatedly send
such sets SHOULD NOT be trusted.</p></li>
  </ol>
<h2>7.
       <a name="entities" id="entities">Types of Sending Entities</a></h2>
  <p class="" style="">The
foregoing protocol description speaks only of "sending entities" and
does not differentiate between different types of sending entities.
However, it is envisioned that roster items will be sent to receiving
entities by three different kinds of senders:</p>
  <ol start="" class="" style="">
    <li class="" style="">Users of Jabber clients.</li>
    <li class="" style="">Client proxy gateways.</li>
    <li class="" style="">Shared group services.</li>
  </ol>
  <p class="" style="">These are described more completely below.</p>
  <div class="indent"><h3>7.1 <a name="entities-user" id="entities-user">Jabber Users</a></h3>
    <p class="" style="">Roster
item exchange as developed within the early Jabber community and
documented in XEP-0093 was used to send a roster item from one user to
another in a manner more structured than simply typing a third party's
JID in a chat window. This usage is still encouraged. However, if the
sender is a human user and/or the sending application has a primary <span class="ref">Service Discovery</span> category of "client" (e.g., a bot)  [<a href="#nt-id2263230">10</a>],
the sending application SHOULD NOT specify an 'action' attribute other
than "add", the receiving application MAY ignore values of the 'action'
attribute other than "add", and the receiving application MUST prompt a
human user regarding whether to add the suggested item or items to the
user's roster.</p>
  </div>
  <div class="indent"><h3>7.2 <a name="entities-gateway" id="entities-gateway">Gateways</a></h3>
    <p class="" style="">The nature of client proxy gateways (i.e., entities with a service discovery category of "gateway") is specified more fully in <span class="ref" style=""><a href="http://xmpp.org/extensions/xep-0100.html">Gateway Interaction</a></span>  [<a href="#nt-id2263287">11</a>].
Herein we describe how such gateways should use roster item exchange,
and how receiving applications should treat roster items received from
such gateways.</p>
    <p class="" style="">In order to make use of a
gateway's protocol translation service, a user MUST first register with
the gateway. If the gateway advertises support for a service discovery
feature of 'http://jabber.org/protocol/rosterx', then the user's client
SHOULD expect that it may receive roster item suggestions from the
gateway. In order to maintain synchronization between the user's
contact list on a legacy IM service and the user's Jabber roster, the
gateway SHOULD send roster items with an 'action' attribute of "add",
"delete", or "modify" as appropriate, and the receiving application
SHOULD process such roster item suggestions. Such processing MAY occur
automatically (i.e., without the user's approval of each roster item or
batch of roster items) if and only if the receiving application has
explicitly informed the user that it will automatically process roster
items from the gateway. Furthermore, the receiving application SHOULD
periodically verify automatic processing with the user (e.g., once per
session in which the gateway sends roster item suggestions to the user).</p>
  </div>
  <div class="indent"><h3>7.3 <a name="entities-groupservice" id="entities-groupservice">Group Services</a></h3>
    <p class="" style="">There
is a third category of entities that might initiate roster item
exchanges, which we label a "group service" and identify by a <span class="ref">Service Discovery</span>
category of "directory" and type of "group". A group service enables an
administrator to centrally define and administer roster groups so that
they can be shared among a user population in an organized fashion.
Such a service could prove useful in enterprise environments [<a href="#nt-id2263339">12</a>] and other settings where it is
beneficial to synchronize rosters across individuals (e.g., schools,
social networking applications, consumer IM services, and anywhere else
that it is important to build and manage small communities of users).</p>
    <p class="" style="">In
some contexts, an IM server could function as a group service (e.g., if
there is a single server deployed on a small company intranet); in
other contexts, it may make more sense to deploy a standalone group
service (e.g., in a larger or more heterogeneous environment with users
on multiple servers). In both cases, the group service MUST advertise a
service discovery identity of "directory/group" and SHOULD use the
protocol specified herein to communicate changes ("add", "delete", and
"modify") to the relevant shared groups; in addition, a user MUST first
register with the service (either over Jabber via <span class="ref" style=""><a href="http://xmpp.org/extensions/xep-0077.html">In-Band Registration</a></span>  [<a href="#nt-id2263438">13</a>]
or out of band, e.g., via the web) or be otherwise provisioned to use
the service (e.g., by a system administrator) before accepting roster
item suggestions from the service.</p> 
    <p class="" style="">If the
user has registered with a group service or been otherwise provisioned
to use a group service, the receiving application SHOULD process roster
item suggestions received from the service. Such processing MAY occur
automatically (i.e., without the user's approval of each roster item or
batch of roster items) if and only if the receiving application has
explicitly informed the user that it will automatically process roster
items from the service. Furthermore, the receiving application SHOULD
periodically verify automatic processing with the user (e.g., once per
session in which the service sends roster item suggestions to the user).</p>
  </div>
<h2>8.
