Merge 0dc9633f24
into d6edcbd946
commit
ebcfa3b479
@ -0,0 +1,93 @@
|
||||
# MSC4004: Unified view of identity service
|
||||
|
||||
Centralized chat platforms are able to automatically detect which entries of
|
||||
the phone address book are known by the platform, then automatically propose
|
||||
those names when user clicks on "new discussion".
|
||||
|
||||
The Matrix-Identity-Service has already a secured mechanism able to be used
|
||||
for this _(lookup)_. However, the identity service is only able to answer
|
||||
with data it knows _(ie submitted lookups)_.
|
||||
|
||||
## Proposal
|
||||
|
||||
The goal of this proposal is to add a mechanism to provide an unified
|
||||
view of identity service without centralizating user's data.
|
||||
|
||||
### Changes
|
||||
|
||||
All of this changes affects [identity-service-api.md](https://github.com/matrix-org/matrix-spec/blob/main/content/identity-service-api.md)
|
||||
|
||||
#### Association lookup
|
||||
|
||||
##### GET `/_matrix/identity/v2/hash_details`
|
||||
|
||||
To ensure continuity of asociations when the pepper changes, it is required
|
||||
to have more than one pepper available. To avoid breaking changes, the current
|
||||
format is kept and an optional additional filed is provided:
|
||||
|
||||
```json
|
||||
{
|
||||
"algorithms": [
|
||||
"none",
|
||||
"sha256"
|
||||
],
|
||||
"lookup_pepper": "matrixrocks",
|
||||
"alt_lookup_peppers": ["oldmatrixrocks"]
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
##### POST `/_matrix/identity/v2/lookup`
|
||||
|
||||
A new key is added in response, `third_party_mappings`. It permits to the
|
||||
identity service to answer that it doesn't know this 3PID but knows where
|
||||
to find it:
|
||||
|
||||
```json
|
||||
{
|
||||
"mappings": {
|
||||
"4kenr7N9drpCJ4AfalmlGQVsOn3o2RHjkADUpXJWZUc": "@alice:example.org"
|
||||
},
|
||||
"third_party_mappings": {
|
||||
"matrix.domain.com:8448": [
|
||||
"nlo35_T5fzSGZzJApqu8lgIudJvmOQtDaHtr-I4rU7I"
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
The client application has to do a new lookup query to `matrix.domain.com:8448`.
|
||||
The hash value given here isn't valid on this new server: the client application
|
||||
has to calculate a new hash using pepper/alg from `matrix.domain.com:8448`.
|
||||
|
||||
#### Establishing associations
|
||||
|
||||
##### POST `/_matrix/identity/v2/lookups`
|
||||
|
||||
A new endpoint, reserved to trusted servers, will allow to declare a list
|
||||
of hashes owned by the (trusted) server. Hashes are calculated using the
|
||||
pepper of recipient server.
|
||||
|
||||
Request body:
|
||||
|
||||
```json
|
||||
{
|
||||
"algorithm": "sha256",
|
||||
"pepper": "matrix_rocks",
|
||||
"mappings": {
|
||||
"matrix.domain.com:8448": [
|
||||
"nlo35_T5fzSGZzJApqu8lgIudJvmOQtDaHtr-I4rU7I"
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Potential issues
|
||||
|
||||
To avoid conversation hijacking, only trusted server should be allowed to push
|
||||
a list of owned hashes.
|
||||
|
||||
## Security considerations
|
||||
|
||||
This proposal is based on current Matrix-Identity-Service security mechanisms.
|
||||
Only the new endpoint should accept request only from trusted server.
|
Loading…
Reference in New Issue