-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC3924: Capability-style access control for Matrix media #3924
Conversation
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
Note that this is still a draft, and focuses only on the client-server part of the problem for now. |
Suggestion from @deepbluev7 Co-authored-by: DeepBlueV7.X <nicolas.werner@hotmail.de>
@cvwright don't forget to sign off on the changes for if this gets accepted please :) |
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
that addresses this issue by granting media access to events rather than | ||
to rooms. | ||
|
||
## Modified Approach: Granting Access via Events Instead of via Rooms |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that we need to do something that's event-based because a user in a room may not be allowed to see all the events, and so should not be allowed to see all the media. In addition, if access is only room-based, then new endpoint for listing media in a room may leak information that people should not have access to.
|
||
```json | ||
{ | ||
"media_ids": ["abc", "def", "xyz"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't these be mxc
URIs rather than media IDs?
I think MSC3911 covers all the important bits of this, and that one seems to be getting traction, so I'm closing this one |
Rendered
I saw MSC3910 and MSC3911, and those got me thinking about alternative approaches for protecting access to media in the Matrix content repository.
This proposal suggests a different way of looking at the problem, inspired by ideas from capability-based access control.