[sr-dev] git:master: xcap_server: support parsing oma pres-rules auid

Iñaki Baz Castillo ibc at aliax.net
Thu Sep 30 13:06:08 CEST 2010


2010/9/30 Daniel-Constantin Mierla <miconda at gmail.com>:
>> IMHO in XCAP all is a security issue. pres-rules and resource-lists
>> document contain absolute HTTP uris refering ot other documents of
>> subnodes in other documents (in same or different XCAP server). If you
>> decide (the provider) to change the domain or migrate from HTTP to
>> HTTPS, then all the documents get corrupted.
>
> Agree. As expressed in previous email, the market didn't show the need for
> external references (to my knowledge so far).

In OMA and RCS (for IMS) specs there are external references. In fact,
most of the XCAP documents contains external references to the
resource-list document.


> If it was me, I would keep the documents on xcap server only with contacts.
> Then each user has its own private contacts list, but there can be kind of
> public (or shared) contacts lists (say: support group, sales, a.s.o). that
> the sip client can download separately and then mixes in its GUI as it
> wants, based on client capabilities and user wishes.

It's not late to think in cool features like that, but so far fom
current SIMPLE specs ;)


> I see xcap as a storage engine, in the way that if I start the same SIP
> client on a different system, it is able to download configuration and
> contact lists. But putting the server to do client jobs is a wrong
> architecture.

The problem is that XCAP is not just a storage engine as storage
actions must trigger logic and complex actions in the XCAP server and
the SIP presence server. And since all those changes are
"modifications to a XML document" in order to re-calculate the logic
to apply it's required that the presence server re-parses and
re-computes all the XML documents (for each change), which is a really
inneficient design.


Regards.



-- 
Iñaki Baz Castillo
<ibc at aliax.net>



More information about the sr-dev mailing list