-
marc
Hey, is somebody working on a XEP for user invitation? (see mod_invite of prosody)
-
Flow
marc, MUC invitation? or "roster"? or?
-
Ge0rG
marc: have a look at [xep 379]
-
Flow
I was just about to mention that :)
-
Flow
https://xmpp.org/extensions/xep-0379.html
-
marc
It doesn't create an account on a server, right?
-
marc
It is just for adding a contact to the roster if I understand it correctly
-
marc
mod_invite generates an invitation token and let's an user create an account on a non-public server
-
marc
s/let's/lets
-
marc
Ge0rG, correct? Just noticed that it's your XEP :)
-
Ge0rG
marc: it's right.
-
Ge0rG
marc: I'd like to leverage it for account invitations though
-
Ge0rG
no idea how
-
marc
I'm working on a POC for account invitations and would like to make a XEP for that
-
marc
Invitations are too "complicated" at the moment IMO, at least for the normal "whatsapp user" :)
-
Ge0rG
marc: so true
-
marc
It shouldn' take more than a minute to create an account and start a conversation
-
marc
Is somebody on 34c3 for some hacking? Will there be a XSF/XMPP assembly?
-
Ge0rG
marc: I think so, there should be something in the SCAM section on the wiki
-
marc
Ge0rG, yes, thanks!
-
Ge0rG
marc: https://wiki.xmpp.org/web/34C3
-
jonasw
marc, I agree
-
jonasw
I’d be very interested in your ideas of the flow
-
jonasw
ideally there would be something with a token in the URI which allows users to register immediately with a server from within the client even if the server doesn’t allow registrations otherwise.
-
Ge0rG
what jonasw said.
-
Ge0rG
like a PARS token, but for IBR instead of for presence subscription
-
Ge0rG
bonus points for allowing the token to also function as a PARS
-
jonasw
yupp
-
jonasw
I’d also like to have Pre-Authenticated MUC Join :)
-
jonasw
(for members-only MUCs)
-
Ge0rG
jonasw: what's wrong with mediated invitations?
-
jonasw
when I don’t know the JID yet?
-
Ge0rG
oh
-
Ge0rG
jonasw: any reason why PARS can't do it for MUC join presence?
-
jonasw
Ge0rG, members-only, you’d have to add the user
-
pep.
You'd still have to add the user somehow right? To generate the token
-
jonasw
pep., no, you generate the token and sedn the token to the user via an out-of-band mean. The whole point is that at the time of invitation, the user might not yet have an XMPP account.
-
pep.
Yeah I got that part. nvm I didn't get Ge0rG's sentence in the first place
-
pep.
I'd also be interested in whatever this leads to :)
-
Guus
One day for the deadline to apply for Board and Council. The current candidacy list is to short! If you're interested, please sign up now!
-
Link Mauve
You mean sign up tomorrow?
-
marc
jonasw, done ;)
-
Ge0rG
jonasw [13:38]: > Ge0rG, members-only, you’d have to add the user The user adds the token to the join presence and is added instantly
-
marc
If I have some time these days I'll make a small video of how it works (implemented in Gajim+Conversations)
-
marc
And ejabberd
-
Ge0rG
What's the membership election deadline? I don't want to risk getting kicked out of council because I forgot my membership application
-
Ge0rG
marc: of how what works?
-
marc
Well, still some missing parts and all very hackish but the idea should work very well
-
marc
Ge0rG, the invitation "flow" :D
-
Ge0rG
marc: yay for more "Easy XMPP"!
-
Guus
Ge0rG: November 21st
-
marc
Yes, I would really see "easy xmpp"
- Ge0rG made some videos of PARS back then
-
Ge0rG
marc: that's also a category on the wiki
-
marc
Otherwise XMPP will never be accepted by end-users
-
Ge0rG
marc: that's what I'm saying for years now
-
marc
Ge0rG, I guess you'll help me with my XEP and the implementation then ;)
-
Ge0rG
marc: yes I will.
