summary refs log tree commit diff
path: root/synapse/groups/attestations.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2017-10-27 11:28:12 +0100
committerErik Johnston <erik@matrix.org>2017-10-27 11:35:41 +0100
commitc067088747bea9b50afb1c1fad94e83bead754e3 (patch)
tree20c2d8955606165248281d4f4093554cd6c9d897 /synapse/groups/attestations.py
parentMerge pull request #2586 from matrix-org/rav/frontend_proxy_auth_header (diff)
downloadsynapse-c067088747bea9b50afb1c1fad94e83bead754e3.tar.xz
Add comment about attestations
Diffstat (limited to '')
-rw-r--r--synapse/groups/attestations.py22
1 files changed, 22 insertions, 0 deletions
diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py
index b751cf5e43..c52e020989 100644
--- a/synapse/groups/attestations.py
+++ b/synapse/groups/attestations.py
@@ -13,6 +13,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+"""Attestations ensure that users and groups can't lie about their memberships.
+
+When a user joins a group the HS and GS swap attestations, which allow them
+both to independently prove to third parties their membership.These
+attestations have a validity period so need to be periodically renewed.
+
+If a user leaves (or gets kicked out of) a group, either side can still use
+their attestation to "prove" their membership, until the attestation expires.
+Therefore attestations shouldn't be relied on to prove membership in important
+cases, but can for less important situtations, e.g. showing a users membership
+of groups on their profile, showing flairs, etc.abs
+
+An attestsation is a signed blob of json that looks like:
+
+    {
+        "user_id": "@foo:a.example.com",
+        "group_id": "+bar:b.example.com",
+        "valid_until_ms": 1507994728530,
+        "signatures":{"matrix.org":{"ed25519:auto":"..."}}
+    }
+"""
+
 from twisted.internet import defer
 
 from synapse.api.errors import SynapseError