From 24c2036a35738ebf9c1ebe3b01cef1943a087702 Mon Sep 17 00:00:00 2001
From: Daniel Wagner-Hall <daniel@matrix.org>
Date: Mon, 9 Nov 2015 17:30:18 +0000
Subject: [PATCH] 3pid invites: remove mentions of display_name

---
 api/client-server/v1/third_party_membership.yaml |  8 ++------
 specification/modules/third_party_invites.rst    | 11 ++++-------
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/api/client-server/v1/third_party_membership.yaml b/api/client-server/v1/third_party_membership.yaml
index 90b167b4..a10d6167 100644
--- a/api/client-server/v1/third_party_membership.yaml
+++ b/api/client-server/v1/third_party_membership.yaml
@@ -84,8 +84,7 @@ paths:
               {
                 "id_server": "matrix.org",
                 "medium": "email",
-                "address": "cheeky@monkey.com",
-                "display_name": "A very cheeky monkey"
+                "address": "cheeky@monkey.com"
               }
             properties:
               id_server:
@@ -98,10 +97,7 @@ paths:
               address:
                 type: string
                 description: The invitee's third party identifier.
-              display_name:
-                type: string
-                description: A user-friendly string describing who has been invited. It should not contain the address of the invitee, to avoid leaking mappings between third party identities and matrix user IDs.
-            required: ["id_server", "medium", "address", "display_name"]
+            required: ["id_server", "medium", "address"]
       responses:
         200:
           description: The user has been invited to join the room.
diff --git a/specification/modules/third_party_invites.rst b/specification/modules/third_party_invites.rst
index 4d268631..d8e3d4d9 100644
--- a/specification/modules/third_party_invites.rst
+++ b/specification/modules/third_party_invites.rst
@@ -127,13 +127,10 @@ It is important for user privacy that leaking the mapping between a matrix user
 ID and a third party identifier is hard. In particular, being able to look up
 all third party identifiers from a matrix user ID (and accordingly, being able
 to link each third party identifier) should be avoided wherever possible.
-To this end, when implementing this API care should be taken to avoid
-adding links between these two identifiers as room events. This mapping can be
-unintentionally created by specifying the third party identifier in the
-``display_name`` field of the ``m.room.third_party_invite`` event, and then
-observing which matrix user ID joins the room using that invite. Clients SHOULD
-set ``display_name`` to a value other than the third party identifier, e.g. the
-invitee's common name.
+To this end, the third party identifier is not put in any event, rather an
+opaque display name provided by the identity server is put into the events.
+Clients should not remember or display third party identifiers from invites,
+other than for the use of the inviter themself.
 
 Homeservers are not required to trust any particular identity server(s). It is
 generally a client's responsibility to decide which identity servers it trusts,