       <a name="security" id="security">Security Considerations</a></h2>
  <div class="indent"><h3>8.1 <a name="security-trust" id="security-trust">Trusted Entities</a></h3>
    <p class="" style="">A
principal (user) or receiving application MAY establish a list of
trusted entities from which roster item exchanges are processed
automatically, i.e., without explicit approval by a human user. In
order to avoid corruption of the roster, it is STRONGLY RECOMMENDED
that such trusted entities be limited to gateways and group services as
defined above. In addition, the receiving application SHOULD
periodically verify such automatic processing with the principal, e.g.,
once per session in which the trusted entity sends roster item
suggestions to the user.</p>
  </div>
  <div class="indent"><h3>8.2 <a name="security-dos" id="security-dos">Denial of Service</a></h3>
    <p class="" style="">A
sending entity could effectively deny service to the receiving entity
by rapidly and repeatedly sending (1) alternating add and delete
suggestions or (2) modify suggestions, thus invoking throttling
mechanisms enforced by the receiving entity's server. The receiving
application SHOULD guard against this by monitoring roster item
exchanges received from each sending entity and refusing or ignoring
roster item exchanges from offending entities (e.g., by adding such
entities to a list of distrusted entities).</p>
  </div>
  <div class="indent"><h3>8.3 <a name="security-support" id="security-support">Advertising Support</a></h3>
    <p class="" style="">A receiving application MAY refuse to advertise its support for the roster item exchange protocol (see the <a href="#disco">Service Discovery</a> section of this document) to entities that that are (1) not explicitly trusted or (2) explicitly distrusted.</p>
  </div>
<h2>9.
       <a name="iana" id="iana">IANA Considerations</a></h2>
  <p class="" style="">This document requires no interaction with the <span class="ref" style=""><a href="http://www.iana.org/">Internet Assigned Numbers Authority (IANA)</a></span>  [<a href="#nt-id2263540">14</a>].</p>
<h2>10.
       <a name="registrar" id="registrar">XMPP Registrar Considerations</a></h2>
  <div class="indent"><h3>10.1 <a name="registrar-ns" id="registrar-ns">Protocol Namespaces</a></h3>
    <p class="" style="">The <span class="ref" style=""><a href="http://xmpp.org/registrar/">XMPP Registrar</a></span>  [<a href="#nt-id2263591">15</a>] includes 'http://jabber.org/protocol/rosterx' in its registry of protocol namespaces.</p>
  </div>
  <div class="indent"><h3>10.2 <a name="registrar-disco" id="registrar-disco">Service Discovery Identities</a></h3>
    <p class="" style="">The XMPP Registrar includes a <span class="ref">Service Discovery</span> type of "group" under the "directory" category in its registry of service discovery identities.</p>
  </div>
<h2>11.
