Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth for content repo (and enforcing GDPR erasure) #3796

Open
matrixbot opened this issue Aug 20, 2016 · 8 comments
Open

Auth for content repo (and enforcing GDPR erasure) #3796

matrixbot opened this issue Aug 20, 2016 · 8 comments
Labels
kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal

Comments

@matrixbot
Copy link
Member

matrixbot commented Aug 20, 2016
edited by richvdh

Formerly MSC701.
Documentation: https://docs.google.com/document/d/1ERHpmthZyspnZtE3tQzxKTkcxar6JANeyNXgz2_djhA/edit#
Author: @ara4n
Date: 2018-06-04

The media repository is currently unauthed; anybody can access posted images, avatars, etc, if they know the URI.

Submitted by @​matthew:matrix.org

(Imported from https://matrix.org/jira/browse/SPEC-445)
@matrixbot
Copy link
Member Author

Jira watchers: @ara4n @richvdh

@matrixbot
Copy link
Member Author

Actually, E2E provides quite an elegant solution for this, in that you can't decrypt the content if you don't have the keys. (Then again, from a corp security perspective they prolly don't even want you downloading the encrypted data)

-- @ara4n

@matrixbot matrixbot added the p5 label Oct 28, 2016
@matrixbot matrixbot changed the title Auth for media repo Auth for media repo (SPEC-445) Oct 31, 2016
@matrixbot matrixbot added the feature Suggestion for a significant extension which needs considerable consideration label Nov 7, 2016
@richvdh richvdh mentioned this issue Oct 16, 2017
Closed
@richvdh richvdh changed the title Auth for media repo (SPEC-445) Auth for content repo (SPEC-445) Oct 16, 2017
@richvdh
Copy link
Member

richvdh commented Oct 16, 2017

Synapse-side issue at https://github.com/matrix-org/synapse/issues/2150

@turt2live turt2live mentioned this issue Feb 21, 2018
Closed
@t3chguy t3chguy mentioned this issue May 27, 2018
Closed
@turt2live
Copy link
Member

I don't think this has been answered somewhere, so asking here in hopes people have ideas: How would federated media work?

In theory the server could start signing requests to download media, although that doesn't really guarantee that the person making the request is allowed to do so (ie: is in the room). With the upcoming introduction of users being linked to key-like objects, we could possibly use those to sign the requests, however there's nothing to stop a server lying about which user is requesting the media.

Then there's the question of the user potentially wanting specific media being publicly accessible. The primary use case being the IRC bridge which pastebins long messages.

@turt2live turt2live mentioned this issue Jun 4, 2018
Open
@ara4n
Copy link
Member

ara4n commented Jun 4, 2018
edited by richvdh

let's discuss this over at matrix-org/synapse#2150 matrix-org/matrix-spec#870, as that bug's bigger

@ara4n ara4n changed the title Auth for content repo (SPEC-445) Auth for content repo Jun 7, 2018
@ara4n ara4n added proposal A matrix spec change proposal and removed feature Suggestion for a significant extension which needs considerable consideration p5 labels Jun 7, 2018
@ara4n ara4n changed the title Auth for content repo Auth for content repo (needed to enforce GDPR erasure) Jun 7, 2018
@ara4n ara4n changed the title Auth for content repo (needed to enforce GDPR erasure) Auth for content repo (and enforcing GDPR erasure) Jun 7, 2018
@turt2live turt2live mentioned this issue Jun 15, 2018
Open
@anmol26s anmol26s mentioned this issue Jun 19, 2018
Closed
@turt2live turt2live mentioned this issue Sep 26, 2018
Merged
@turt2live turt2live mentioned this issue Mar 7, 2019
Closed
@turt2live turt2live mentioned this issue Mar 20, 2019
Closed
@turt2live turt2live mentioned this issue Mar 27, 2020
Open
@turt2live turt2live added the kind:core MSC which is critical to the protocol's success label Apr 21, 2020
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
@kegsay kegsay mentioned this issue Jul 26, 2021
Closed
@richvdh
Copy link
Member

richvdh commented Dec 24, 2021

see also #2461 which is an alternative proposal.

@richvdh richvdh mentioned this issue Feb 21, 2022
Closed
@richvdh richvdh transferred this issue from matrix-org/matrix-spec-proposals Mar 1, 2022
@turt2live turt2live mentioned this issue Mar 1, 2022
Open
6 tasks
@clokep clokep mentioned this issue Mar 1, 2022
Open
@ara4n ara4n transferred this issue from matrix-org/matrix-spec May 9, 2022
@amilah-a amilah-a mentioned this issue Nov 9, 2022
Open
@turt2live turt2live mentioned this issue Nov 25, 2023
Open
@richvdh
Copy link
Member

richvdh commented Jan 3, 2024

See also #3916 and #3911 which are yet more alternative proposals.

@turt2live
Copy link
Member

Note that this MSC is more to do with what we now call "linking" instead, as a sort of MSC3911 alternative. MSC3916 does have some overlap, but not nearly as much as MSC3911 does.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@turt2live @ara4n @anoadragon453 @richvdh @matrixbot