Trust management of XMPP federation

Deploying an XMPP server requires system security configuration, including firewalls and XMPP security controls. Security threats include DNS spoofing, rogue servers, inadequate authentication/authorization, spambots, etc. An system administrator who understands the threats and their mitigation manages the server configuration. This administrator must also deal with routine requests to update the configuration in order to federate with new XMPP domains. In practice it is non-trivial, time-consuming and costly to get the configuration right. We describe the development of a configuration agent that can automate some of these system administration activities while ensuring that the server is correctly configured and available. The agent is used by individual XMPP servers to (autonomically) configure when and how they should federate to provide end-to-end services. The KeyNote Trust Management system is used by the agent to help manage the trust relationships across the federation and to decide when it is safe to admit a new domain.