`keyId` is a problem.
General Discussion
8
Posts
4
Posters
26
Views
-
keyIdis a problem.Generally speaking, most Actors have a `keyId' that looks something like:
https://enigmatick.social/user/jdt#main-keyWhen an
inboxPOSTarrives from an unknown user, we can chop off the bit including#main-keyand we can pull the remaining URL as the Actor's ID.But some implementations decided they should use
/main-keyinstead. That indicates that thekeyIdformat is unreliable and not well-specified. So I switched to deferring this header check for unknown Actors deeper into my ingestion pipeline so that I could retrieve theactorstring from the object being sent. That works pretty well.But
GETrequests. Likefollowers_synchronization. Dammit. There's no object to refer to. So we're back to parsing thekeyIdand hoping for meaning.Out of 124,007 Actors in my database, 587 do not comply with the
#main-keyconvention.enigmatick=> select count(*) from actors where as_public_key->>'id' NOT LIKE '%#main-key'; count ------- 587 (1 row)For full coverage, I need to accommodate
/main-keyand#keyas well#ActivityPub
-
keyIdis a problem.Generally speaking, most Actors have a `keyId' that looks something like:
https://enigmatick.social/user/jdt#main-keyWhen an
inboxPOSTarrives from an unknown user, we can chop off the bit including#main-keyand we can pull the remaining URL as the Actor's ID.But some implementations decided they should use
/main-keyinstead. That indicates that thekeyIdformat is unreliable and not well-specified. So I switched to deferring this header check for unknown Actors deeper into my ingestion pipeline so that I could retrieve theactorstring from the object being sent. That works pretty well.But
GETrequests. Likefollowers_synchronization. Dammit. There's no object to refer to. So we're back to parsing thekeyIdand hoping for meaning.Out of 124,007 Actors in my database, 587 do not comply with the
#main-keyconvention.enigmatick=> select count(*) from actors where as_public_key->>'id' NOT LIKE '%#main-key'; count ------- 587 (1 row)For full coverage, I need to accommodate
/main-keyand#keyas well#ActivityPub
@jdt You're supposed to fetch the
keyIdfirst, then fetch itsowner(orcontroller).
But in practice its either/main-key(GoToSocial) or fragment ID, so it is indeed possible to save a HTTP request. -
keyIdis a problem.Generally speaking, most Actors have a `keyId' that looks something like:
https://enigmatick.social/user/jdt#main-keyWhen an
inboxPOSTarrives from an unknown user, we can chop off the bit including#main-keyand we can pull the remaining URL as the Actor's ID.But some implementations decided they should use
/main-keyinstead. That indicates that thekeyIdformat is unreliable and not well-specified. So I switched to deferring this header check for unknown Actors deeper into my ingestion pipeline so that I could retrieve theactorstring from the object being sent. That works pretty well.But
GETrequests. Likefollowers_synchronization. Dammit. There's no object to refer to. So we're back to parsing thekeyIdand hoping for meaning.Out of 124,007 Actors in my database, 587 do not comply with the
#main-keyconvention.enigmatick=> select count(*) from actors where as_public_key->>'id' NOT LIKE '%#main-key'; count ------- 587 (1 row)For full coverage, I need to accommodate
/main-keyand#keyas well#ActivityPub
@jdt the fragment in a JSON-LD document IRI has a semantic meaning that goes back to RDF: https://www.w3.org/TR/rdf11-concepts/#section-fragID
> a secondary resource that is usually a part of, view of, defined in, or described in the primary resource, and the precise semantics depend on the set of representations that might result from a retrieval action on the primary resource.
-
@jdt You're supposed to fetch the
keyIdfirst, then fetch itsowner(orcontroller).
But in practice its either/main-key(GoToSocial) or fragment ID, so it is indeed possible to save a HTTP request.@silverpill@mitra.social That makes sense. I guess I was getting a little bit spun around by the idea that the
keyIdis not the Actoridand thinking too hard about it. -
@jdt the fragment in a JSON-LD document IRI has a semantic meaning that goes back to RDF: https://www.w3.org/TR/rdf11-concepts/#section-fragID
> a secondary resource that is usually a part of, view of, defined in, or described in the primary resource, and the precise semantics depend on the set of representations that might result from a retrieval action on the primary resource.
@mariusor@metalhead.club That's great context; thanks!
-
@mariusor@metalhead.club That's great context; thanks!
@jdt the way I interpret it for JSON-LD documents is that the fragment is the actual name of the property inside the document that the IRI refers to. So in the case of a public key would be https://example.com/jdoe#publicKey (instead of jdoe#main)
I haven't seen anything in the documentation to give a more explicit, or different, mechanism.
-
@jdt the way I interpret it for JSON-LD documents is that the fragment is the actual name of the property inside the document that the IRI refers to. So in the case of a public key would be https://example.com/jdoe#publicKey (instead of jdoe#main)
I haven't seen anything in the documentation to give a more explicit, or different, mechanism.
@mariusor @jdt For keys, the algorithm to resolve the key's actor/owner is what @silverpill described (fragmented or otherwise). To dereference RDF fragments in general, you must retrieve the primary resource and search for a subject with the full IRI as the id (including fragment). The fragment does not generally reference a property (RDF predicate) in the primary resource, but it could in specific cases.
-
@mariusor @jdt For keys, the algorithm to resolve the key's actor/owner is what @silverpill described (fragmented or otherwise). To dereference RDF fragments in general, you must retrieve the primary resource and search for a subject with the full IRI as the id (including fragment). The fragment does not generally reference a property (RDF predicate) in the primary resource, but it could in specific cases.
@eyeinthesky@mastodon.social Thanks. In your description, does "primary resource" refer to
https://enigmatick.social/user/jdt#main-keyorhttps://enigmatick.social/user/jdt?That matters since the latter is not known as accurate until the resolution is complete.
Practically speaking, it's clear that I can retrieve the Actor resource using the fragment ID (
https://enigmatick.social/user/jdt#main-key) and then retrieve theownerfield from thepublicKeyfield of that object to arrive at the Actor ID. Although since the leap to look in thepublicKeyfield doesn't seem like it's specified by LD-JSON, I suppose just pulling theidfrom the returned Actor object directly might be as valid.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@macgirvin that's interesting, I hadn't thought of using punycode. Like @edent@mastodon.social my exposure to it was strictly limited to domains (and even then only to counter domain spoofing)
-
@edent@mastodon.social -- It's also used for the username component of email addresses iirc; as these are originally also specified as 7-bit US-ASCII. So I convert local usernames with idn. Just something I did out of habit really. You can use UTF-8 if you want, so I'm only saying that punycode seems to federate better based on my experience. We tested this with a bunch of fediverse software at the time and it just worked. We'll accept either.
-
@macgirvin
I thought Punycode was only for domain names. Are you saying you also use it for the user part?
-
@edent@mastodon.social -- I've just tested and that account also works fine with Hubzilla. I will mention that your implementation in this case uses url-encoded usernames while ours uses punycode. They should be able to interact just fine, but the fact that there are multiple ways to arrive at a solution could cause a bit of confusion for implementers.
You'll need to use punycode if you wish to federate with the diaspora protocol or email or any other projects or protocols which restrict the character set for usernames. So it might end up being a more flexible solution in the long run and should work fine with every other fediverse project today. ASCII-restricted software will just use the xn-- name; and all their links and buttons should work fine.
Url-encoding should also work, but perhaps not so universally and easily as punycode; as witnessed by the number of issues documented in this thread.
-
-
@jandi
Yes, that would really help. I will set the priority in the Weblate project for the part used to understand tags inside messages. Thank you for your continuous support on projects :)
-
@edent@mastodon.social -- Just looked again... this was first introduced as a hidden feature in redmatrix around 2013-2014, and so may also be available currently in Hubzilla (behind the "system.unicode_usernames" feature toggle). There were some major changes in 2019 that to my knowledge weren't ever backported. I think these only applied to local usernames and not remote usernames, but the functionality in hubzilla still might need to be verified.
-
The map combines community reports from the #Fediverse and shelters and veterinaries from #OpenStreetMap loaded in real time as you zoom in.
PawFed is built to be a community project, not a one person effort. There will be many ways to contribute beyond posting reports.
If you find the project useful, don't hesitate to share it. Thank you. (3/3)
