From 813485c38691216dda26554aa190fa35de9ac064 Mon Sep 17 00:00:00 2001
From: monlovesmango <monlovesmango@protonmail.com>
Date: Sat, 24 Feb 2024 22:17:31 -0600
Subject: [PATCH] NIP71 restricted events by tag

---
 71.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 71.md

diff --git a/71.md b/71.md
new file mode 100644
index 0000000..499eb41
--- /dev/null
+++ b/71.md
@@ -0,0 +1,51 @@
+NIP-71
+======
+
+Restricted Events
+-----------------------------------
+
+`draft` `optional`
+
+When the `"+"` tag is present, that means the event is "restricted".
+
+A restricted event is an event which requires [NIP-42 Authentication of Clients to Relays](https://github.com/nostr-protocol/nips/blob/master/42.md) in order to request. These events can only be requested by:
+
+- the author of the event
+- a user tagged in the event
+- a user who has [NIP-43 Delegated Authentication](https://github.com/nostr-protocol/nips/blob/master/43.md) from the author
+
+## Use Cases
+
+- limiting metadata leakage of private chats
+- limiting access to content to only paid subscribers
+- limiting metadata leakage of personal events (like a journal or private calendar)
+
+## Requesting
+
+In order to `REQ` for a restricted event, the filter MUST have (a) attibute `"restricted": true` to specify the filter is requesting restricted events AND
+(b) either `"authors"` attribute or `"#p"` attribute to establish the pubkey that authentication should be validated for.
+
+If (b) is missing from the filter, the request is invalid and the relay should response with `CLOSED` message with prefix `"invalid"`.
+
+If the filter does not contain the `"restricted": true` attribute, the relay MUST behave as if it does not store any restricted events. Specifically, the relay MUST NOT:
+
+- respond with `CLOSED` and `"auth-required"` prefix
+- request authentication
+- return any restricted events
+
+in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay.
+
+## Access
+
+A user has permission to request any restricted event for which they are the author by:
+
+- authenticating as the author
+- authenticating with a delegated authentication token of mode 0-Login from the author
+
+
+A user has permission to request any restricted event in which their pubkey is tagged by:
+
+- authenticating as the tagged pubkey
+- authenticating with a delegated authentication token of mode 0-Login from the tagged pubkey
+
+A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token.
\ No newline at end of file