{"guid":"09910df9-d06b-51d3-afb3-bab58fe597bc","title":"Eventually Consistent Access Control: Practical Insights on Matrix from Decentralized Systems Theory","subtitle":null,"slug":"matrix-conf-2025-72768-eventually-consistent-access-control-practical-insights-on-matrix-from-decentralized-systems-theory","link":"https://cfp.2025.matrix.org/matrix-conf-2025/talk/X3KDAQ/","description":"Access control is the core of any system's security, but usually provided by a single, centralized server. However, access control in a Matrix room is decentralized: every participating server *independently* decides *who* is authorized to send and receive *which* events, without consulting any other server. To the surprise of many, these decisions are still *eventually* consistent even if all but one server is malicious, but seeing *why* requires a new way of thinking about access control. I will explain  the necessary design patterns from decentralized systems science, and show how they can be weaved together for a practical explanation of what Matrix is, and why Matrix can reach its astonishing levels of security and resilience.\n\nIn this talk, I provide a primer on **design patterns from decentralized systems theory**, and explain what they mean for the current and future design of Matrix in practice. I will start with **concurrency as the root of all problems in decentralized systems**, and how network partitions and arbitrarily malicious servers stand in the way of consistency. Based on these problems, I will explain **conflict-free replicated data types** (CRDTs) and hash linking as the solution to still make a Matrix room eventually converge at all benevolent servers. Finally, I will show you my **access control to the best of knowledge and belief** way of thinking about eventually consistent access control in Matrix  – you need to think in **two authorization decisions per event**, of which one is final on receiving the event, while the other one may ever be changing on receiving new concurrent events.\n\nLicensed to the public under https://creativecommons.org/licenses/by-sa/4.0/","original_language":"eng","persons":["Florian Jacob","Hannes Hartenstein"],"view_count":102,"promoted":false,"date":"2025-10-17T11:10:00.000+02:00","release_date":"2025-10-17T00:00:00.000+02:00","updated_at":"2026-04-20T13:15:07.020+02:00","tags":["72768","2025","matrix-conf-2025","Security \u0026 Encryption","Alan Turing","matrix-conf-2025-eng","matrix-conf-2025","Day 3"],"length":3099,"duration":3099,"thumb_url":"https://static.media.ccc.de/media/events/matrix-conf/2025/72768-09910df9-d06b-51d3-afb3-bab58fe597bc.jpg","poster_url":"https://static.media.ccc.de/media/events/matrix-conf/2025/72768-09910df9-d06b-51d3-afb3-bab58fe597bc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/matrix-conf/2025/72768-09910df9-d06b-51d3-afb3-bab58fe597bc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/matrix-conf/2025/72768-09910df9-d06b-51d3-afb3-bab58fe597bc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/matrix-conf-2025-72768-eventually-consistent-access-control-practical-insights-on-matrix-from-decentralized-systems-theory","url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_title":"Matrix Conference 2025","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025","related":[],"recordings":[{"size":319,"length":3099,"mime_type":"video/webm;codecs=av01","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-10-17T15:48:29.585+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/av1-hd/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/92466","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"},{"size":30,"length":3099,"mime_type":"audio/opus","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-10-17T15:28:38.657+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/opus/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_opus.opus","url":"https://api.media.ccc.de/public/recordings/92465","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"},{"size":47,"length":3099,"mime_type":"audio/mpeg","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-10-17T15:28:34.766+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/mp3/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/92464","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"},{"size":113,"length":3099,"mime_type":"video/webm","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-10-17T16:38:07.877+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/webm-sd/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/92508","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"},{"size":335,"length":3099,"mime_type":"video/webm","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-10-17T15:52:23.420+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/webm-hd/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/92470","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"},{"size":116,"length":3099,"mime_type":"video/mp4","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-10-17T15:27:27.476+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/h264-sd/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_sd.mp4","url":"https://api.media.ccc.de/public/recordings/92463","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"},{"size":348,"length":3099,"mime_type":"video/mp4","language":"eng","filename":"matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-10-17T15:16:06.216+02:00","recording_url":"https://cdn.media.ccc.de/events/matrix-conf/2025/h264-hd/matrix-conf-2025-72768-eng-Eventually_Consistent_Access_Control_Practical_Insights_on_Matrix_from_Decentralized_Systems_Theory_hd.mp4","url":"https://api.media.ccc.de/public/recordings/92457","event_url":"https://api.media.ccc.de/public/events/09910df9-d06b-51d3-afb3-bab58fe597bc","conference_url":"https://api.media.ccc.de/public/conferences/matrix-conf-2025"}]}