mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-04-28 05:14:10 +02:00
Compare commits
5 commits
f52193d0fe
...
2655ca94b4
| Author | SHA1 | Date | |
|---|---|---|---|
|
2655ca94b4 | ||
|
|
0e280ed014 | ||
|
|
625ed5c599 | ||
|
|
92084268f1 | ||
|
|
6ae25e7df4 |
|
|
@ -0,0 +1 @@
|
||||||
|
Declare the Application Service Registration schema to follow JSON Schema spec 2020-12.
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
Fix various typos throughout the specification.
|
||||||
1
changelogs/internal/newsfragments/2157.feature
Normal file
1
changelogs/internal/newsfragments/2157.feature
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
Add "placeholder MSC" process definition.
|
||||||
|
|
@ -497,6 +497,42 @@ In summary:
|
||||||
a small table at the bottom mapping the various values from stable
|
a small table at the bottom mapping the various values from stable
|
||||||
to unstable.
|
to unstable.
|
||||||
|
|
||||||
|
### Placeholder MSCs
|
||||||
|
|
||||||
|
Some proposals may contain security-sensitive or private context which can't be
|
||||||
|
publicly disclosed until a later stage in the idea or solution process. Typically,
|
||||||
|
the initial idea is validated using some amount of implementation or experimentation
|
||||||
|
and may require an MSC number to make that implementation easier.
|
||||||
|
|
||||||
|
Placeholder MSCs are used to represent proposals in a state where implementation
|
||||||
|
is ongoing, but the MSC details can't yet be disclosed. Authors which feel as
|
||||||
|
though their MSC could be highly sensitive MUST get in contact with the Spec Core
|
||||||
|
Team or [Security Team](https://matrix.org/security-disclosure-policy/) prior to
|
||||||
|
opening their MSC. If either team determines that a placeholder MSC is required,
|
||||||
|
it may be opened as such.
|
||||||
|
|
||||||
|
There are a few expectations attached to placeholder MSCs:
|
||||||
|
|
||||||
|
* They have a title which marks them WIP, and are in the "draft" state.
|
||||||
|
* They have the following labels: `[proposal-placeholder, action-required, needs-implementation]`.
|
||||||
|
* Notably, *not* `proposal`.
|
||||||
|
* They are relatively short-lived (ideally less than 6-12 months in placeholder).
|
||||||
|
* They propose solutions which are reasonably likely to be accepted. If a placeholder
|
||||||
|
needs to be closed because the idea won't work, isn't needed, etc, then the MSC's
|
||||||
|
content MUST be published ahead of that closure.
|
||||||
|
* Note: the MSC's publication (and therefore closure) may be delayed until an
|
||||||
|
appropriate point in the security disclosure cycle. For example, an alternative
|
||||||
|
MSC being published, or a stream of work being completed.
|
||||||
|
* When they are updated to receive real content, the following happens:
|
||||||
|
1. The Spec Core Team or the author leaves a comment to cause a notification
|
||||||
|
that the MSC has been replaced with real content.
|
||||||
|
2. The `proposal` label (or its equivalent) is added to trigger chat notifications
|
||||||
|
in the public Matrix rooms. The `proposal-placeholder` and `action-required`
|
||||||
|
labels should be removed at this stage as well. Other labels are removed/applied
|
||||||
|
per normal process.
|
||||||
|
* The Spec Core Team is aware of the intended MSC's title and purpose. This is
|
||||||
|
especially important if the Security Team approved the use of a placeholder MSC.
|
||||||
|
|
||||||
## Proposal Tracking
|
## Proposal Tracking
|
||||||
|
|
||||||
This is a living document generated from the list of proposals on the
|
This is a living document generated from the list of proposals on the
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
$schema: https://json-schema.org/draft/2020-12/schema
|
||||||
|
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
$schema: https://json-schema.org/draft/2020-12/schema
|
||||||
|
|
||||||
type: object
|
type: object
|
||||||
title: Registration
|
title: Registration
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ paths:
|
||||||
deleted alongside the device.
|
deleted alongside the device.
|
||||||
|
|
||||||
This endpoint does not use the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api) because
|
This endpoint does not use the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api) because
|
||||||
User-Interactive Authentication is designed to protect against attacks where the
|
User-Interactive Authentication is designed to protect against attacks where
|
||||||
someone gets hold of a single access token then takes over the account. This
|
someone gets hold of a single access token then takes over the account. This
|
||||||
endpoint invalidates all access tokens for the user, including the token used in
|
endpoint invalidates all access tokens for the user, including the token used in
|
||||||
the request, and therefore the attacker is unable to take over the account in
|
the request, and therefore the attacker is unable to take over the account in
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue