diff options
| author | Erik Johnston <erikj@jki.re> | 2017-10-27 14:20:19 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-27 14:20:19 +0100 |
| commit | 6af3656deb71f5d8d22a2ab705d398767b86dae9 (patch) | |
| tree | e2032db22e6f81ef921a397603af9bee9b4962e2 /synapse | |
| parent | Merge pull request #2591 from matrix-org/rav/device_delete_auth (diff) | |
| parent | Add comment about attestations (diff) | |
| download | synapse-6af3656deb71f5d8d22a2ab705d398767b86dae9.tar.xz | |
Merge pull request #2595 from matrix-org/erikj/attestation_commnet
Add comment about attestations
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/groups/attestations.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py index b751cf5e43..c52e020989 100644 --- a/synapse/groups/attestations.py +++ b/synapse/groups/attestations.py @@ -13,6 +13,28 @@ # See the License for the specific language governing permissions and # limitations under the License. +"""Attestations ensure that users and groups can't lie about their memberships. + +When a user joins a group the HS and GS swap attestations, which allow them +both to independently prove to third parties their membership.These +attestations have a validity period so need to be periodically renewed. + +If a user leaves (or gets kicked out of) a group, either side can still use +their attestation to "prove" their membership, until the attestation expires. +Therefore attestations shouldn't be relied on to prove membership in important +cases, but can for less important situtations, e.g. showing a users membership +of groups on their profile, showing flairs, etc.abs + +An attestsation is a signed blob of json that looks like: + + { + "user_id": "@foo:a.example.com", + "group_id": "+bar:b.example.com", + "valid_until_ms": 1507994728530, + "signatures":{"matrix.org":{"ed25519:auto":"..."}} + } +""" + from twisted.internet import defer from synapse.api.errors import SynapseError |