From be77b5823c50808dd4545804fd66caaa29052460 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 13 Aug 2019 11:24:37 +0100 Subject: [PATCH] fix up --- proposals/2229-rebind-existing-3pid.md | 48 ++++++++++++++++---------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/proposals/2229-rebind-existing-3pid.md b/proposals/2229-rebind-existing-3pid.md index c10eec27..ce2547e2 100644 --- a/proposals/2229-rebind-existing-3pid.md +++ b/proposals/2229-rebind-existing-3pid.md @@ -1,20 +1,25 @@ # Allowing 3PID Owners to Rebind +``` 3PID noun - A third-party identifier such as an email address or phone number, that + + A "third-party identifier" such as an email address or phone number, that can be tied to your Matrix ID in order for your contacts outside of - Matrix to find you, typically with the help of an [identity - server](https://matrix.org/docs/spec/identity_service/r0.2.1.html). + Matrix to find you, typically with the help of an identity server. -As part of the on-going privacy work, Matrix client applications are -attempting to make the concept of an identity server more clear to the user, -as well as allowing a user to interact with multiple identity servers while -they're logged in. +Identity server + noun -As part of facilitating this work, Matrix clients should be able to allow -users, while logged in, the ability to pick an identity server, see what -3PIDs they currently have bound to their Matrix ID, and bind/unbind as they + A queryable server that holds mappings between 3PIDs and Matrix IDs. +``` + +As part of the on-going privacy work, Matrix client applications are +attempting to make the concept of an identity server clearer to the user, as +well as allowing a user to interact with multiple identity servers while +logged in. In facilitating this, Matrix clients should be able to allow +logged-in users the ability to pick an identity server, see what 3PIDs they +currently have bound to their Matrix ID, and bind/unbind addresses as they desire. When implementating this functionality, a technicality in the spec was found @@ -23,14 +28,14 @@ The line "The homeserver must check that the given email address is **not** already associated with an account on this homeserver." appears under the [POST /_matrix/client/r0/account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken) -line. The same goes for the [equivalent msisdn +endpoint description. The same goes for the [equivalent msisdn (phone) endpoint](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken). -If a user binds their email address, through the homeserver to identity -server A, then switches to identity server B to try and do the same, the -homeserver will reject the second request as this email address has already -been bound. This is due to the homeserver attaching the email address user's -accounts whenever a bind is performed through them. +When a user binds their 3PID through a homeserver to identity server A, the +homeserver keeps a record and attaches the address to the local account. +Then, if the user switches to identity server B to try and do the same, the +homeserver will reject the second request as this address has already been +bound. ## Proposal @@ -38,13 +43,14 @@ This proposal calls for allowing 3PID owners to rebind their 3PIDs using the [POST /_matrix/client/r0/account/3pid/email/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-email-requesttoken) and [POST /_matrix/client/r0/account/3pid/msisdn/requestToken](https://matrix.org/docs/spec/client_server/r0.5.0#post-matrix-client-r0-account-3pid-msisdn-requesttoken) -endpoints by extending the definition of what homeservers should check before rejecting a bind. +endpoints by extending the definition of what homeservers should check before +rejecting a bind. Homeservers should reject the binding of a 3PID if it already been bound, **unless** the requesting user is the one who originally bound that 3PID. If -so, then they should be able to bind it again if they choose. +so, then they should be able to bind it again and again if they so choose. -In doing so, it would allow users to bind their 3PIDs to multiple identity +In doing so, users would be able to bind their 3PIDs to multiple identity servers, even if the homeserver has already been made aware of it. ## Tradeoffs @@ -63,6 +69,10 @@ Clients should be prepared to understand that this may just mean they are dealing with an old homeserver, versus the 3PID already being bound on this homeserver by another user. +Homeservers will need to keep track of each identity server that an address +has been bound with, and upon user account deactivation, should attempt to +unbind all of them. + ## Security considerations None.