Each camera MLS group is currently hard-limited to exactly two members (camera + one app contact). We want to allow an owner to share camera access with multiple people (e.g., family, roommates) while retaining full control over membership. We should extend the current MLS architecture to support multiple app members per camera, with a single owner who can view, add, and remove members, without breaking the existing trust model.
The intended flow is that the owner pairs normally with the camera, then invites additional members by presenting a QR code on their phone. New members scan this QR locally and join the camera’s MLS groups using a derived secret, without requiring direct camera interaction. The owner must be able to see all attached members, revoke access for any member at any time, and ensure that removal cryptographically cuts off future access via MLS member removal and epoch advancement. Non-owners should never be able to invite or remove others.
Each camera MLS group is currently hard-limited to exactly two members (camera + one app contact). We want to allow an owner to share camera access with multiple people (e.g., family, roommates) while retaining full control over membership. We should extend the current MLS architecture to support multiple app members per camera, with a single owner who can view, add, and remove members, without breaking the existing trust model.
The intended flow is that the owner pairs normally with the camera, then invites additional members by presenting a QR code on their phone. New members scan this QR locally and join the camera’s MLS groups using a derived secret, without requiring direct camera interaction. The owner must be able to see all attached members, revoke access for any member at any time, and ensure that removal cryptographically cuts off future access via MLS member removal and epoch advancement. Non-owners should never be able to invite or remove others.