-
marc
Ge0rG, nice :)
-
Ge0rG
marc: also related https://github.com/ge0rg/easy-xmpp-invitation
-
marc
Ah cool
-
marc
QR codes are nice for invitation, I already use it
-
Ge0rG
marc: I think we can extend the http invitation link with an account creation token that allows you to register on a specific server
-
marc
Yes
-
marc
I already have this somehow
-
marc
Afk, Ge0rG looking forward to work with you on this topic :)
-
Ge0rG
I wish I had more time to actually implement things in yaxim
-
jonasw
Ge0rG, now I get it, right
-
jonasw
requires support by the MUC service
-
jonasw
and PARS needs some more acceptance
-
Ge0rG
jonasw: yes, do you see another way? Additional handshake with the inviting client?
-
jonasw
Ge0rG, no
-
Ge0rG
jonasw: PARS is blocked by lack of private pep storage
-
jonasw
*in prosody
-
Ge0rG
jonasw: in one of the widely deployed OSS servers
-
jonasw
yes
-
jonasw
I’m also not convinced that PEP is the right place for this.
-
jonasw
I mean to push the topic further soon, I’m still lagging behind from vacation.
-
Ge0rG
jonasw: whatever works on prosody 0.10 and will convince daniel is fine with me
-
Ge0rG
jonasw: bonus points for solving MUC and account creation invitations in the same track
-
jonasw
not sure this shouldn’t be different XEPs
-
jonasw
but I think people complained that yet-another-custom-IQ-protocol is not desirabel
-
Ge0rG
jonasw: as opposed to what?
-
jonasw
private PEP
-
Ge0rG
Right
-
jonasw
I re-read the thread from april
-
jonasw
I think the arguments for private PEP are convincing
-
jonasw
(it allows easy client-side handling and server integration at the same time)
-
jonasw
it would be great to have the token in the roster, too.... that’d allow clients to purge all entries created by a certain token
-
Ge0rG
The only issue I have is the "unlimited count" for pars tokens
-
jonasw
unlimited count is fine for me.
-
Ge0rG
I can live with it, and having it in the roster is a great idea
-
jonasw
lovely roster extensions which break things
-
jonasw
#mix
-
jonasw
pity people didn’t follow my suggestion for generic roster extensions
-
jonasw
that would be handy now
-
Ge0rG
I wanted to have some identifier for auto added roster items, the token can well be used for that
-
Flow
jonasw, why roster extensions when you can use private PEP?
-
jonasw
different things
-
Ge0rG
Flow: do you want to duplicate the roster structure in pep?
-
Flow
like a private PEP shadow roster with all you metadata from the extension
-
Flow
Ge0rG, possibly
-
Flow
I'm not 100% decided which approach is better
-
jonasw
Flow, would probably work, yeah. except that you’d really want multiple items in that and PEP services aren’t good at that
-
Flow
but then again, thinks will probably break if you extends the roster
-
Flow
*things
-
jonasw
I doubt that they will
-
Flow
so there is only this approach left
-
jonasw
adding elements in foreign namespaces shouldn’t break things.
-
jonasw
or the approach the MIX people went for
-
jonasw
which is equally bad or even worse
-
Kev
Roster extensions are a sensible thing that we've been talking about for about a decade.
-
jonasw
Kev, why don’t we have them and why is MIX inventing its own probably not really extensible protocol for that?
-
Kev
1) Reasons 2) I'm not sure what you're suggesting as the alternative. MIX is injecting a roster extension.
-
Ge0rG
If we do roster extensions, can't we put MUCs there too?
-
jonasw
Kev, re 2: right, I was confused I think
-
Kev
Off out, back later.
-
Flow
jonasw, I think that it will cause a lot of trouble if clients see entities in the roster but don't understand the metadata found in the extension
-
Flow
or maybe no trouble, but confusion at least
-
jonasw
Flow, right, for PARS tokens it would be irrelevant though
-
Flow
jonasw, probably
-
jonasw
for sure.
-
jonasw
it doesn’t do harm if it’s ignored
-
Ge0rG
Flow: do you think it will also break for normal roster items with extensions, as opposed to things like mix?
