Re: [Stox] AD Evaluation of draft-ietf-stox-7248bis-05

Peter Saint-Andre <stpeter@stpeter.im> Sun, 28 August 2016 18:25 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 893E212B008; Sun, 28 Aug 2016 11:25:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EfAAJWFoHm_m; Sun, 28 Aug 2016 11:25:22 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4A16B12B018; Sun, 28 Aug 2016 11:25:22 -0700 (PDT)
Received: from aither.local (unknown [73.34.202.214]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 276E7F0748; Sun, 28 Aug 2016 12:27:55 -0600 (MDT)
To: Ben Campbell <ben@nostrum.com>
References: <CC605F0B-9B8E-4FE0-9DEC-79A3E1162ED5@nostrum.com> <56036577.3000204@andyet.net> <1794408B-8BE1-4F24-8A26-F40B1A0804EF@nostrum.com> <5609F9D5.2080306@andyet.net> <BD08A7FA-9722-4444-B5B7-3640D4AC2D56@nostrum.com> <56EF2815.8050407@stpeter.im> <57221AA1.5000609@stpeter.im> <B6D0869C-3E60-425E-827F-66A6BD8C6DA8@nostrum.com> <29063029-3EC9-476A-A8CA-2EF7B6BA9984@stpeter.im> <57225AAF.8060007@stpeter.im> <FBCF24A9-9E39-4A6D-970D-49C6E0EFE4F9@nostrum.com> <57460522.4030600@stpeter.im> <4BE36129-280C-475C-9C5A-6E9D0D770D90@nostrum.com> <ee5c285c-5176-4646-c333-990d52892d0f@stpeter.im> <FDB1F3C9-8987-4BBE-A10A-3B18EFBE4765@nostrum.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
Message-ID: <95291a74-8f87-ea83-bdd9-d4d651f69116@stpeter.im>
Date: Sun, 28 Aug 2016 12:25:19 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <FDB1F3C9-8987-4BBE-A10A-3B18EFBE4765@nostrum.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stox/nfRskLDlYs7Qx8Ob8sPAqweKhms>
Cc: stox@ietf.org, draft-ietf-stox-7248bis.all@ietf.org
Subject: Re: [Stox] AD Evaluation of draft-ietf-stox-7248bis-05
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stox/>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 18:25:23 -0000

I think this thread has devolved into a long series of apologies. :-)

More comments inline to help us get this finished!

On 8/12/16 2:18 PM, Ben Campbell wrote:
> My turn to apologize for the delay. This draft seem especially prone to
> falling through my task list cracks.
>
> Some more comments and questions inline:
>
>
> On 21 Jun 2016, at 21:44, Peter Saint-Andre wrote:
>
>> Hi Ben, thanks for your comments. My apologies for the delayed reply.
>>
>> On 6/9/16 4:37 PM, Ben Campbell wrote:
>>> Hi Peter,
>>>
>>>
>>> I have a couple of questions about the implications of the new "presence
>>> authorization" concept, and a couple of editorial nits. Otherwise, I
>>> think this is ready for IETF last call. It might make sense to go ahead
>>> with the last call, and address these with any last call comments--but
>>> I'd like to have an initial round of conversation about the presence
>>> authorization first.
>>>
>>> - in 5.2.3, whose "authorization" is canceled?
>>
>> The use cases in §5.2 originate on the XMPP side and the use cases in
>> §5.3 originate on the SIP side, so §5.2.3 describes what happens when
>> the XMPP user no longer wishes to receive presence notifications from
>> the SIP contact.
>
> This makes me think the abstraction is still not quite right. From the
> SIP perspective, this flow does not cancel an authorization to receive
> presence. It merely stops notifications. If the XMPP were to resubscribe
> later, the SIP presence server would probably just restart
> notifications. It would consider the watcher to be authorized based on
> existing authorization policy. That policy doesn't go away just because
> the watcher unsubscribed.
>
> Basically the state that says "Juliet is allowed to see Romeo's
> presence" is long lived. It's independent from the state that says
> "Juliet currently wants to receive notification of changes in Romeo's
> presence".  It's possible the server will expire that policy after some
> time, but that would be completely proprietary.  Otherwise, the
> authorization only goes away when and if the _SIP_ user removes it, for
> example using XCAP.
>
> So at the risk of rehashing old coversations, I think we've got the
> following bits of state:
>
> XMPP:
> - Watcher is subscribed - long lived, means the same as "watcher is
> authorized".
>
> - Watcher wants notifications - Short lived for duration of the
> watcher's XMPP connection to his XMPP server. Requires "watcher is
> subscribed" to be true.
>
> SIP:
> - Watcher is subscribed - Short lived (soft state). Means watcher wants
> notifications. Requires "Watcher is authorized" to be true.
>
> - Watcher is authorized - Long lived.  Controlled by presentity. If no
> policy already exists, decision triggered by a watcher's attempt to
> subscribe.

