The MIMI transport protocol defines this event framework, including its authentication scheme, as well as the mechanics of how events are delivered from one server to another.
The signaling protocol defines how rooms actually operate, encompassing the user-level membership control protocol, half of the policy control protocol, and enforcement of that policy. To be effective in its responsibilities, the event schema and framework needs to be specified at a higher level than the transport, ideally within the signaling protocol itself.
The transport absolutely needs to consider how to authenticate traffic between servers, but it does not have ownership of the event structure itself. A signaling protocol instead describes what constitutes a legal event under the policy. A transport protocol may however serialize events in a different format than used by signaling.
In other words, integrity and authorization of events is not a concern for the transport, but rather signaling. The transport will still need to be aware of what events are and how they work to make its own decisions on. For example, only returning events the requesting server has visibility on.
https://bifurcation.github.io/mimi-arch/draft-barnes-mimi-arch.html#section-5.1-5
The signaling protocol defines how rooms actually operate, encompassing the user-level membership control protocol, half of the policy control protocol, and enforcement of that policy. To be effective in its responsibilities, the event schema and framework needs to be specified at a higher level than the transport, ideally within the signaling protocol itself.
The transport absolutely needs to consider how to authenticate traffic between servers, but it does not have ownership of the event structure itself. A signaling protocol instead describes what constitutes a legal event under the policy. A transport protocol may however serialize events in a different format than used by signaling.
In other words, integrity and authorization of events is not a concern for the transport, but rather signaling. The transport will still need to be aware of what events are and how they work to make its own decisions on. For example, only returning events the requesting server has visibility on.