This is the 2007 Annual Report of the XMPP Standards Foundation (XSF), a non-profit membership organization dedicated to documentation and development of the Extensible Messaging and Presence Protocol (XMPP). The mission of the XSF to build an open, standardized, secure, feature-rich, widely-deployed, decentralized infrastructure for real-time communication and collaboration over the Internet. This report, produced by the XSF Board of Directors, describes the progress achieved toward that goal by the XSF and the broader Jabber/XMPP community in 2007.
XMPP technologies continue to mature and expand. Significant accomplishments in 2007 included:
Detailed information regarding these achievements and other aspects of progress for 2007 are described below.
The XSF's core competency is documentation of the Extensible Messaging and Presence Protocol (contributed in 2002 to the IETF; see the next section) and definition of new XMPP Extension Protocols (XEPs). Because the XSF has been publishing Jabber/XMPP protocols since August 2001, we now have a fairly comprehensive protocol stack with a large installed base of implementations. As a result, we now spend more time maintaining existing specifications than we did several years ago. This is both good (incorporating feedback to make our protocols more secure and easier to implement) and bad (producing fewer XMPP extensions that define new features or address new problem domains). However, the XSF strives to continue working on and advancing appropriate XMPP extensions. To highlight the differences, the following summary of activity within the XSF's standards process divides the work into maintenance of existing standards, advancement of new extensions, and promising experimental work.
2.1 Maintenance of Existing Standards
In 2007 the XSF completed major revisions to two important building block specifications:
XEP-0060: Publish-Subscribe. This large specification was completely overhauled to clarify a number of points. In addition, the specification now also defines integration with instant messaging and presence services so that a normal IM account can function as a virtual publish-subscribe service, thus enabling "personal eventing" features for rich presence and invidualized content syndication (for details, see XEP-0163: Personal Eventing via Pubsub).
XEP-0115: Entity Capabilities. The entity capabilities protocol is a real-time profile of XEP-0030: Service Discovery. Developer feedback revealed that this protocol made it possible for malicious or merely incompetent entities to poison entity capabilities information, and this poisoning attack was observed in the wild. Therefore the protocol was hardened and improved to prevent information poisoning.
In addition, smaller revisions and clarifications were made to protocols such as XEP-0004: Data Forms, XEP-0012: Last Activity, XEP-0045: Multi-User Chat, XEP-0071: XHTML-IM, and XEP-0080: User Location.
2.2 Advancement of New Extensions
In 2007 the XSF completed documentation of XEP-0174: Link-Local Messaging. This specification defines an XMPP-based messaging technology for use on local networks, as pioneered by Apple Computer's iChat client in Bonjour mode and subsequently emulated by a number of open-source clients.
The XSF also advanced to Draft status XEP-0155: Stanza Session Negotiation (a protocol for formally negotiating the exchange of XMPP messages or stanzas between any two endpoints) and XEP-0084: User Avatars (a modern replacement for the older vCard-based avatar technology).
2.3 Experimental Work
Work has continued, albeit more slowly than desired, on finalizing two important XMPP technologies:
XEP-0166: Jingle. The Jingle specifications formalize the multimedia session negotiation technology first defined by Google and deployed in its Google Talk service. Because there are relatively few implementations of the protocol as specified in the relevant XEPs, it has been difficult to obtain feedback on these specifications. However, the protocol is now implemented in the One Laptop Per Child (OLPC) project, several Nokia devices, the Asterisk open-source PBX project, the FreeSWITCH open-source softswitch, and several other emerging projects. Final feedback is being gathered as of the time of this report and the specifications should be advanced to Draft status during Q1 2008.
XEP-0116: Encrypted Sessions. XMPP has long included methods for channel encryption (since 2004 using Transport Layer Security, which superseded Secure Sockets Layer). However, existing technologies for end-to-end encryption have been implemented and deployed less broadly. These technologies include PGP via user keys and S/MIME via client certificates. The XSF has worked on a technology called Encrypted Sessions that is both more appropriate for streaming communication and less user-intensive; indeed, the XSF received a grant from NLnet to accelerate definition and implementation of this technology early in 2007. Unfortunately, despite completing the protocol work and mentoring a Google Summer of Code project implementing Encrypted Sessions in the Gajim client, the XSF was unable to obtain an affordable security review for the relevant specifications or to reach consensus on the desirability of Encrypted Sessions compared to an alternative proposal for an application profile of TLS (code-named "XTLS"). Rather than unduly extend the length of the NLnet project, the XSF Board decided to cancel project and return the initial funds in October 2007. However, the XSF will continue to explore both Encrypted Sessions and XTLS as go-forward technologies for end-to-end encryption of XMPP communications.
