Boris suggested I participate in this discussion to share the work we have done to integrate E2EE DMs in Bluesky using the matrix protocol. I missed his note from the end of Oct suggesting this – but better late than never .
I presented about our work at the Matrix conference in Oct
Since then we have continued to enhance the technology and can share details here. I also just now submitted a proposal to talk about our work at the Atmosphere conference in Vancouver in March.
I will try to put a diagram together later and share. For now a text description will outline the arch.
Two servers – PDS and Matrix (synapse) server. They don’t talk directly to each other. The two services and protocols operate independently. A modified social-app talks to both servers allowing the user to participate in both protocols.
The PDS is setup to also be IDP for matrix (synapse) via a Keycloak broker.
User initiates login into PDS on modified social-app. Upon PDS login success, the modified social-app initiates login into the matrix (synapse) via the Keycloak broker with PDS as IDP. This login succeeds without further credential entry by the user and sets up a secure DM capability in the modified social-app, in addition to the DM capability it already had.
I’m not prepared to migrate my account to a new PDS to test. How should we get an invite code to try it out (the qr code expired)?
Sounds like you manage matrix accounts internally, can I bring my own?
Do you have multi-device support, or limited to a single device per account? In other words, can I use my phone and laptop to communicate in matrix as the same user or do we have cross signing issues?
https://bsea.social is a test site/pds. Yes, we support BYOMA (Bring your own matrix account) now; you can use your matrix account. It is multi-device as both the social app and matrix work on multiple devices and you can use for example the element client on your laptop with your matrix account and social-app on your phone to see messages from the same account.
We will be launching a service with this shortly. We haven’t figured out all the details yet. We will create a website and share more details then. I can send you an invite code to try it out before then. Please DM me @rangakrishnan1.bsky.social as I don’t check this forum frequently.
Why is Keycloak getting involved as a broker? Shouldn’t the PDS as an IDP suffice on its own? It’d be similar to the already supported login-by-GitHub, which like atproto isn’t strictly OIDC.
.