|
| 1 | +# MSCXXXX: Requesting and reporting event processing status |
| 2 | + |
| 3 | +Matrix allows clients to exchange both built-in and custom events with other clients in rooms. There |
| 4 | +is, however, no way for a client to understand if the events it sent were actually understood by |
| 5 | +other clients or not. This is problematic as a compatibility mismatch means that the recipient user |
| 6 | +might only be able to see a fallback representation of an event or, in the worst case, nothing at |
| 7 | +all. At the same time, the sender is left wholly unaware of the recipient's experience. |
| 8 | + |
| 9 | +These problems are aggravated when one or both of the participating clients are an automated system |
| 10 | +(a.k.a. bot) which cannot easily issue or respond to generic "Did you see my message?" questions. |
| 11 | + |
| 12 | +The present proposal partially addresses this problem by defining a generic scheme for clients to |
| 13 | +request and receive an explicit processing status for events from other clients. |
| 14 | + |
| 15 | +## Proposal |
| 16 | + |
| 17 | +A new content block `m.request.status` is introduced to request a processing status from other |
| 18 | +clients when sending events. It has the following properties in `content`: |
| 19 | + |
| 20 | +- `from_device` (required, string): The sending device's device ID. Allows recipients to optionally |
| 21 | + submit their responses privately via to-device messages in the future. |
| 22 | +- `lifetime` (integer): The duration in milliseconds during which the sender will consider responses |
| 23 | + to this request. Prevents meaningless delayed responses when new or previously disconnected |
| 24 | + devices encounter requests on older events. |
| 25 | + |
| 26 | +Clients MAY add `m.request.status` as a top-level property in `content` on any event they send. |
| 27 | + |
| 28 | +``` json5 |
| 29 | +{ |
| 30 | + "type": "m.pizza", |
| 31 | + "event_id": "$1", |
| 32 | + "content": { |
| 33 | + "m.request.status": { |
| 34 | + "from_device": "RJYKSTBOIE", |
| 35 | + "lifetime": 90_000, // 90s |
| 36 | + }, |
| 37 | + // properties specific to m.pizza |
| 38 | + } |
| 39 | +} |
| 40 | +``` |
| 41 | + |
| 42 | +Clients that receive events containing `m.request.status` content blocks MAY respond to them with a |
| 43 | +new room event type `m.response.status`. The latter contains an `m.reference` relation pointing to |
| 44 | +the original event as well as an `m.response.status` content block with the following properties: |
| 45 | + |
| 46 | +- `from_device` (required, string): The sending device's device ID. Helps clients identify the |
| 47 | + remote echo of their own responses. |
| 48 | +- `status` (required, string, one of `success`, `error`): Whether the sending device has understood |
| 49 | + and successfully processed the event. |
| 50 | +- `messages` (array): An optional array of messages to help recipients understand the `status`. |
| 51 | + - `type`: (required, string, one of `info`, `warning`, `error`): The message category. |
| 52 | + - `m.text`: (required, object): The message in one or more textual representations as per |
| 53 | + [MSC1767]. |
| 54 | + |
| 55 | +The event `content` MAY contain further properties based on the type of the event that is being |
| 56 | +responded to. |
| 57 | + |
| 58 | +``` json5 |
| 59 | +{ |
| 60 | + "type": "m.response.status", |
| 61 | + "content": { |
| 62 | + "m.response.status": { |
| 63 | + "from_device": "EIOBTSKYJR", |
| 64 | + "status": "error", |
| 65 | + "messages": [{ |
| 66 | + "type": "error", |
| 67 | + "m.text": [{ "body": "Unknown event type m.pizza" }] |
| 68 | + }] |
| 69 | + }, |
| 70 | + "m.relates_to": { |
| 71 | + "event_id": "$1", |
| 72 | + "rel_type": "m.reference", |
| 73 | + }, |
| 74 | + // optional properties specific to m.pizza |
| 75 | + } |
| 76 | +} |
| 77 | +``` |
| 78 | + |
| 79 | +Clients can check whether a request has expired using `lifetime`, `origin_server_ts` and their local |
| 80 | +clock. Once a request has expired, clients SHOULD refrain from sending `m.response` events |
| 81 | +themselves and ignore any new `m.response` events received from other clients. |
| 82 | + |
| 83 | +## Potential issues |
| 84 | + |
| 85 | +This proposal doesn't strictly define what constitutes successful processing of an event. At a |
| 86 | +minimum, the meaning of success will depend on the type of event sent and the receiving client. An |
| 87 | +archival bot, for instance, may have to decrypt and export an event to consider it processed |
| 88 | +successfuly. An instant messaging client for end users, on the other hand, might have to render an |
| 89 | +event in a way that allows the user to interact with it. The kind of rendering needed will be |
| 90 | +specific to the type of event in this case. |
| 91 | + |
| 92 | +It is expected that the mechanism introduced in this proposal will be used as a basis for more |
| 93 | +specialised features that clearly define the semantics of success. Therefore, this aspect is |
| 94 | +consciously left unspecified here. |
| 95 | + |
| 96 | +## Alternatives |
| 97 | + |
| 98 | +Requests for processing statuses could be sent separately from the event being processed, for |
| 99 | +instance, via to-device messages. This, however, introduces complexity because now both messages |
| 100 | +have to be received and decrypted before responses can be sent. It is not clear what benefits, if |
| 101 | +any, this alternative would have over the solution proposed in the present proposal. |
| 102 | + |
| 103 | +Instead of sending processing statuses per event, clients could statically advertise the types of |
| 104 | +events that they are able to understand, for instance, via profiles or state events in a room. This |
| 105 | +would allow senders to look up recipient capabilities ahead of time but would not allow recipients |
| 106 | +to communicate back detailed information about their processing status of individual events. As a |
| 107 | +result, the two mechanisms are not necessarily competing and could also play together. |
| 108 | + |
| 109 | +## Security considerations |
| 110 | + |
| 111 | +Communicating the processing status via room events leaks metadata by revealing client capabilities |
| 112 | +to all room participants. This can be mitigated by transporting the status via to-device messages |
| 113 | +instead. A future proposal may generalise the mechanism introduced here accordingly. Until then, |
| 114 | +clients are not required to respond to status requests under this proposal and MAY simply ignore |
| 115 | +them. |
| 116 | + |
| 117 | +Contrary to the above, persisting processing status responses in timeline events can be necessary in |
| 118 | +scenarios that require auditability. |
| 119 | + |
| 120 | +## Unstable prefix |
| 121 | + |
| 122 | +While this MSC is not considered stable, `m.request.status` and `m.response.status` (the event type) |
| 123 | +should be referred to as `de.gematik.mscXXXX.request.status` and |
| 124 | +`de.gematik.mscXXXX.response.status`, respectively. |
| 125 | + |
| 126 | +## Dependencies |
| 127 | + |
| 128 | +None. |
| 129 | + |
| 130 | + [MSC1767]: https://github.com/matrix-org/matrix-spec-proposals/pull/1767 |
0 commit comments