Matrix Protocol

[ghost]

The matrix protocol is the most promising attempt at fixing email. Would anyone in the portier project be interested in doing it with matrix? Or can anyone let us know how much work it might be?
Note: Ruma is an alpha rust server
https://github.com/ruma/ruma

[ghost]

Iv spoken to the matrix devs and they said this should be straightforward from matrix's side.
Docs: http://matrix.org/docs/spec/client_server/latest.html

[onli]

The question is what kind of integration you would want to provide? Is this about the user giving a matrix id? Or about him giving an email and authenticating via matrix?

[ghost]

Matrix is meant to replace email.
So the question is about using matrix instead of email with portier.

[callahad]

At a high level, Portier just wants a workflow that looks like:

1. User types an identifier into the site
2. Portier verifies the user's control over that identifier
3. The site learns the user's identifier, vouched for by Portier

For identifiers, Portier only cares that they:

• Are decentralized
• Are usable by humans
• Are independently meaningful outside of Portier

Email is the most broadly established system that fits those criteria, so that's what we're starting with, but Matrix seems like it could grow into that same role.

@unlmtd What would a Matrix user enter as their identifier? Do Matrix users think of themselves as their @user:homeserver MXID? (It looks like Riot itself prompts for an email address or local username instead of a full MXID, and I don't want to repeat OpenID's mistake of asking users for an identifier that they don't already associate with their identity.)

[ghost]

The matrix IDs are indeed of the format @user:homeserver - the email entry on riot is optional, and the user field defaults to :matrix.org if no homeserver is set. There are a few identity servers that map email/phone# to matrix IDs, because, as you said, email is still de facto online identity.

It would be very empowering to use our matrix IDs for login. Matrix.org has a good pitch as to why that is. Ill come look at this later as I have a plan to use something like portier, but am throwing email out of my stack. Thanks @callahad !

[stephank]

I'm torn on whether to call this feature creep. I know very little about Matrix, but see three ways to do this:

1. A stand-alone IdP implementation, that works together with one of the Matrix email bridges. Email users or domains opt-in using Webfinger like any other Portier IdP.

2. We implement a Matrix bridge in Portier. Email users or domains opt-in using Webfinger and a special rel. This probably also uses verification codes? (Unless Matrix has something similar to OpenID Connect built-in.)

3. We do 2 and also start accepting Matrix IDs next to emails. This requires opt-in from RPs, because they currently expect just email. We also have to figure out what the JWT looks like, and what it means for Webfinger discovery.

I think 3 has a very high 'feature creep' score, but 2 is something we could do and have well contained in code. I wonder how useful 1 is at all, to be honest.

Going to mark this as 'help wanted' for now, because it doesn't seem current committers are interested.