       <a name="schema" id="schema">XML Schema</a></h2>
  <p class="caption"></p><div class="indent"><pre>&lt;?xml version='1.0' encoding='UTF-8'?&gt;

&lt;xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='http://jabber.org/protocol/rosterx'
    xmlns='http://jabber.org/protocol/rosterx'
    elementFormDefault='qualified'&gt;

  &lt;xs:annotation&gt;
    &lt;xs:documentation&gt;
      The protocol documented by this schema is defined in
      XEP-0144: http://www.xmpp.org/extensions/xep-0144.html
    &lt;/xs:documentation&gt;
  &lt;/xs:annotation&gt;

  &lt;xs:element name='x'&gt;
    &lt;xs:complexType&gt;
      &lt;xs:sequence&gt;
        &lt;xs:element ref='item' minOccurs='1' maxOccurs='unbounded'/&gt;
      &lt;/xs:sequence&gt;
    &lt;/xs:complexType&gt;
  &lt;/xs:element&gt;

  &lt;xs:element name='item'&gt;
    &lt;xs:complexType&gt;
      &lt;xs:sequence&gt;
        &lt;xs:element name='group' type='xs:string' minOccurs='0' maxOccurs='unbounded'/&gt;
      &lt;/xs:sequence&gt;
      &lt;xs:attribute name='action' use='optional'&gt;
        &lt;xs:simpleType&gt;
          &lt;xs:restriction base='xs:NCName' default='add'&gt;
            &lt;xs:enumeration value='add'/&gt;
            &lt;xs:enumeration value='delete'/&gt;
            &lt;xs:enumeration value='modify'/&gt;
          &lt;/xs:restriction&gt;
        &lt;/xs:simpleType&gt;
      &lt;/xs:attribute&gt;
      &lt;xs:attribute name='jid' type='xs:string' use='required'/&gt;
      &lt;xs:attribute name='name' type='xs:string' use='optional'/&gt;
    &lt;/xs:complexType&gt;
  &lt;/xs:element&gt;

&lt;/xs:schema&gt;
  </pre></div>
<hr><a name="appendices" id="appendices"></a><h2>Appendices</h2><hr><a name="appendix-docinfo" id="appendix-docinfo"></a><h3>Appendix A: Document Information</h3><p class="indent">
            Series: <a href="http://www.xmpp.org/extensions/">XEP</a><br>
            Number: 0144<br>
            Publisher: <a href="http://xmpp.org/xsf/">XMPP Standards Foundation</a><br>
            Status: 
            <a href="http://www.xmpp.org/extensions/xep-0001.html#states-Draft">Draft</a><br>
            Type:
            <a href="http://www.xmpp.org/extensions/xep-0001.html#types-Standards%20Track">Standards Track</a><br>
            Version: 1.0<br>
            Last Updated: 2005-08-26<br>
                Approving Body: <a href="http://www.xmpp.org/council/">XMPP Council</a><br>Dependencies: XMPP Core, XMPP IM<br>Supersedes: XEP-0093<br>
                Superseded By: None<br>
            Short Name: rosterx<br>
        Schema: &lt;<a href="http://www.xmpp.org/schemas/rosterx.xsd">http://www.xmpp.org/schemas/rosterx.xsd</a>&gt;<br>
              Source Control: 
                <a class="standardsButton" href="http://svn.xmpp.org:18080/browse/XMPP/trunk/extensions/xep-0144.xml">HTML</a>&nbsp;
                <a class="standardsButton" href="http://svn.xmpp.org:18080//changelog/%7Erss/XMPP/trunk/extensions/xep-0144.xml/rss.xml">RSS</a></p><hr><a name="appendix-authorinfo" id="appendix-authorinfo"></a><h3>Appendix B: Author Information</h3><div class="indent"><h3>Peter Saint-Andre</h3><p class="indent">
        JabberID: 
        <a href="xmpp:stpeter@jabber.org">stpeter@jabber.org</a><br>
        URI: 
        <a href="https://stpeter.im/">https://stpeter.im/</a><br></p></div><hr><a name="appendix-legal" id="appendix-legal"></a><h3>Appendix C: Legal Notices</h3><div class="indent"><h4>Copyright</h4>This XMPP Extension Protocol is copyright © 1999 - 2009 by the <a href="http://xmpp.org/">XMPP Standards Foundation</a> (XSF).<h4>Permissions</h4>Permission
is hereby granted, free of charge, to any person obtaining a copy of
this specification (the "Specification"), to make use of the
Specification without restriction, including without limitation the
rights to implement the Specification in a software program, deploy the
Specification in a network service, and copy, modify, merge, publish,
translate, distribute, sublicense, or sell copies of the Specification,
and to permit persons to whom the Specification is furnished to do so,
subject to the condition that the foregoing copyright notice and this
permission notice shall be included in all copies or substantial
portions of the Specification. Unless separate permission is granted,
modified works that are redistributed shall not contain misleading
information regarding the authors, title, number, or publisher of the
Specification, and shall not claim endorsement of the modified works by
the authors, any organization or project to which the authors belong,
