Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC2230: Store Identity Server in Account Data #2230

Merged
merged 6 commits into from Aug 26, 2019

Conversation

@dbkr
Copy link
Member

commented Aug 13, 2019

dbkr added 2 commits Aug 12, 2019
@turt2live
Copy link
Member

left a comment

generally looks good to me. I have concerns with using MUST all over the place given this isn't declared as a module: if it were declared as a module, the MUSTs can stay because it would be under the context of "clients which support identity servers stored in account data MUST respect the rules of the module".

Also, proposals are meant to be somewhat less formal than the spec. Including keywords like MUST and SHOULD can sometimes lead to nitpicks like this. Lowercasing all the keywords or altering the language can help communicate intent without getting stuck on bikesheds.

proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
dbkr and others added 2 commits Aug 14, 2019
Apply suggestions from code review
Use fewer formal MUST etc in proposal

Co-Authored-By: Travis Ralston <travpc@gmail.com>
@anoadragon453

This comment has been minimized.

Copy link
Member

commented Aug 14, 2019

Given that I don't think this MSC is going to change too drastically at this point:

@mscbot fcp merge

@mscbot

This comment has been minimized.

Copy link
Collaborator

commented Aug 14, 2019

Team member @anoadragon453 has proposed to merge this. The next step is review by the rest of the tagged people:

Concerns:

  • The migration process for this needs to be changed resolved by #2230 (comment)

Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
## Proposal

The base URL of the Identity Server is to be stored in user account data. It
shall be stored in the same format as in a .well-known file under the key,

This comment has been minimized.

Copy link
@richvdh

richvdh Aug 16, 2019

Member

can you give an example of what this will look like?

This comment has been minimized.

Copy link
@turt2live

turt2live Aug 16, 2019

Member
{
  "type": "m.identity_server",
  "content": {
    "base_url": "https://vector.im"
  }
}

if I understand the docs correctly, I think.

proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved
proposals/2230-identity-server-account-data.md Outdated Show resolved Hide resolved

## Security considerations

An attacker would be able to force all a user clients to use a given ID Server

This comment has been minimized.

Copy link
@richvdh

richvdh Aug 16, 2019

Member

it also puts control of the IS to be used in the hands of the HS admin (or a MITM etc).

This comment has been minimized.

Copy link
@uhoreg

uhoreg Aug 17, 2019

Member

This could be solved by signing m.identity_server account data using the user's master cross-signing key. (Once we get that through MSC...)

Users will no longer be able to have different clients configured with
different ID Servers.

## Security considerations

This comment has been minimized.

Copy link
@richvdh

richvdh Aug 16, 2019

Member

do clients need to be a bit wary of things they read from the URL to check that they are valid URLs and aren't localhost and that sort of thing?

@mscbot

This comment has been minimized.

Copy link
Collaborator

commented Aug 16, 2019

🔔 This is now entering its final comment period, as per the review above. 🔔

typoes / clarifications
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
@dbkr

This comment has been minimized.

Copy link
Member Author

commented Aug 20, 2019

@mscbot concern The migration process for this needs to be changed

@dbkr

This comment has been minimized.

Copy link
Member Author

commented Aug 21, 2019

@mscbot resolve The migration process for this needs to be changed

@mscbot

This comment has been minimized.

Copy link
Collaborator

commented Aug 21, 2019

🔔 This is now entering its final comment period, as per the review above. 🔔

@mscbot

This comment has been minimized.

Copy link
Collaborator

commented Aug 26, 2019

The final comment period, with a disposition to merge, as per the review above, is now complete.

@turt2live turt2live merged commit 7a36016 into master Aug 26, 2019

8 checks passed

buildkite/matrix-doc Build #704 passed (59 seconds)
Details
ci/circleci: build-dev-scripts Your tests passed on CircleCI!
Details
ci/circleci: build-docs Your tests passed on CircleCI!
Details
ci/circleci: build-swagger Your tests passed on CircleCI!
Details
ci/circleci: check-docs Your tests passed on CircleCI!
Details
ci/circleci: validate-docs Your tests passed on CircleCI!
Details
docs Click details to preview the HTML documentation.
Details
swagger Click to preview the swagger build.
Details

@turt2live turt2live self-assigned this Aug 26, 2019

@turt2live

This comment has been minimized.

Copy link
Member

commented Aug 26, 2019

@turt2live

This comment has been minimized.

Copy link
Member

commented Sep 4, 2019

Spec PR: #2281

@turt2live

This comment has been minimized.

Copy link
Member

commented Sep 7, 2019

merged 🎉

@turt2live turt2live moved this from Needs spec to Done in Client-server r0.6 proposals Sep 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.