Eventually Consistent Access Control: Practical Insights on Matrix from Decentralized Systems Theory
Access control is the core of any system's security, but usually provided by a single, centralized server. However, access control in a Matrix room is decentralized: every participating server independently decides who is authorized to send and receive which events, without consulting any other server. To the surprise of many, these decisions are still eventually consistent even if all but one server is malicious, but seeing why requires a new way of thinking about access control. I will explain the necessary design patterns from decentralized systems science, and show how they can be weaved together for a practical explanation of what Matrix is, and why Matrix can reach its astonishing levels of security and resilience.
