XEP-0045: Members should be allowed to retrieve the member list only …

…in non-anonymous rooms When a room is configured to be semi-anonymous, there clearly is an intent to hide JIDs. In such rooms, members SHOULD NOT be allowed to retrieve the member list (as that list MUST contain the JID of each member).
xsf · Aug 14, 2024 · 4980e28 · 4980e28
1 parent 431a5e0
commit 4980e28
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/xep-0045.xml b/xep-0045.xml
@@ -50,7 +50,12 @@
     <version>1.35.0</version>
     <date>2024-08-14</date>
     <initials>gk</initials>
-    <remark><p>Allow non-owners to retrieve owner and admin lists in non-anonymous rooms.</p></remark>
+    <remark>
+      <ul>
+        <li>Allow non-owners to retrieve owner and admin lists in non-anonymous rooms.</li>
+        <li>Members should be allowed to retrieve the member list only in non-anonymous rooms.</li>
+      </ul>
+    </remark>
   </revision>
   <revision>
     <version>1.34.6</version>
@@ -3485,7 +3490,7 @@
   </query>
 </iq>
 ]]></example>
-    <p>Note: A service SHOULD also return the member list to any occupant in a members-only room; i.e., it SHOULD NOT generate a &forbidden; error when a member in the room requests the member list. This functionality can assist clients in showing all the existing members even if some of them are not in the room, e.g. to help a member determine if another user should be invited. A service SHOULD also allow any member to retrieve the member list even if not yet an occupant.</p>
+    <p>Note: If the room is non-anonymous, a service SHOULD also return the member list to any occupant in a members-only room; i.e., it SHOULD NOT generate a &forbidden; error when a member in such a room requests the member list. This functionality can assist clients in showing all the existing members even if some of them are not in the room, e.g. to help a member determine if another user should be invited. If the room is non-anonymous, a service SHOULD also allow any member to retrieve the member list even if not yet an occupant.</p>
     <p>The service MUST then return the full member list to the admin qualified by the 'http://jabber.org/protocol/muc#admin' namespace; each item MUST include the 'affiliation' and 'jid' attributes and MAY include the 'nick' and 'role' attributes for each member that is currently an occupant.</p>
     <example caption='Service Sends Member List to Admin'><![CDATA[
 <iq from='[email protected]'