Report of XMPP Summit #7 and OSCON

As they alternate between Europe and the US, the 7th edition of the XMPP Summit was co-located with OSCON, this time in San Jose, California. I was happy to be able to attend it on again.

Chunked rosters

The first day was used to discuss improvements around the roster protocol. The current roster protocol only allows for getting the full roster in one stanza, and then get incremental updates during the client session. With large contact lists, getting it all in one stanza means that no other communication can take place. Several other protocols in XMPP suffer from this as well. Another issue is that presence subscriptions are managed through presence stanzas, which do not have clear request-response semantics. Finally, it would be useful to store other information in roster items, so-called roster extensions. So we used our time to come up with a new roster protocol that would use iq stanzas for that and also allows for chunking when retrieving the roster. It served as a good mental exercise, but still needs to worked out in more detail.

Other protocols also benefit from this. For example, chunking when requesting the list of previously published items in publish-subscribe would be really helpful. At Mediamatic Lab we are working on making activity visible, through activity streams. To share this over Open-CI, we use the same publish-subscribe protocol.

Server-to-server security with many domains

XMPP Core defines server-to-server transport security using TLS and SASL for authentication. For each pair of domains, two connections are used, one in either direction. For each of those, a TLS session is established. For deployments that only host their own domain, that is not really a problem. On the other hand we have Google Talk and other hosting providers that cater for a whole swath of domains. Between two of those, you would potentially have n*m*2 connections. On top of that, for every domain it hosts, a service provider needs to have the secret key of the associated certificate.

We had a very fruitful discussion on how to use just one connection, or one in each direction, and incrementally prove authority to host the domains. For this, the initial TLS negotiation is done using the certificate of the hosting party, and then attribute certificates, signed by the domain-owning party's certificate, are exchanged. Besides reducing the number of connections, it also allows domain owners to keep full control of their own certificates, while having a hosting provider to host their XMPP services. This work is probably also useful for protocols other than XMPP.

Dinner

The Summit dinner, sponsored by some active members of our community (thanks!) was had while shooting pool. Very nice.

Publish-subscribe in Multi-User Chat

Publish-subscribe protocols are getting more and more popular. Client developers have added support for Personal Eventing for publishing what people are doing (User Activity), listening to (User Tune) and where they are (User Location). But Multi-User Chats work slightly different from user-to-user communication, so we need a good model to facilitate publish-subscribe in these environments, too. We came up with a way to have publish-subscribe nodes administered by the MUC service, that are basically proxies for the real nodes kept by the user, while at the same time allowing for in-room nodes.

Google Wave

A couple of us went on a field trip to the Google Wave Federation event in Mountain View. The federation protocol is based on XMPP, and we wanted to show our support and help out in the protocol discussions. We received a warm welcome and our contributions were well received. The new version of the protocol uses Publish-Subscribe and we suggested using Jingle for exchanging attachments to wavelets. Afterwards, we had dinner with some of the Googlers working on Wave.

OSCON

After the summit the regular OSCON programming kicked off on Wednesday. I attended the keynotes on Wednesday and Thursday and was able to attend a small number of other talks. Of interest were sessions on the Sphinx Search engine we use at Mediamatic and Distributed Source Control using git. I spent quite some time with the Memcached crowd and was able to gain some more insights in queueing systems and general deployment of large scale services though various people I bumped into.

All in all a very nice and productive week. I'm looking forward to next year.