In addition, members of the XMPP developer community have been working on a wide range of XMPP extensions, such as whiteboarding, collaborative editing, spam-prevention techniques, and methods for improving the reliability of communication over the XMPP network. The XSF will endeavor to advance several of these efforts to a status of Draft during 2008.
Although the focus of the XMPP community's standardization efforts is the XEP series, the XSF continues to contribute to the Internet Standards Process run by the Internet Engineering Task Force (IETF). These contributions generally fall into four categories:
The following sections provide more detailed information about these activities.
3.1 RFC Updates
In late 2006, the XSF began working on revisions to the core documentation of XMPP: RFC 3920 and RFC 3921. These revisions (rfc3920bis and rfc3921bis) are proceeding at a measured pace so that the XMPP developer community can express its consensus regarding modifications to the fundamental definition of our technology. In general the revisions are limited to corrections, clarifications, and incorporation of feedback from developers who have implemented XMPP since the RFCs were published in October 2004. The XSF plans to complete these revisions in 2008.
3.2 XMPP Applications
Because XMPP is so widely implemented, other working groups within the IETF have expressed an interest in re-using XMPP within other applications. Currently the XSF is contributing to two such efforts:
- XMPP notifications generated by the Sieve email filtering technology.
- Use of the XMPP publish-subscribe extension as a transport for the Atom content syndication format.
The Sieve effort is complete but not yet published and we expect the Atom effort to be completed in 2008.
3.3 XMPP Dependencies
XMPP is dependent upon a number of technologies at lower layers in the protocol stack. Some of these technologies are stable and not liable to change, such as the Transmission Control Protocol (TCP) and the UTF-8 character encoding. Other such technologies have not yet been finalized in the Internet Standards Process; these include:
- Transport Layer Security (TLS), for which version 1.1 was published in 2006 and version 1.2 is currently being finalized.
- The Simple Authentication and Security Layer (SASL), which was last updated in 2006.
- Internationalized Domain Names in Applications (IDNA), which is currently undergoing significant revisions.
Because XMPP depends on these underlying technologies, the XSF closely monitors them, reviews changes to them, and where appropriate provides comments on the relevant IETF discussion lists.
3.4 SIP Mappings
Since XMPP and the Session Initiation Protocol (SIP) are both open standards for signalling, messaging, and presence, it makes sense to clearly define how to map protocol syntax and semantics between them. Working with representatives from companies such as IBM and Ericsson, the XSF has published interworking specifications that cover the mapping of addresses, presence, single messages, one-to-one chat sessions, and media negotiation. Future specifications in this series will cover multi-user text chat, rich presence, device capabilities, geolocation, publish-subscribe, and other features common to both technologies.
The XMPP developer community is large and diverse, containing occasional shareware programmers, active open-source projects, commercial software companies, and everything in between. Although the XMPP Standards Foundation does not directly contribute to any particular codebase that implements XMPP functionality, it recognizes the importance of maintaining a healthy ecosystem of implementations. Toward that end, the XSF hosts twice-yearly developer conferences and also participates in the yearly Google Summer of Code program for students. The XSF may in the future pursue additional opportunities to encourage widespread implementation of XMPP-friendly software, such as core XMPP support in popular programming languages.
In July 2006, the XSF held the first XMPP DevCon coincident with the O'Reilly Open Source Software Convention (OSCON) in Portland, Oregon. The second DevCon was held in February 2007 coincident with the Free and Open Source Software Developers' European Meeting (FOSDEM) and the third DevCon was held in August 2007 coincident with OSCON 2007. These meetings, which each time brought together 10-15 different core developers from Europe and North America, have resulted in interoperability testing, brainstorming of solutions to advanced problems, development of new features, and a stronger developer community. The XSF will continue to hold DevCons twice a year at FOSDEM (Europe) and OSCON (North America) for the foreseeable future.
4.2 Google Summer of Code
The XSF has participated in the Google Summer of Code since its inception in 2004. The 2007 Summer of Code was especially productive because the XSF reduced the number of projects it sponsored and devoted more attention to the projects. A full report is available at <http://blog.xmpp.org/?p=30>.
In early 2007 the XSF initiated a private, online network for interoperability testing, as described at <http://www.xmpp.org/interop/>. This network has seen little use so far. However, the processes and procedures for joining the network have been simplified recently, setting the stage for more intensive online testing in 2008.
One trigger for interoperability testing will be the compliance suites approved by the XMPP Council in mid-2007, since software programs will be approved for advertising compliance with these protocol suites only if they participate in the testing network. The suites are as follows:
In December 2006, the XSF formed an intermediate certification authority (ICA) as one aspect of efforts to improve the security profile of XMPP technologies. Under an agreement with the StartCom certification authority, the ICA issues free digital certificates to administrators of XMPP servers. Through the end of 2007, the ICA had issued over 500 certificates via its website at <http://xmpp.org/ca/>. In December 2007, the XSF renewed its agreement with StartCom, indicating a continued to commitment to information security.
The XSF maintains several server machines that are used to host various services for the Jabber/XMPP community, including the jabber.org and xmpp.org websites, numerous email discussion lists, and the flagship XMPP service that has been running at jabber.org since 1999. This infrastructure is co-located free of charge by United States Secure Hosting Center, several of the machines have been donated by HP, and the xmpp service is supported by Process-one.
In 2002, the XSF worked with law professors Lawrence Lessig and Molly van Houweling to develop an intellectual property rights (IPR) policy that would appropriately reflect the XSF's role in the broader Jabber/XMPP community. In late 2007, members of the free software community notified the XSF that the existing licensing of XMPP Extension Protocol (XEP) specifications prevented text, examples, schemas, code, and pseudo-code in XEPs from being included in free software programs, in particular the Debian distribution of the Linux operating system. The XSF quickly worked to research potential modifications to its IPR policy. After discussion among the XSF Board of Directors, the membership of the XSF, and the Debian community, the XSF settled upon a modified MIT license as appropriate for application to the XEP series. This change was approved by the XSF Board of Directors in early 2008.
As a standards development organization, the XSF does not engage in traditional marketing campaigns. In a way, our best marketing is the widespread deployment of XMPP technologies. However, the following activities are probably best categorized as marketing.
9.1 Conference Presentations
Members of the XMPP Council and XSF Board of Directors have traditionally given talks, tutorials, and other presentations at industry conferences for the purpose of outreach to software developers and organizational decision makers. In 2007 these presentations included:
- FOSDEM 2007 keynote on XMPP security (Peter Saint-Andre)
- OSCON 2007 talk on XMPP security (Peter Saint-Andre)
Under the leadership of Matt Tucker, Chairman of the Board for 2006-2007, the XSF worked with designer Raja Sandhu on an official XMPP logo, which was delivered in late 2007:
The XSF is currently working to incorporate this logo more widely into its website, compliance program, and collateral materials.
The XSF continually updates a roadmap at <http://www.xmpp.org/xsf/roadmap.shtml>, usually on a quarterly basis. The high-priority goals for include:
11.1 Statement of Earnings
In 2007, the XSF had total revenues of $8,000, and total costs of $14,886.90, as follows:
- Administrative Expenses -- $2,289.42
- Infrastucture Costs -- $3,146.40
- Conference Expenses -- $3,851.08
- Code Bounties -- $4,000.00
- Public Relations Fees -- $1,600.00
For more detailed information about the XSF's financial status, please refer to <http://www.xmpp.org/xsf/financialsummary.shtml>.
11.2 Financial Position
As of 2007-12-31, the XSF had total assets of $30.938.26, with no liabilities.
11.3 Tax Status
In 2007, the XSF completed a Form 1023 application for tax-exempt status with the U.S. Internal Revenue Service. This application was approved in September 2007. As a result, contributions to the XSF are now tax-deductible.
Although the XSF does not require significant funding in order to operate successfully, support from several sponsors enables the organization to maintain its server infrastructure and run several small conferences each year.
The membership of the XSF elects a new Board of Directors every year in September. The Board provides business and organizational leadership for the XSF. The following individuals volunteered their time to serve on the Board during the 2006-2007 and 2007-2008 terms.
The membership of the XSF elects a new XMPP Council every year in September. The Council provides technical leadership for the XSF, focusing especially on the review and advancement of XMPP Extension Protocols (XEPs). The following individuals volunteered their time to serve on the Board during the 2006-2007 and 2007-2008 terms.
If you have any feedback about this report or would like further information about the XMPP Standards Foundation, feel free to contact Executive Director Peter Saint-Andre via email or IM at <firstname.lastname@example.org>