|
| 1 | +# Guest State Events |
| 2 | + |
| 3 | +## Problem |
| 4 | + |
| 5 | +Currently guest users are not allowed to create arbitrary state events. This is |
| 6 | +a problem for [MSC3401](https://github.com/matrix-org/matrix-doc/pull/3401), |
| 7 | +where it would be useful for guests to be able to create `m.call.member` events |
| 8 | +in order to participate in a call. |
| 9 | + |
| 10 | +## Proposal |
| 11 | + |
| 12 | +Let guests send arbitrary state events much like a normal user. Servers may rate |
| 13 | +limit state events from guests much more aggressively to mitigate abuse. |
| 14 | + |
| 15 | +We also relax the existing requirement that guests are only allowed to send |
| 16 | +`m.room.message` events, instead allowing them to send any kind of event |
| 17 | +allowed by the room's power level configuration as if they were a normal user. |
| 18 | + |
| 19 | +## Security considerations |
| 20 | + |
| 21 | +The only reason that guests are denied from performing certain operations is to |
| 22 | +avoid malicious unauthorised users consuming resources and causing a DoS. In |
| 23 | +this instance, sending state events can be quite resource intensive, so if we |
| 24 | +didn't have a good use case that needed them it'd be right to veto them. |
| 25 | + |
| 26 | +Also, by default, users (guest or otherwise) can't send state events, which |
| 27 | +further reduces the risk of abuse. Instead, a room intended for guest-capable |
| 28 | +voice/video rooms as per MSC3401 would explicitly set a powerlevel to let users |
| 29 | +send `m.call.member` events. This MSC would simply make it then permissible |
| 30 | +for guests to send as well as non-guests, subject to the powerlevels. |
| 31 | + |
| 32 | +## Alternatives |
| 33 | + |
| 34 | +Rather than using guest access, apps could use shared secret registration to |
| 35 | +work around this limitation. However, that feels like a different MSC. |
0 commit comments