Merge 13b35879a0 into e9f0f31d27
Johannes Marbach
2 days ago
committed by
GitHub
commit
1367ff3ca6
@ -0,0 +1,137 @@
|
||||
# MSC4300: Requesting and reporting event processing status
|
||||
|
||||
Matrix allows clients to exchange both built-in and custom events with other clients in rooms. There
|
||||
is, however, no way for a client to understand if the events it sent were actually understood by
|
||||
other clients or not. This is problematic as a compatibility mismatch means that the recipient user
|
||||
might only be able to see a fallback representation of an event or, in the worst case, nothing at
|
||||
all. At the same time, the sender is left wholly unaware of the recipient's experience.
|
||||
|
||||
These problems are aggravated when one or both of the participating clients are an automated system
|
||||
(a.k.a. bot) which cannot easily issue or respond to generic "Did you see my message?" questions.
|
||||
|
||||
The present proposal partially addresses this problem by defining a generic scheme for clients to
|
||||
request and receive an explicit processing status for events from other clients.
|
||||
|
||||
## Proposal
|
||||
|
||||
A new content block `m.request.status` is introduced to request a processing status from other
|
||||
clients when sending events. It has the following properties in `content`:
|
||||
|
||||
- `from_device` (required, string): The sending device's device ID. Allows recipients to optionally
|
||||
submit their responses privately via to-device messages in the future.
|
||||
- `lifetime` (integer): The duration in milliseconds during which the sender will consider responses
|
||||
to this request. Prevents meaningless delayed responses when new or previously disconnected
|
||||
devices encounter requests on older events.
|
||||
|
||||
Clients MAY add `m.request.status` as a top-level property in `content` on any event they send.
|
||||
|
||||
``` json5
|
||||
{
|
||||
"type": "m.pizza",
|
||||
"event_id": "$1",
|
||||
"content": {
|
||||
"m.request.status": {
|
||||
"from_device": "RJYKSTBOIE",
|
||||
"lifetime": 90000, // 90s
|
||||
},
|
||||
// properties specific to m.pizza
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Clients that receive events containing `m.request.status` content blocks MAY respond to them with a
|
||||
new room event type `m.response.status`. The latter contains an `m.reference` relation pointing to
|
||||
the original event as well as an `m.response.status` content block with the following properties:
|
||||
|
||||
- `from_device` (required, string): The sending device's device ID. Helps clients identify the
|
||||
remote echo of their own responses.
|
||||
- `status` (required, string, one of `success`, `error`): Whether the sending device has understood
|
||||
and successfully processed the event.
|
||||
- `messages` (array): An optional array of messages to help recipients understand the `status`.
|
||||
- `type`: (required, string, one of `info`, `warning`, `error`): The message category.
|
||||
- `m.text`: (required, object): The message in one or more textual representations as per
|
||||
[MSC1767].
|
||||
|
||||
The event `content` MAY contain further properties based on the type of the event that is being
|
||||
responded to.
|
||||
|
||||
``` json5
|
||||
{
|
||||
"type": "m.response.status",
|
||||
"content": {
|
||||
"m.response.status": {
|
||||
"from_device": "EIOBTSKYJR",
|
||||
"status": "error",
|
||||
"messages": [{
|
||||
"type": "error",
|
||||
"m.text": [{ "body": "Unknown event type m.pizza" }]
|
||||
}]
|
||||
},
|
||||
"m.relates_to": {
|
||||
"event_id": "$1",
|
||||
"rel_type": "m.reference",
|
||||
},
|
||||
// optional properties specific to m.pizza
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Clients can check whether a request has expired using `lifetime`, `origin_server_ts` and their local
|
||||
clock. Once a request has expired, clients SHOULD refrain from sending `m.response` events
|
||||
themselves and ignore any new `m.response` events received from other clients.
|
||||
|
||||
## Potential issues
|
||||
|
||||
This proposal doesn't strictly define what constitutes successful processing of an event. At a
|
||||
minimum, the meaning of success will depend on the type of event sent and the receiving client. An
|
||||
archival bot, for instance, may have to decrypt and export an event to consider it processed
|
||||
successfully. An instant messaging client for end users, on the other hand, might have to render an
|
||||
event in a way that allows the user to interact with it. The kind of rendering needed will be
|
||||
specific to the type of event in this case.
|
||||
|
||||
It is expected that the mechanism introduced in this proposal will be used as a basis for more
|
||||
specialised features that clearly define the semantics of success. Therefore, this aspect is
|
||||
consciously left unspecified here.
|
||||
|
||||
## Alternatives
|
||||
|
||||
Requests for processing statuses could be sent separately from the event being processed, for
|
||||
instance, via to-device messages. This, however, introduces complexity because now both messages
|
||||
have to be received and decrypted before responses can be sent. It is not clear what benefits, if
|
||||
any, this alternative would have over the solution proposed in the present proposal.
|
||||
|
||||
Instead of sending processing statuses per event, clients could statically advertise the types of
|
||||
events that they are able to understand, for instance, via profiles or state events in a room. This
|
||||
would allow senders to look up recipient capabilities ahead of time but would not allow recipients
|
||||
to communicate back detailed information about their processing status of individual events. As a
|
||||
result, the two mechanisms are not necessarily competing and could also play together.
|
||||
|
||||
Delivery receipts as proposed in [MSC4089] are a partial alternative to this proposal. These
|
||||
receipts only convey receipt and decryption status but not whether the decrypted event was actually
|
||||
understood and processed successfully. Additionally, delivery receipts don't cover the case where an
|
||||
event was received but failed to be processed. Lastly, receipts in their current form also don't
|
||||
support including additional encrypted information about the processing result.
|
||||
|
||||
## Security considerations
|
||||
|
||||
Communicating the processing status via room events leaks metadata by revealing client capabilities
|
||||
to all room participants. This can be mitigated by transporting the status via to-device messages
|
||||
instead. A future proposal may generalise the mechanism introduced here accordingly. Until then,
|
||||
clients are not required to respond to status requests under this proposal and MAY simply ignore
|
||||
them.
|
||||
|
||||
Contrary to the above, persisting processing status responses in timeline events can be necessary in
|
||||
scenarios that require auditability.
|
||||
|
||||
## Unstable prefix
|
||||
|
||||
While this MSC is not considered stable, `m.request.status` and `m.response.status` should be
|
||||
referred to as `de.gematik.msc4300.request.status` and `de.gematik.msc4300.response.status`,
|
||||
respectively.
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
||||
|
||||
[MSC1767]: https://github.com/matrix-org/matrix-spec-proposals/pull/1767
|
||||
[MSC4089]: https://github.com/matrix-org/matrix-spec-proposals/pull/4089
|
||||
Loading…
Reference in New Issue