[Twisted-Python] Words.Participant capabilities

Mon Feb 11 18:43:59 EST 2002

On Sun, 2002-02-10 at 23:14, Christopher Armstrong wrote:
> On Mon, 2002-02-11 at 00:06, Kevin Turner wrote:
> > One central question is "Do queries about a participant get answered by
> > the server, or by the participant's client?"
> 
> Let the server handle user-status queries, but let the client tell the
> server how to respond to them.

Does that provide enough flexibility?  Your possible configurations
would be limited by the things the server can think of.  That means you
probably can't program a configuration like "If it's during working
hours and I don't have anything scheduled on my appointment calander and
I don't have a personal chat session with Cindy open and I'm not
listening to my deth metal playlist, then let Ross see my status as
'available'."

> > There's no way for a Words client to determine the online status of
> > another Participant without adding that person to their contact list. 
>
> Let the user-who-is-being-queried specify how they want this to be
> answered.
>
> > More user information.  Should a Words client be able to look up another
> > Participant and maybe find out what their Identity is [...]
>
> Again, let the client specify.

Ok, that at least means "Yes, we need to add this to Participant's
remote interface" for each of those features.

> OK, I'm noticing a pattern here. This "capabilities" issue has been
> popping up a *lot* recently, so maybe some sort of generalized
> "capability system" might crop up out of this (ie, a way to grant or
> deny capabilities between perspectives (or identities?)). something to
> think about.
> 
> > Server descriptions.  The best I've seen is something like
> > self.service.serviceName, which in practice always yields
> > "twisted.words".  
> 
> I'm not sure where you're going with this point,

I just want to stop seeing "welcome to twisted.quux" on whatever service
I sign on to, and instead see something that identifies whose service
I'm connected using.

> I *definitely* don't want to allow clients to get IPs of other clients
> without explicit consent. After living on dalnet for a few years, where
> kiddies DDoS you for looking at them the wrong way, I've been locked
> into this opinion.

You're right about client IPs, I think.  There are only two reasons
those are useful on IRC.  1) to help identify the user, which you have a
hard time doing due to IRC's non-existant authentication 2) DoS
attacks.  Since we'll actually have authentication, reason #1 goes away.

> And the server thing - I don't see any harm, but why
> does it matter?

I can think of two reasons for publishing the server address.  One is
for advertising, you might be thinking "Gee, my server sucks.  What are
other people using?"  The other might be to help track down problems. 
"That server is administered really poorly.  Lets add it to our
blacklist."

> > Away messages and idle times.  Words doesn't have these.  Should it?
> 
> Yeah.