MSC3924: Capability-style access control for Matrix media #3924
Conversation
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
|
Note that this is still a draft, and focuses only on the client-server part of the problem for now. |
Suggestion from @deepbluev7 Co-authored-by: DeepBlueV7.X <nicolas.werner@hotmail.de>
turt2live
changed the title
turt2live
added
proposal
|
@cvwright don't forget to sign off on the changes for if this gets accepted please :) |
Signed-off-by: Charles Wright <cvwright@futo.org>
Signed-off-by: Charles Wright <cvwright@futo.org>
| that addresses this issue by granting media access to events rather than | ||
| to rooms. | ||
|
|
||
| ## Modified Approach: Granting Access via Events Instead of via Rooms |
There was a problem hiding this comment.
I think that we need to do something that's event-based because a user in a room may not be allowed to see all the events, and so should not be allowed to see all the media. In addition, if access is only room-based, then new endpoint for listing media in a room may leak information that people should not have access to.
|
|
||
| ```json | ||
| { | ||
| "media_ids": ["abc", "def", "xyz"] |
There was a problem hiding this comment.
shouldn't these be mxc URIs rather than media IDs?
|
I think MSC3911 covers all the important bits of this, and that one seems to be getting traction, so I'm closing this one |
turt2live
added
the
obsolete
Rendered
I saw MSC3910 and MSC3911, and those got me thinking about alternative approaches for protecting access to media in the Matrix content repository.
This proposal suggests a different way of looking at the problem, inspired by ideas from capability-based access control.