powered by Jive Software

Major service issues caused by Migrate Private XML storage data to PEP

OF-1515: In this ticket the following was changed

Openfire Private XML Storage (https://xmpp.org/extensions/xep-0049.html) to keep private data like Bookmarks (https://xmpp.org/extensions/xep-0048.html) as the preferred way of handling private data,

And subsequently Private storage was removed altogether from OF 4.4

There are other types of usage of Private data (other than bookmarks) that were allowed for LDAP and non-LDAP users up to version OF 4.2 but now it is no longer workable.

e.g How will this work in the case of anonymous users?
or local users (not in LDAP) but have valid JIDs?

The Private storage via PEP service currently is not equivalent to old method of private Storage because the new PrivateStorage through PEP service does not support data for users who are not already registered on Openfire, and throws an exception:

Request must be initiated by a local, registered user, but is not: < end user JID >

and that is a major blocker for us when switching to the new service in OF later than Release 4.2 and above.

We need both types of users: local end users (who have valid JID but don’t need to login to openfire) and still have the use of Private Storage (as in previous versions of Openfire)…
as well as Openfire LDAP users (Authorised Agent users - who can make commands on behalf of such end users).

Just to add - to allay any security concerns, in this use-case it is a valid component component that creates the Private Storage entries for all users (whether registered or local only)
Private storage is accessed by registered users (agent users) only. local users cannot access the private storage (as they can’t create a session)

In PUBSUB node creation the creator/requester can be different from the end-user but for PEP nodes the requester and end-user are one and the same – because there is only one parameter in the API that can be passed.