or the XMPP Standards Foundation.<h4>Disclaimer of Warranty</h4><span style="font-weight: bold;">##
NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including,
without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
In no event shall the XMPP Standards Foundation or the authors of this
Specification be liable for any claim, damages, or other liability,
whether in an action of contract, tort, or otherwise, arising from, out
of, or in connection with the Specification or the implementation,
deployment, or other use of the Specification. ##</span><h4>Limitation of Liability</h4>In
no event and under no legal theory, whether in tort (including
negligence), contract, or otherwise, unless required by applicable law
(such as deliberate and grossly negligent acts) or agreed to in
writing, shall the XMPP Standards Foundation or any author of this
Specification be liable for damages, including any direct, indirect,
special, incidental, or consequential damages of any character arising
out of the use or inability to use the Specification (including but not
limited to damages for loss of goodwill, work stoppage, computer
failure or malfunction, or any and all other commercial damages or
losses), even if the XMPP Standards Foundation or such author has been
advised of the possibility of such damages.<h4>IPR Conformance</h4>This
XMPP Extension Protocol has been contributed in full conformance with
the XSF's Intellectual Property Rights Policy (a copy of which may be
found at &lt;<a href="http://xmpp.org/extensions/ipr-policy.shtml">http://xmpp.org/extensions/ipr-policy.shtml</a>&gt; or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).</div><hr><a name="appendix-xmpp" id="appendix-xmpp"></a><h3>Appendix D: Relation to XMPP</h3><p class="indent">The
Extensible Messaging and Presence Protocol (XMPP) is defined in the
XMPP Core (RFC 3920) and XMPP IM (RFC 3921) specifications contributed
by the XMPP Standards Foundation to the Internet Standards Process,
which is managed by the Internet Engineering Task Force in accordance
with RFC 2026. Any protocol defined in this document has been developed
outside the Internet Standards Process and is to be understood as an
extension to XMPP rather than as an evolution, development, or
modification of XMPP itself.</p><hr><a name="appendix-discuss" id="appendix-discuss"></a><h3>Appendix E: Discussion Venue</h3><p class="indent">The primary venue for discussion of XMPP Extension Protocols is the &lt;<a href="http://mail.jabber.org/mailman/listinfo/standards">standards@xmpp.org</a>&gt; discussion list.</p><p class="indent">Discussion on other xmpp.org discussion lists might also be appropriate; see &lt;<a href="http://xmpp.org/about/discuss.shtml">http://xmpp.org/about/discuss.shtml</a>&gt; for a complete list.</p><p class="indent">Errata may be sent to &lt;<a href="mailto:editor@xmpp.org">editor@xmpp.org</a>&gt;.</p><hr><a name="appendix-conformance" id="appendix-conformance"></a><h3>Appendix F: Requirements Conformance</h3><p class="indent">The following requirements keywords as used in this document are to be interpreted as described in <a href="http://www.ietf.org/rfc/rfc2119.txt">RFC 2119</a>:
"MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD",
"RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".</p><hr><a name="appendix-notes" id="appendix-notes"></a><h3>Appendix G: Notes</h3><div class="indent"><p><a name="nt-id2251511" id="nt-id2251511">1</a>. RFC 2779: A Model for Presence and Instant Messaging &lt;<a href="http://tools.ietf.org/html/rfc2779">http://tools.ietf.org/html/rfc2779</a>&gt;.</p><p><a name="nt-id2251676" id="nt-id2251676">2</a>. RFC 3921: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence &lt;<a href="http://tools.ietf.org/html/rfc3921">http://tools.ietf.org/html/rfc3921</a>&gt;.</p><p><a name="nt-id2251703" id="nt-id2251703">3</a>. XEP-0093: Roster Item Exchange &lt;<a href="http://xmpp.org/extensions/xep-0093.html">http://xmpp.org/extensions/xep-0093.html</a>&gt;.</p><p><a name="nt-id2251730" id="nt-id2251730">4</a>.
The Standards SIG is a standing Special Interest Group devoted to
development of XMPP Extension Protocols. The discussion list of the
Standards SIG is the primary venue for discussion of XMPP protocol
extensions, as well as for announcements by the XMPP Extensions Editor
and XMPP Registrar. To subscribe to the list or view the list archives,
visit &lt;<a href="http://mail.jabber.org/mailman/listinfo/standards/">http://mail.jabber.org/mailman/listinfo/standards/</a>&gt;.</p><p><a name="nt-id2251653" id="nt-id2251653">5</a>.
