pub trait IdentityProvider: Send + Sync {
type Error: IntoAnyError;
// Required methods
fn validate_member(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
context: MemberValidationContext<'_>,
) -> Result<(), Self::Error>;
fn validate_external_sender(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
extensions: Option<&ExtensionList>,
) -> Result<(), Self::Error>;
fn identity(
&self,
signing_identity: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<Vec<u8>, Self::Error>;
fn valid_successor(
&self,
predecessor: &SigningIdentity,
successor: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<bool, Self::Error>;
fn supported_types(&self) -> Vec<CredentialType>;
}Expand description
Identity system that can be used to validate a
SigningIdentity
Required Associated Types§
Sourcetype Error: IntoAnyError
type Error: IntoAnyError
Error type that this provider returns on internal failure.
Required Methods§
Sourcefn validate_member(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
context: MemberValidationContext<'_>,
) -> Result<(), Self::Error>
fn validate_member( &self, signing_identity: &SigningIdentity, timestamp: Option<MlsTime>, context: MemberValidationContext<'_>, ) -> Result<(), Self::Error>
Determine if signing_identity is valid for a group member.
A timestamp value can optionally be supplied to aid with validation
of a Credential that requires
time based context. For example, X.509 certificates can become expired.
Sourcefn validate_external_sender(
&self,
signing_identity: &SigningIdentity,
timestamp: Option<MlsTime>,
extensions: Option<&ExtensionList>,
) -> Result<(), Self::Error>
fn validate_external_sender( &self, signing_identity: &SigningIdentity, timestamp: Option<MlsTime>, extensions: Option<&ExtensionList>, ) -> Result<(), Self::Error>
Determine if signing_identity is valid for an external sender in
the ExternalSendersExtension stored in the group context.
A timestamp value can optionally be supplied to aid with validation
of a Credential that requires
time based context. For example, X.509 certificates can become expired.
Sourcefn identity(
&self,
signing_identity: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<Vec<u8>, Self::Error>
fn identity( &self, signing_identity: &SigningIdentity, extensions: &ExtensionList, ) -> Result<Vec<u8>, Self::Error>
A unique identifier for signing_identity.
The MLS protocol requires that each member of a group has a unique identifiers, which is determined by the application. The identity must be stable over the lifetime of the group.
The identity does not need to be consistent for different
group members: Alice might use b"bob-123" as the identity
for Bob, while Bob on his side could use b"Bob" for himself.
Sourcefn valid_successor(
&self,
predecessor: &SigningIdentity,
successor: &SigningIdentity,
extensions: &ExtensionList,
) -> Result<bool, Self::Error>
fn valid_successor( &self, predecessor: &SigningIdentity, successor: &SigningIdentity, extensions: &ExtensionList, ) -> Result<bool, Self::Error>
Determines if successor can remove predecessor as part of an external commit.
The MLS protocol allows for removal of an existing member when adding a
new member via external commit. This function determines if a removal
should be allowed by providing the target member to be removed as
predecessor and the new member as successor.
Sourcefn supported_types(&self) -> Vec<CredentialType>
fn supported_types(&self) -> Vec<CredentialType>
Credential types that are supported by this provider.