It'd help if I attached the actual proposal
nexy7574
6 months ago
parent
97ee792135
commit
0ffae883bf
@ -0,0 +1,91 @@
|
||||
# MS4299: Trusted Users
|
||||
|
||||
Currently, Matrix has a way to assign specific users as "ignored", declaring to both your client and server that you
|
||||
would not like to interact with a given user, and in some situations would not like them to interact with you.
|
||||
However, there is no mechanism to do the inverse - assign specific users as "trusted", even more so define what
|
||||
"trusted" even means. This proposal will aim to tackle both of these issues, while allowing for plenty of
|
||||
expansion in the future as needs of the protocol change.
|
||||
|
||||
## Proposal
|
||||
|
||||
For clarity's sake, the following words are used with the associated context throughout this proposal:
|
||||
|
||||
- Ignored: (users that are ignored OR blocked)[2]
|
||||
- Non-trusted: users who are neither trusted nor ignored (the default state)
|
||||
- Trusted: users who are explicitly added to the trusted users account data object
|
||||
|
||||
While this proposal does not aim to tackle what to *do* with user trust (that's for followup MSCs to define), it lays
|
||||
the foundations for defining that a user can be "trusted" at all.
|
||||
|
||||
Currently, we already have [the ignored users list][1], which allows you to define which users you never want to see.
|
||||
This proposal introduces a "trusted users list", which behaves semantically similarly to the ignored users list,
|
||||
but the inverse. Clients and servers may wish to give "trusted" users special treatment, like they currently do
|
||||
with ignored users. Examples include (but are not limited to) servers filtering invites to only allow trusted users to
|
||||
send them, clients disabling media previews and only enabling them by default for trusted users, only allowing
|
||||
users to initiate calls if the recipient trusts them, and preventing profile fields
|
||||
(display name, avatar, custom fields) being sent to non-trusted users.
|
||||
|
||||
Clients can create an account data entry with the type `m.trusted_users`, with the following format:
|
||||
|
||||
```json
|
||||
{
|
||||
"trusted_users": {
|
||||
"@user1:example.com": {},
|
||||
"@user2:example.com": {}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
This event's content should be an object, whose keys are fully qualified user IDs.
|
||||
Note that here, the objects following the trusted user IDs (hereon referenced as the "trust configuration") are
|
||||
empty objects - this is to allow for namespaced fields to be added by later MSCs to further extend the capabilities
|
||||
of trust.
|
||||
|
||||
An **example** of an extended trust configuration could be:
|
||||
|
||||
```json
|
||||
{
|
||||
"trusted_users": {
|
||||
"@user1:example.com": {
|
||||
"com.example.allow_custom_colours": true
|
||||
},
|
||||
"@user2:example.com": {}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
If a user does not trust any users, their account data would look like `{"trusted_users": {}}`.
|
||||
|
||||
A user **must not** be ignored *and* trusted, they are mutually exclusive states.
|
||||
In the event that there is a desynchronisation between the ignored users account data, and the trusted users
|
||||
account data, the ignored users should take priority over trusted users.
|
||||
Servers *should not* automatically remove trust from users when the client asks to ignore them, nor vice versa.
|
||||
Clients *should*, consequently, attempt to atomically remove trust before attempting to ignore
|
||||
|
||||
## Potential issues
|
||||
|
||||
As this MSC aims to target functionality both in clients and in servers, there are likely to be inconsistencies in
|
||||
the implementations. Hopefully, by not defining any actual uses for trust in this MSC, and instead relying on them
|
||||
being proposed in followup proposals, servers will be able to advertise support for their individual functionalities,
|
||||
and clients will be able to feature-gate appropriately.
|
||||
|
||||
This proposal also has potentially overlapping behaviour with other proposals, see the alternatives section below.
|
||||
|
||||
Due to ignores and trusts being mutually exclusive, there is the risk that they will become desynchronised, and
|
||||
have overlapping entries. As defined above, ignores should take priority over trusts.
|
||||
|
||||
|
||||
## Alternatives
|
||||
|
||||
- [MSC4155](4155) implements invite filtering by defining allowed/ignored/blocked users & servers. The allow function
|
||||
of that proposal has potentially overlapping functionality and semantics with this one, although lacks the future
|
||||
extensibility that this one aims to provide. Contrarily, 4155 could be used to build on top of this one.
|
||||
- Doing away with ignores, and instead only using trusts, and adding the ability to mark a trust as an ignore/untrust,
|
||||
or some other semantically similar meaning. This would be complicated and just generally expensive
|
||||
|
||||
|
||||
## Unstable prefix
|
||||
|
||||
Until this proposal is accepted, implementations should make use of the account data event type
|
||||
`uk.timedout.msc4299.trusted_users`, instead of `m.trusted_users`.
|
||||
|
||||
Loading…
Reference in New Issue