The default value of the 'action' attribute is "add"; therefore, if the
'action' attribute is not included or the receiving application does
not understand the 'action' attribute, the receiving application MUST
treat the item as if the value were "add".</p><p><a name="nt-id2262769" id="nt-id2262769">6</a>. XEP-0030: Service Discovery &lt;<a href="http://xmpp.org/extensions/xep-0030.html">http://xmpp.org/extensions/xep-0030.html</a>&gt;.</p><p><a name="nt-id2262795" id="nt-id2262795">7</a>. XEP-0115: Entity Capabilities &lt;<a href="http://xmpp.org/extensions/xep-0115.html">http://xmpp.org/extensions/xep-0115.html</a>&gt;.</p><p><a name="nt-id2262856" id="nt-id2262856">8</a>.
If the receiving entity has more than one available resource, the
sending application SHOULD communicate with the "most available"
resource according its best estimation (e.g., the resource with the
highest priority).</p><p><a name="nt-id2262953" id="nt-id2262953">9</a>. RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core &lt;<a href="http://tools.ietf.org/html/rfc3920">http://tools.ietf.org/html/rfc3920</a>&gt;.</p><p><a name="nt-id2263230" id="nt-id2263230">10</a>. See &lt;<a href="http://www.xmpp.org/registrar/disco-categories.html#client">http://www.xmpp.org/registrar/disco-categories.html#client</a>&gt;.</p><p><a name="nt-id2263287" id="nt-id2263287">11</a>. XEP-0100: Gateway Interaction &lt;<a href="http://xmpp.org/extensions/xep-0100.html">http://xmpp.org/extensions/xep-0100.html</a>&gt;.</p><p><a name="nt-id2263339" id="nt-id2263339">12</a>.
For example, when Alice is hired by the marketing department of Big
Company Enterprises, it makes sense for her to automatically have the
other members of the marketing department in her roster the first time
she logs in, and for the rest of the marketing department to have Alice
in their rosters as soon as her account has been set up. Similarly,
when Bob in logistics gets fired, it makes sense for him to disappear
from the rosters of everyone else in the logistics department.</p><p><a name="nt-id2263438" id="nt-id2263438">13</a>. XEP-0077: In-Band Registration &lt;<a href="http://xmpp.org/extensions/xep-0077.html">http://xmpp.org/extensions/xep-0077.html</a>&gt;.</p><p><a name="nt-id2263540" id="nt-id2263540">14</a>.
The Internet Assigned Numbers Authority (IANA) is the central
coordinator for the assignment of unique parameter values for Internet
protocols, such as port numbers and URI schemes. For further
information, see &lt;<a href="http://www.iana.org/">http://www.iana.org/</a>&gt;.</p><p><a name="nt-id2263591" id="nt-id2263591">15</a>.
The XMPP Registrar maintains a list of reserved protocol namespaces as
well as registries of parameters used in the context of XMPP extension
protocols approved by the XMPP Standards Foundation. For further
information, see &lt;<a href="http://xmpp.org/registrar/">http://xmpp.org/registrar/</a>&gt;.</p></div><hr><a name="appendix-revs" id="appendix-revs"></a><h3>Appendix H: Revision History</h3><div class="indent"><h4>Version 1.0 (2005-08-26)</h4><div class="indent">Per a vote of the Jabber Council, advanced status to Draft. (psa)
    </div><h4>Version 0.6 (2005-07-28)</h4><div class="indent">Incorporated
Council feedback: specified that a body MAY be included when sending a
message stanza; changed prohibition on mixing of additions, deletions,
and modifications from SHOULD NOT to MUST NOT; clarified status of bots
as sending entities. (psa) </div><h4>Version 0.5 (2005-07-26)</h4><div class="indent">Reverted roster item deletion changes. (psa)
    </div><h4>Version 0.4 (2005-07-21)</h4><div class="indent">Simplified processing of roster item deletions. (psa)
    </div><h4>Version 0.3 (2004-10-27)</h4><div class="indent">Clarified
the nature of sending entities (users, gateways, and group services);
specified "directory/group" service discovery identity for shared group
services. (psa) </div><h4>Version 0.2 (2004-10-04)</h4><div class="indent">Further defined the nature of trusted entities. (psa)
    </div><h4>Version 0.1 (2004-09-29)</h4><div class="indent">Initial version. (psa)
    </div><h4>Version 0.0.2 (2004-09-22)</h4><div class="indent">To address Council feedback, added text about service discovery and choice of stanza type (message or IQ). (psa)
    </div><h4>Version 0.0.1 (2004-09-16)</h4><div class="indent">Forked
XEP-0093 by adding the action attribute, defining requirements and use
cases, specifying processing rules, and detailing security
considerations. (psa) </div></div><hr><p>END</p></body></html>