pub trait IdentityProvider: Send + Sync {
type Error: IntoAnyError;
// Required methods
fn validate_member(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
context: MemberValidationContext<'_>,
) -> Result<(), Self::Error>;
fn validate_external_sender(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
extensions: Option<&ExtensionList>,
) -> Result<(), Self::Error>;
fn identity(
&self,
signing_identity: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<Vec<u8>, Self::Error>;
fn valid_successor(
&self,
predecessor: &SigningIdentity,
successor: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<bool, Self::Error>;
fn supported_types(&self) -> Vec<CredentialType>;
}Expand description
Identity system that can be used to validate a
SigningIdentity
Required Associated Types§
Sourcetype Error: IntoAnyError
type Error: IntoAnyError
Error type that this provider returns on internal failure.
Required Methods§
Sourcefn validate_member(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
context: MemberValidationContext<'_>,
) -> Result<(), Self::Error>
fn validate_member( &self, signing_identity: &SigningIdentity, timestamp: Option<MlsTime>, context: MemberValidationContext<'_>, ) -> Result<(), Self::Error>
Determine if signing_identity is valid for a group member.
A timestamp value can optionally be supplied to aid with validation
of a Credential that requires
time based context. For example, X.509 certificates can become expired.
Sourcefn validate_external_sender(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
extensions: Option<&ExtensionList>,
) -> Result<(), Self::Error>
fn validate_external_sender( &self, signing_identity: &SigningIdentity, timestamp: Option<MlsTime>, extensions: Option<&ExtensionList>, ) -> Result<(), Self::Error>
Determine if signing_identity is valid for an external sender in
the ExternalSendersExtension stored in the group context.
A timestamp value can optionally be supplied to aid with validation
of a Credential that requires
time based context. For example, X.509 certificates can become expired.
Sourcefn identity(
&self,
signing_identity: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<Vec<u8>, Self::Error>
fn identity( &self, signing_identity: &SigningIdentity, extensions: &ExtensionList, ) -> Result<Vec<u8>, Self::Error>
A unique identifier for signing_identity.
The MLS protocol requires that each member of a group has a unique set of identifiers according to the application.
Sourcefn valid_successor(
&self,
predecessor: &SigningIdentity,
successor: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<bool, Self::Error>
fn valid_successor( &self, predecessor: &SigningIdentity, successor: &SigningIdentity, extensions: &ExtensionList, ) -> Result<bool, Self::Error>
Determines if successor can remove predecessor as part of an external commit.
The MLS protocol allows for removal of an existing member when adding a
new member via external commit. This function determines if a removal
should be allowed by providing the target member to be removed as
predecessor and the new member as successor.
Sourcefn supported_types(&self) -> Vec<CredentialType>
fn supported_types(&self) -> Vec<CredentialType>
Credential types that are supported by this provider.