In XMPP, if the user sends <presence type='unsubscribe'/> to the contact 
then the user-as-watcher will no longer be subscribed to the contact's 
presence and the contact's server will remove the user's authorization. 
If the user wants to be authorized again, the user will have to send 
<presence type='subscribe'/> again.

So I think that the protocol flow in §5.2.3 actually does what you want 
it to do, but that my phrasing "no longer wishes to receive presence 
notifications" confused you - it actually means that the XMPP user no 
longer wishes to have an authorization to see the SIP contact's presence.

>>> If the SIP contact has a
>>> reciprocal subscription back to the xmpp contact’s presence, is that
>>> impacted by this unsubscribe action?
>>
>> It shouldn't be, because we're not assuming that authorization to
>> receive presence notifications needs to be bidirectional. So this flow
>> results in the XMPP user (here, Juliet) no longer receiving presence
>> notifications from the SIP contact (here, Romeo); however, Romeo can
>> still happily receive presence notifications from Juliet.
>
> Okay, then I think we are good here.

Shall I add a brief note clarification on this point? If you had to ask 
the question, implementers might, too.

>>> Or is the SIP user expected to
>>> remove the authorization for the xmpp user to see her presence info?
>>
>> Romeo would also need to inform Juliet that he no longer wishes to
>> receive presence notifications from her, i.e., he would need to
>> complete the flow in §5.3.3.
>>
>> I can see that the phrasing in §5.2.3 and §5.3.3 is confusing, i.e.:
>>
>>   5.2.3
>>
>>     cancelling an XMPP user's presence authorization to a SIP contact
>>
>>   5.3.3
>>
>>     cancel the presence authorization
>>
>> That wording doesn't make the directionality clear. I'll rephrase
>> these sentences to clarify matters.
>
> That would help.

Will do.

>>> - in 5.3.1, I _think_ the flow creates both an authorization and a
>>> notification dialog.
>>
>> To prevent confusion, we're now using the term "notification dialog"
>> for SIP->XMPP and "presence authorization" for XMPP->SIP. When you say
>> "authorization" here, are you referring to a presence authorization
>> from the XMPP user to the SIP user? If so, how would the notification
>> dialog from the SIP user to the XMPP trigger that? If not, then let's
>> make sure we're on the same page about what's happening here.
>
> I'm not entirely sure what "authorization from the XMPP user to the SIP
> user means". Would it make sense to say "authorization to allow the SIP
> user to receive the XMPP user's presence"?

Yes, that's what my clunky phrasing was intended to capture.

>> (Yes, I know, presence state machines are horribly complicated!)
>
> Yep. And differently shaped between the two protocols.
>
>>
>>> If the SIP user unsubscribes, and resubscribes
>>> (that is, tears down the notification dialog and creates a new one),
>>
>> That is, completes the flow in §5.3.1, then completes the flow in
>> §5.3.3, then initiates the flow in §5.3.1 again - correct?
>
> Yes.
>
>>
>>> is
>>> there any difference in the flow due to the fact the XMPP server has
>>> authorization state for the SIP user? (Would F29 and F30 still happen?)
>>
>> You are correct - the XMPP server would still consider the SIP user to
>> be authorized, and so it would not prompt the XMPP client for approval
>> of an authorization request. See §3.1.3, point #2, of RFC 6121.
>
> So trying to avoid any terms we've previously used to avoid preconceived
> confusion:
>
> It sounds like, for both directions, the bit of state that means the
> "watcher currently gets notices of presence changes" and the bit of
> state that means "the watcher is _allowed_ to get presence information"
> seem separate for both protocols.
>
> Would it make sense to talk about a "notification session" that is short
> lived, and a "presence authorization"? Or is "session" too loaded?

I like that terminology. Let me see if working it in clarifies the 
situation.

Peter