Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

We need to re-consider splitting users into alias & underlying opaque ID (SPEC-152) #63

Open
matrixbot opened this issue Apr 14, 2015 · 8 comments
Labels
A-Identity-Service feature Suggestion for a significant extension which needs considerable consideration p1 room-vNext An idea which will require a bump in room version

Comments

@matrixbot
Copy link
Member

matrixbot commented Apr 14, 2015

Back when we defined rooms as split between aliases and IDs, there was a discussion over also splitting users between aliases and IDs too. At the time, the argument for doing so was "for symmetry", which didn't cut it, but we're starting to see concrete reasons why this could be a good thing to do. This bug is intended to gather together reasons to do so.

  • We can use alias->ID api to also handle canonicalising case as per SYN-109 rather than SPEC-62
  • We get email-style aliasing for free, allowing easy consolidation of various accounts to point at One True Account, and avoid having to support multiple accounts in clients
  • We could use it for horizontal scaling, HA, and decentralising user accounts in general - replicating a single user account over multiple servers
  • We could use it as the basis for a portability/account migration system.

Obviously the risks include:

  • Another waste-of-time holy war over how to present aliases to users in UI as they're a many:one mapping. Needless to say, I suggest we just present them like email addresses (which are after all also many:one, effectively)
  • Lots of security challenges in terms of which accounts are allowed to reside on which HSes, and how you prevent phishing attacks, and how you encrypt user data to protect them sufficiently.

If this idea went ahead, I suggest we adopt a syntax like:

@​matthew:matrix.org <-- user alias
^opaque_id:matrix.org <-- user id

I suggest using ^ as the sigil, as it doesn't escape in URLs, doesn't mean anything else, and is easily visually recognisable.

Yes, this would be a major backwards-incompatible change to the event format if we start shoving ^'s everywhere - so we need to decide to do so sooner than later if we are.

I suggest we consider using public key fingerprint as the opaque ID for the user (if this makes any sense at all).

(Imported from https://matrix.org/jira/browse/SPEC-152)

(Reported by @ara4n)

@matrixbot
Copy link
Member Author

Jira watchers: @ara4n @richvdh

@matrixbot
Copy link
Member Author

matrixbot commented Apr 14, 2015

Links exported from Jira:

relates to https://github.com/matrix-org/matrix-doc/issues/586
relates to SPEC-62
relates to SPEC-390

@matrixbot
Copy link
Member Author

One thing that may be worth considering is making the ^opaque_id the hash of some variety of key, and aliases are inserted as Signed(alias || separator || opaque_id), such that the signature is with the key that the opaque_id is the hash of. This avoids the possibility of mappings that the opaque_id's user didn't consent to (both are present in the signature, the id/sig pair is self-certifying), and may be possible to link to e2e, such that keys for an ID are also self-certifying.

-- Alex Elsayed

@matrixbot
Copy link
Member Author

One other option - rather than '' use '' - all of the benefits of '' apply, with the added bonus that using '' to mean "something user-specific" is a long-standing convention (Unix, mapping public_html, etc).

-- Alex Elsayed

@matrixbot
Copy link
Member Author

Further arguments in favor of '~':

-- Alex Elsayed

@matrixbot
Copy link
Member Author

Why do we want to break the world by using ^ as the sigil for opaque IDs, rather than using the current @​user_ids and layering aliases on top?

-- @richvdh

@matrixbot
Copy link
Member Author

matrixbot commented Apr 19, 2016

Isn't it the other way around? My understanding was that opaque IDs would be opaque in the sense of https://github.com/matrix-org/matrix-doc/issues/666; the current @​-form mxids would transparently grow an opaque-id backing and upgrade to aliases.

-- Alex Elsayed

@matrixbot
Copy link
Member Author

This bug is quite stale now - who knows if we'd use public keys as the underlying identifier (discovered by a DHT or whatever) or a ^user:domain or a ~user:domain or whatever. I'd be anxious that we keep @​user:domain as public-facing user IDs for compatibility with existing conversations etc - and it would then be an indirection through to the underlying ID (which could be hosted on multiple HSes etc). Effectively the @​user:domain ID could become a 3PID mapping. Anyway, this is all completely not designed yet and up in the air, other than the desire for decentralised accounts.

See https://github.com/matrix-org/GSoC/blob/master/IDEAS.md#decentralised-accounts for other thoughts.

-- @ara4n

@matrixbot matrixbot added the p1 label Oct 28, 2016
@matrixbot matrixbot changed the title We need to re-consider splitting users into alias & underlying opaque ID We need to re-consider splitting users into alias & underlying opaque ID (SPEC-152) Oct 31, 2016
@matrixbot matrixbot added the feature Suggestion for a significant extension which needs considerable consideration label Nov 7, 2016
@turt2live turt2live added room-vNext An idea which will require a bump in room version A-Identity-Service labels Feb 7, 2019
@richvdh richvdh transferred this issue from matrix-org/matrix-spec-proposals Mar 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-Identity-Service feature Suggestion for a significant extension which needs considerable consideration p1 room-vNext An idea which will require a bump in room version
Projects
None yet
Development

No branches or pull requests

2 participants