XMPP whitelists?
Asked Answered
E

2

13

We have an enterprise installation of QuickBlox (which implements XMPP), and would like to create mirrored accounts for all of our users on our QuickBlox server install. We also want to sync the networks our system's users have created using relationships (eg, "client and provider") that have been built on our system.

In a nutshell, we want to export whitelists that limit chat "opponents" to only those users with whom each of our users already have relationships. If User1 has an existing relationship in our system with User2 and User3 but not User4 through User40, we want to be able to use the QuickBlox API to enforce that within chat by creating a whitelist through the QuickBlox API.

EDIT: We can't use an "honor system" whitelist. That is, the enforcement must be server-side using a method the client cannot circumvent. There must be a hard, unavoidable block between users for privacy concerns.

Use case:

A QuickBlox (or XMPP) server has User1 through User40, inclusive.

User1's whitelist is comprised of [User2, User3] only.

If User1 attempts to contact User15, we want QuickBlox/XMPP to note that User15 is not on User1's whitelist and block that communication as if User1 had bidirectionally blocked that user.

Privacy lists, aka blacklists

I have found places in QB's docs that refer to the XMPP specification docs, and have found the concept of privacy lists, which seem to operate as blacklists:

These only provide two styles of blacklist privacy:

You can choose a type of blocked logic (Privacy List). There are 2 types:

  • Block in one way. You are blocked, but you can write to blocked user.
  • Block in two ways. You are blocked and you also can't write to blocked user.

Server Whitelist (dialog-level, not user)

I've also found documentation on whitelists for servers, which appear to operate at a dialog/jid, not user, level:

Rosters -- "presence" detail only?

There are also rosters, which are close to whitelists, but they do not seem in my testing to restrict communication between any two users that might not be on each other's roster.

That is to say, I haven't set up a roster in my testing application, and users are able to create group and 1-on-1 chat dialogs in spite of not having explicitly accepted any roster requests. In the Android docs, I found the following on rosters: "[A roster] is the collection of users a person receives presence updates for." That's not blocking in any way outside of presence alerts, I don't believe.

Question

Is there a suggested way to create a pessimistic whitelist for each user, which only contain those users with whom communication is allowed? Or are we forced to create and maintain "inverse blacklists", where we automate the creation of privacy lists for every new user blocking every other user and then use the API to remove those with which each user should be able to communicate?

If we do have to use "inverse blacklists", is there a way to have a default blacklist apply to every new user that initially blocks communication with every other user already in our QuickBlox system?

(Again, we can't use "honor system" lists. If the client must request a whitelist to be active before it can be used, can freely discover and then change active whitelists, or if the client can decline to use a list, that's not secure enough.)

Endaendall answered 15/2, 2017 at 14:39 Comment(0)
C
3

XMPP Clients

XMPP clients will need a way to ask another clients if they support receiving pushes via a relay. Since pushes can be sent from anywhere, clients will also be able to send pushes directly to other clients through the relay as long as they have their friend’s whitelist token. They will also need to respond to XMPP server inquiries for whitelist tokens to allow pushes to be sent by the server if a message is sent by a client not supporting direct push.

XMPP Servers

XMPP servers can ask their connected clients if they support push relays and, if so, forward messages they receive to the push relay server when the client is offline. This will require the XMPP server to obtain a whitelist token from the user as well.

Help:see this link

Christychristye answered 24/2, 2017 at 16:53 Comment(1)
I think what you're describing is a push relay system for when users aren't accessing XMPP servers directly. See this quote from that link, eg: "Because this method can bypass the XMPP server entirely, it allows for non-XMPP protocols to participate." Though in a sense, that's the direction I think I'm headed: Overload sendMessage on the QB/XMPP server and handle whitelists yourself. Aka, "XMPP doesn't do whitelists." It does seem (not wholly coincidentally ;^D) like a late 90s/early 00s style chat protocol.Endaendall
C
1

If we are talking about XMPP protocol - there is an ability to block any communications from/to (see example 48)

So, by default, you can set it for each user for example.

Then, if we need to allow to communicate with someone specific, then you can add this user to your privacy list with action=allow and order greater than 'full block'. Here is actually a good example of whitelist implementation via Privacy Lists, see example 8:

and (3) 'special', which allows communications only with three specific entities.

Complacent answered 28/2, 2017 at 16:32 Comment(5)
Don't these options require the client to willingly comply? That is, when sending to a recepient who has not blocked them, if the client wishes, it seems they can ignore these privacy lists. If the client must request a whitelist to be active before it can be used, can freely discover and then change active whitelists, or if the client can decline to use any specific list, that's not a secure, server-enforceable solution.Endaendall
you can have only one privacy list which will be used as 'default' if you do not have others or if you do not mark as active some.Complacent
Thanks, but it still seems a client could refuse to use the active list, even if there was only one. That is, I need a solution where the QuickBlox server forces whitelists on clients. I believe the solution you describe is, ultimately, optional from the point of view of the client.Endaendall
Probably this operation (set active/default lists) has to be allowed only for super admin and disabled for regular API users. As I understand, this is what you need.Complacent
Privacy List is enforced by server, but editable by user. So you will need an XMPP server that gives an option to disable user-editing and disabling of privacy lists. See your XMPP server documentation whether it allows for administrator controlled, enforced privacy lists.Pisarik

© 2022 - 2024 — McMap. All rights reserved.