-
marc
Ge0rG, my invitation is based on an adhoc command for token generation, the inviter can chosse contacts to be shared
-
marc
these contacts are then added to the roster of the new account
-
jonasw
I am now embarrased that I didn’t think of Ad-Hoc commands.
-
marc
sounds not too complicated to me
-
marc
jonasw, :)
-
jonasw
marc, sounds like a solid approach
-
marc
jonasw, cool, thanks! So I'm going to further improve my POC
-
jonasw
since the account will be on exactly that server, it can of course handle the presence subcsription, no need for PARS
-
jonasw
lovely
-
marc
yes
-
jonasw
marc, I’ll be happy to proof-read things and guide you through the XEP process.
-
marc
and I think there is no privacy implication
-
marc
since the inviter could send the jids to the invitee later as well
-
jonasw
there may be if the token is lost, in the sense that all contact information which was shared server-side is exposed.
-
marc
yes, until the token expires
-
marc
jonasw, thanks for the offer!
-
marc
but even in this case there is only the information that somebody invited an unknown person and shared some contacts
-
Ge0rG
I think all we need is an opaque token, the server can implement any amount of logic when it's passed on
-
marc
well, shared contacts could be disabled by the provider if this is an issue
-
Ge0rG
And we need a robust out of band mechanism to transport it
-
marc
I use XMPP URI and QR codes at the moment
-
marc
works like a charm
-
marc
this enables me in-app invitation
-
marc
as fallback it generates an URL
-
Ge0rG
Maybe contact sharing should be separated
-
Ge0rG
marc: what's the URI format?
-
marc
Ge0rG, well, it's not "defined" but something like xmpp:example.com?account;invite_toke=TOKEN
-
Ge0rG
Sounds reasonable
-
Ge0rG
Could be integrated into the landing page
-
marc
yep, together with the QR code
-
Ge0rG
Might need some information about the inviter, but then that's easy to fake
-
marc
Well, my idea was, if that's required, that the server provides a simple REST API to gather information about the invitation
-
marc
This could be done via the token as well
-
marc
Well, for the landing page, of course
-
marc
Information included in the URI would be nice but could be faked
-
Ge0rG
Invitation links from third party systems are opaque as well, so this is not a priority for me. Having a rest API means we need a way to determine the url from the server name, which is not trivial
-
marc
The landing page and the REST stuff is all optional and out of the scope of this XEP
-
marc
If the landing page web server is implemented in the xmpp server itself, no REST API etc. is needed
-
marc
Just for the case the landing page uses another service like lighttpd
-
Ge0rG
marc: then the ad hoc command needs a way to find out the landing page link
-
jonasw
can simply be returned in the result IIRC
-
Ge0rG
What happens if I send a "chat" message to the full proxy JID of a MIX participant?
-
jonasw
Ge0rG, I think it’d behave just like a message sent to the actual JID of a MIX participant, except that it is relayed through the MIX
-
jonasw
cf. https://xmpp.org/extensions/xep-0369.html#usecase-user-private-messages
-
jonasw
this appears to contains resource locking logic
-
marc
Ge0rG, yes, the landing page is returned by the adhoc command
-
jonasw
marc, how does the signup work?
-
jonasw
in-band or out-of-band?
-
marc
Ge0rG, the result of the adhoc command is a landing page URL (optional) and a token
-
Ge0rG
I'd just do IBR with an additional field stuffed somewhere
-
marc
jonasw, that's not implemented at the moment but I would like to send a field like a captcha
-
jonasw
IBR itself doesn’t really allow for custom fields
-
marc
really? I thought I've read something about it in the XEP
-
jonasw
ah right
-
jonasw
data forms may be used instead
-
jonasw
lovely
-
marc
:)
-
Ge0rG
Am I right that with MIX, a MIX-capable user server needs to keep in memory a list of all participants of all MIXes of all its users, online or offline?
-
jonasw
Ge0rG, why?
-
jonasw
(I don’t think so)
-
jonasw
gotta go