From 813485c38691216dda26554aa190fa35de9ac064 Mon Sep 17 00:00:00 2001 From: monlovesmango Date: Sat, 24 Feb 2024 22:17:31 -0600 Subject: [PATCH] NIP71 restricted events by tag --- 71.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 71.md diff --git a/71.md b/71.md new file mode 100644 index 0000000..499eb41 --- /dev/null +++ b/71.md @@ -0,0 +1,51 @@ +NIP-71 +====== + +Restricted Events +----------------------------------- + +`draft` `optional` + +When the `"+"` tag is present, that means the event is "restricted". + +A restricted event is an event which requires [NIP-42 Authentication of Clients to Relays](https://github.com/nostr-protocol/nips/blob/master/42.md) in order to request. These events can only be requested by: + +- the author of the event +- a user tagged in the event +- a user who has [NIP-43 Delegated Authentication](https://github.com/nostr-protocol/nips/blob/master/43.md) from the author + +## Use Cases + +- limiting metadata leakage of private chats +- limiting access to content to only paid subscribers +- limiting metadata leakage of personal events (like a journal or private calendar) + +## Requesting + +In order to `REQ` for a restricted event, the filter MUST have (a) attibute `"restricted": true` to specify the filter is requesting restricted events AND +(b) either `"authors"` attribute or `"#p"` attribute to establish the pubkey that authentication should be validated for. + +If (b) is missing from the filter, the request is invalid and the relay should response with `CLOSED` message with prefix `"invalid"`. + +If the filter does not contain the `"restricted": true` attribute, the relay MUST behave as if it does not store any restricted events. Specifically, the relay MUST NOT: + +- respond with `CLOSED` and `"auth-required"` prefix +- request authentication +- return any restricted events + +in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay. + +## Access + +A user has permission to request any restricted event for which they are the author by: + +- authenticating as the author +- authenticating with a delegated authentication token of mode 0-Login from the author + + +A user has permission to request any restricted event in which their pubkey is tagged by: + +- authenticating as the tagged pubkey +- authenticating with a delegated authentication token of mode 0-Login from the tagged pubkey + +A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token. \ No newline at end of file