MSC4300: Processing status requests & responses #4300
There are no files selected for viewing
|
Johennes marked this conversation as resolved.
|
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| # MSC4300: Requesting and reporting event processing status | ||
|
|
||
| Matrix allows clients to exchange both built-in and custom events with other clients in rooms. There | ||
| is, however, no way for a client to understand if the events it sent were actually understood by | ||
| other clients or not. This is problematic as a compatibility mismatch means that the recipient user | ||
| might only be able to see a fallback representation of an event or, in the worst case, nothing at | ||
| all. At the same time, the sender is left wholly unaware of the recipient's experience. | ||
|
|
||
| These problems are aggravated when one or both of the participating clients are an automated system | ||
| (a.k.a. bot) which cannot easily issue or respond to generic "Did you see my message?" questions. | ||
|
|
||
| The present proposal partially addresses this problem by defining a generic scheme for clients to | ||
| request and receive an explicit processing status for events from other clients. | ||
|
|
||
| ## Proposal | ||
|
|
||
| A new content block `m.request.status` is introduced to request a processing status from other | ||
|
Contributor
There was a problem hiding this comment. Shouldn't it be
Contributor
Author
There was a problem hiding this comment. Hm, good question. My assumption was that there might be further specialized request types in future – as in requests that ask for something else than the processing status. Therefore, I made
This comment was marked as resolved.
Sorry, something went wrong.
Contributor
Author
There was a problem hiding this comment. I think that could be helpful but it seems to solve a slightly different problem. My assumption was that the sender would only add status requests on events that, for one reason or another, are important. Things such as prescriptions or sick notices where the content is not just plain text and where as the sender I need to make sure that you have actually understood and processed the event correctly. That means the majority of events would not include status requests which made adding it on the sender side appear acceptable. Only sending the status response when an event was not understood would mean that the only signal of successful processing is the absence of a response. But then you won't know if the recipient didn't respond because it understood the event or if it simply hasn't received and processed the event yet. |
||
| clients when sending events. It has the following properties in `content`: | ||
|
|
||
| - `from_device` (required, string): The sending device's device ID. Allows recipients to optionally | ||
| submit their responses privately via to-device messages in the future. | ||
| - `lifetime` (integer): The duration in milliseconds during which the sender will consider responses | ||
| to this request. Prevents meaningless delayed responses when new or previously disconnected | ||
| devices encounter requests on older events. | ||
|
|
||
| Clients MAY add `m.request.status` as a top-level property in `content` on any event they send. | ||
|
|
||
| ``` json5 | ||
| { | ||
| "type": "m.pizza", | ||
| "event_id": "$1", | ||
| "content": { | ||
| "m.request.status": { | ||
| "from_device": "RJYKSTBOIE", | ||
| "lifetime": 90_000, // 90s | ||
| }, | ||
| // properties specific to m.pizza | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| Clients that receive events containing `m.request.status` content blocks MAY respond to them with a | ||
|
There was a problem hiding this comment. To understand the flow correctly:
My concern with this approach is, that it potentially causes unnecessary responses and or transfers data, which may not be needed if the counterpart does not understand it. So to keep the metaphor: if I am sending the pizza without knowing if it will be eaten, I am likely wasting lots of food over the time. However, if I use m.request.status as its own room event like a knock-on event to ask if someone wants pizza, I first of all can reduce the initial overhead and can then also cover those clients, who did not respond that they implicitly don't want pizza. I understand that the tradeoff of that is that the sending client must wait for the clients to confirm they understand that message first, but keeping the lifetime of the request much lower (e.g. 5 - 10 seconds) you can confirm two things: 1. the client supports the message and 2. if there's no response from a client, he either doesn't support it or isn't interested (e.g. polling or questionnaire messages). The latter is especially interesting, when no-one in the room actually understands the message: if no client supports it, there is no need to send the data at all, which is likely more data privacy compliant. More specifically, if a client responds to a request immediately, it may conflict with the users privacy settings, if he doesn't want to send read receipts (https://spec.matrix.org/v1.16/client-server-api/#receipts). Also if client A already send a request and got a specific response from the other clients, he may cache the response if to is solely being used for identification of message type support.
Contributor
Author
There was a problem hiding this comment. This proposal is meant to enable clients to understand if something they have sent was understood by the recipients. You are correct in that, on its own, this doesn't provide clients a way to determine if something will be understood by others before actually sending it. This part is covered in MSC4301. That proposal defines an ahead-of-time capability query which itself uses the request status mechanism from this proposal here. There was a problem hiding this comment. But in that case, MSC4301 and MSC4300 are directly depending on each-other, which is not immediately clear to the readers. Without the MSC4301, I still have privacy concerns as data might get transferred without acknowledgement and it's to some extend unclear how it mitigates the issue "did you understood my message?" if the other client does not implement this feature. The response event will only be sent, if the client is online, which comes with two downsides:
So, in neither of these cases, the sending client will ever receive the requested response, which in turn might lead to the question again "have you understood my message?"
