Subscriptions, affiliations, and access models
When users create pubsub nodes (or update their configuration later), they have the ability to set permissions for the node. These permissions allow them to control who can subscribe to a node, and once they are subscribed, what their affiliation will be, for example, read-only, publish, and so on.
The pubsub specification defines a set of access models by default, ranging from most restricted to least restricted:
- Whitelist: Only a specific set of JIDs will be allowed to successfully subscribe to the node
- Authorize: When a subscription request is made, the owner must manually approve it
- Roster: If the user is contained within a specific roster group, then they will be allowed to subscribe
- Presence: Only JIDs with an allowed presence subscription may be allowed to subscribe to the node
- Open: Anyone can subscribe to the node and will be automatically approved
So it would seem that the storm-updates node was created with an open access model (since we...
