From 200147c62a0c66f187836c3bf085ae5b6da162df Mon Sep 17 00:00:00 2001 From: Kegan Dougal Date: Wed, 13 Jan 2021 17:59:37 +0000 Subject: [PATCH] Blurb on auth for fed api --- proposals/2946-spaces-summary.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/proposals/2946-spaces-summary.md b/proposals/2946-spaces-summary.md index 9b91afa06..2c35834a4 100644 --- a/proposals/2946-spaces-summary.md +++ b/proposals/2946-spaces-summary.md @@ -238,3 +238,6 @@ Receiving server behaviour: context merely means do not add the room or state events in that room to the response. The room itself MUST still be walked so servers can extract transitive rooms e.g `A -> B -> C` and the requesting server requests `room_id: A, exclude_rooms: [B]` must return `C`. + - Servers are authorised to see node/edge information if they are either joined to the room or the room is `world_readable`. + A well-behaved server will not send requests for rooms they are already joined to, so they should only be shown `world_readable` + rooms.