Contributor
Author
There was a problem hiding this comment.
I have tried to make the relationship between these proposals clearer with cda5d2c.
Sending the
Yes, the mechanism in this proposal is best-effort only and won't work perfectly in all situations. A specific case where we expect it to work well is when two automated systems exchange data via Matrix. The online state should not be a concern in this situation. I'm happy to hear about alternatives though if you can think of any. Footnotes
|
||
| new room event type `m.response.status`. The latter contains an `m.reference` relation pointing to | ||
| the original event as well as an `m.response.status` content block with the following properties: | ||
|
|
||
| - `from_device` (required, string): The sending device's device ID. Helps clients identify the | ||
| remote echo of their own responses. | ||
| - `status` (required, string, one of `success`, `error`): Whether the sending device has understood | ||
| and successfully processed the event. | ||
| - `messages` (array): An optional array of messages to help recipients understand the `status`. | ||
| - `type`: (required, string, one of `info`, `warning`, `error`): The message category. | ||
| - `m.text`: (required, object): The message in one or more textual representations as per | ||
| [MSC1767]. | ||
|
|
||
| The event `content` MAY contain further properties based on the type of the event that is being | ||
| responded to. | ||
|
|
||
| ``` json5 | ||
| { | ||
| "type": "m.response.status", | ||
| "content": { | ||
| "m.response.status": { | ||
| "from_device": "EIOBTSKYJR", | ||
| "status": "error", | ||
| "messages": [{ | ||
| "type": "error", | ||
| "m.text": [{ "body": "Unknown event type m.pizza" }] | ||
| }] | ||
| }, | ||
| "m.relates_to": { | ||
| "event_id": "$1", | ||
| "rel_type": "m.reference", | ||
| }, | ||
| // optional properties specific to m.pizza | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| Clients can check whether a request has expired using `lifetime`, `origin_server_ts` and their local | ||
| clock. Once a request has expired, clients SHOULD refrain from sending `m.response` events | ||
| themselves and ignore any new `m.response` events received from other clients. | ||
|
|
||
| ## Potential issues | ||
|
|
||
| This proposal doesn't strictly define what constitutes successful processing of an event. At a | ||
| minimum, the meaning of success will depend on the type of event sent and the receiving client. An | ||
| archival bot, for instance, may have to decrypt and export an event to consider it processed | ||
| successfully. An instant messaging client for end users, on the other hand, might have to render an | ||
| event in a way that allows the user to interact with it. The kind of rendering needed will be | ||
| specific to the type of event in this case. | ||
|
|
||
| It is expected that the mechanism introduced in this proposal will be used as a basis for more | ||
| specialised features that clearly define the semantics of success. Therefore, this aspect is | ||
| consciously left unspecified here. | ||
|
|
||
| ## Alternatives | ||
|
|
||
| Requests for processing statuses could be sent separately from the event being processed, for | ||
| instance, via to-device messages. This, however, introduces complexity because now both messages | ||
| have to be received and decrypted before responses can be sent. It is not clear what benefits, if | ||
| any, this alternative would have over the solution proposed in the present proposal. | ||
|
|
||
| Instead of sending processing statuses per event, clients could statically advertise the types of | ||
| events that they are able to understand, for instance, via profiles or state events in a room. This | ||
| would allow senders to look up recipient capabilities ahead of time but would not allow recipients | ||
| to communicate back detailed information about their processing status of individual events. As a | ||
| result, the two mechanisms are not necessarily competing and could also play together. | ||
|
|
||
| ## Security considerations | ||
|
|
||
| Communicating the processing status via room events leaks metadata by revealing client capabilities | ||
| to all room participants. This can be mitigated by transporting the status via to-device messages | ||
| instead. A future proposal may generalise the mechanism introduced here accordingly. Until then, | ||
| clients are not required to respond to status requests under this proposal and MAY simply ignore | ||
| them. | ||
|
|
||
| Contrary to the above, persisting processing status responses in timeline events can be necessary in | ||
| scenarios that require auditability. | ||
|
|
||
| ## Unstable prefix | ||
|
|
||
| While this MSC is not considered stable, `m.request.status` and `m.response.status` (the event type) | ||
| should be referred to as `de.gematik.msc4300.request.status` and | ||
| `de.gematik.msc4300.response.status`, respectively. | ||
|
|
||
| ## Dependencies | ||
|
|
||
| None. | ||
|
|
||
| [MSC1767]: https://github.com/matrix-org/matrix-spec-proposals/pull/1767 | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implementation requirements: