Update: https://codeberg.org/fediverse/fep/pulls/497
Uncategorized
26
Posts
8
Posters
0
Views
-
Update: https://codeberg.org/fediverse/fep/pulls/497
Signing requirements were clarified and a reference to FEP-2277: ActivityPub core types was added.
-
@silverpill would it be interesting to discuss with the Mastodon team, or possibly with misskey or pleroma/akkoma, how to implement this in existing implementations? Or what/where is the progress on that?
-
@silverpill would it be interesting to discuss with the Mastodon team, or possibly with misskey or pleroma/akkoma, how to implement this in existing implementations? Or what/where is the progress on that?
Implementing the receiving side of this is not difficult. I did that in Mitra and my server now can receive portable activities from Streams. Mastodon and others could probably do that as well.
But the producing side is more complicated, because it requires changing the way we build ActivityPub apps. Most Fediverse services today are both ActivityPub Server and Client crammed into one application, and they manage cryptographic keys on behalf of a user. FEP-ef61 network will probably look like Nostr: simple servers that store and transmit messages, and powerful clients. There might also be identity providers that take care of key management.
I don't know what is the best way to build all of that. More experimentation is needed. I am planning to build a simple FEP-ef61 server to figure out how storage is supposed to work before doing anything serious in Mitra. I am also working on a Rust library that can be used to build FEP-ef61 servers and clients.
-
Implementing the receiving side of this is not difficult. I did that in Mitra and my server now can receive portable activities from Streams. Mastodon and others could probably do that as well.
But the producing side is more complicated, because it requires changing the way we build ActivityPub apps. Most Fediverse services today are both ActivityPub Server and Client crammed into one application, and they manage cryptographic keys on behalf of a user. FEP-ef61 network will probably look like Nostr: simple servers that store and transmit messages, and powerful clients. There might also be identity providers that take care of key management.
I don't know what is the best way to build all of that. More experimentation is needed. I am planning to build a simple FEP-ef61 server to figure out how storage is supposed to work before doing anything serious in Mitra. I am also working on a Rust library that can be used to build FEP-ef61 servers and clients.
Streams can produce portable activities, but I think they store secret keys on a server. This is fine if you host a single user instance on your own hardware, but in other situations this is roughly equivalent to status quo (trusting the server owner).
-
Implementing the receiving side of this is not difficult. I did that in Mitra and my server now can receive portable activities from Streams. Mastodon and others could probably do that as well.
But the producing side is more complicated, because it requires changing the way we build ActivityPub apps. Most Fediverse services today are both ActivityPub Server and Client crammed into one application, and they manage cryptographic keys on behalf of a user. FEP-ef61 network will probably look like Nostr: simple servers that store and transmit messages, and powerful clients. There might also be identity providers that take care of key management.
I don't know what is the best way to build all of that. More experimentation is needed. I am planning to build a simple FEP-ef61 server to figure out how storage is supposed to work before doing anything serious in Mitra. I am also working on a Rust library that can be used to build FEP-ef61 servers and clients.
silverpill:simple servers that store and transmit messages, and powerful clients
I think I've heard this idea before and I still don't think I understand it. The problem as I see it is that there are certain use cases that are not feasible to implement in a client. For instance, I don't see how you could implement a Reddit-like social platform with a "simple server" and a "powerful client". You simply could not implement the required sorting algorithms as a client.
I feel that this "simple servers, powerful clients" idea excludes many potential use cases and I fear that this would essentially reduce ActivityPub to some kind of glorified email, or at least make everything but the microblogging use case into a second-class citizen.
-
silverpill:
simple servers that store and transmit messages, and powerful clients
I think I've heard this idea before and I still don't think I understand it. The problem as I see it is that there are certain use cases that are not feasible to implement in a client. For instance, I don't see how you could implement a Reddit-like social platform with a "simple server" and a "powerful client". You simply could not implement the required sorting algorithms as a client.
I feel that this "simple servers, powerful clients" idea excludes many potential use cases and I fear that this would essentially reduce ActivityPub to some kind of glorified email, or at least make everything but the microblogging use case into a second-class citizen.
I keep federated groups in mind when I am working on this. I don't think it limits ActivityPub in any way, but I guess we will see once implementations begin to emerge.In any case, the idea here is not to replace existing ActivityPub network, but to complement it.
-
Can one use this combined with a HTTPS actor? e.g.
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/fep/ef61" ], "type": "Note", "id": "ap://did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/objects/dc505858-08ec-4a80-81dd-e6670fd8c55f", "attributedTo": "http://host.example/actor", "content": "Hello!", "to": [ "http://host.example/followers", "https://www.w3.org/ns/activitystreams#Public" ], "proof": {"...": "..."}}would be a message (with corresponding Create).
http://host.example/actorwould acknowledgedid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2by having it in itsassertionMethod.This would lead to portable objects without portable actors. In particular objects that don't need to live on servers.
-
Can one use this combined with a HTTPS actor? e.g.
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/fep/ef61" ], "type": "Note", "id": "ap://did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/objects/dc505858-08ec-4a80-81dd-e6670fd8c55f", "attributedTo": "http://host.example/actor", "content": "Hello!", "to": [ "http://host.example/followers", "https://www.w3.org/ns/activitystreams#Public" ], "proof": {"...": "..."}}would be a message (with corresponding Create).
http://host.example/actorwould acknowledgedid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2by having it in itsassertionMethod.This would lead to portable objects without portable actors. In particular objects that don't need to live on servers.
helge:Can one use this combined with a HTTPS actor?
Yes, I think it might work:
- The
did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2authority claims that object is attributed tohttp://host.example/actor - The
host.exampleauthority claims thatdid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2can sign things on its behalf.
Authorities agree, therefore this object can be trusted.
helge:This would lead to portable objects without portable actors. In particular objects that don’t need to live on servers.
Why not make actors portable too? FEP-ef61 can work in compatibility mode, in that case the actor ID would look like this:
http://host.example/.well-known/apgateway/did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/actor - The
-
helge:
Can one use this combined with a HTTPS actor?
Yes, I think it might work:
- The
did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2authority claims that object is attributed tohttp://host.example/actor - The
host.exampleauthority claims thatdid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2can sign things on its behalf.
Authorities agree, therefore this object can be trusted.
helge:This would lead to portable objects without portable actors. In particular objects that don’t need to live on servers.
Why not make actors portable too? FEP-ef61 can work in compatibility mode, in that case the actor ID would look like this:
http://host.example/.well-known/apgateway/did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/actorsilverpill:Why not make actors portable too?
It's the entire evolution not revolution concept. Sending portable objects from an existing https actor is kind of an intermediate step, where one doesn't have to change everything.
- The
-
Update: https://codeberg.org/fediverse/fep/pulls/529
Preferred gateways can be declared in a DID document (as DID services), and maybe in actor's
endpointsmapping too.I think using
endpointsfor that makes a lot of sense because according to the ActivityPub spec, this object "...maps additional (typically server/domain-wide) endpoints which may be useful either for this actor or someone referencing this actor." In FEP-ef61 world, these endpoints are "DID-wide". -
Can one use this combined with a HTTPS actor? e.g.
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/fep/ef61" ], "type": "Note", "id": "ap://did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/objects/dc505858-08ec-4a80-81dd-e6670fd8c55f", "attributedTo": "http://host.example/actor", "content": "Hello!", "to": [ "http://host.example/followers", "https://www.w3.org/ns/activitystreams#Public" ], "proof": {"...": "..."}}would be a message (with corresponding Create).
http://host.example/actorwould acknowledgedid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2by having it in itsassertionMethod.This would lead to portable objects without portable actors. In particular objects that don't need to live on servers.
helge:Can one use this combined with a HTTPS actor?
This is somewhat similar to FEP-c390 Identity proofs, where two authorities, domain-based and DID-based, are coordinating to create a verifiable link. I added a new section to FEP-fe34 called "Cross-origin relationships", where such use cases will be covered.
-
helge:
Can one use this combined with a HTTPS actor?
This is somewhat similar to FEP-c390 Identity proofs, where two authorities, domain-based and DID-based, are coordinating to create a verifiable link. I added a new section to FEP-fe34 called "Cross-origin relationships", where such use cases will be covered.
Hello! Just thought I'd share some early work I've done on adding FEP-ef61 support to my fork of Bluesky's PDS server with ActivityPub support. More information on that project can be found here:
https://github.com/bluesky-social/atproto/pull/3943
Anyway, as for FEP-ef61 support, it's not in my draft PR yet, but below you can find a few sample screenshots of responses. Notably, my in implementation I convert AtProto DID's into ActivityPub DID's by storing the AtProto DID's in
did:key's with the MultiDID encoding (as a base58 string).The first is my updated
webfinger, and a placeholderapgatewayshowcasing DID conversion.Second, an A/B comparison of what my standard actor profile response looks like, and what it looks like in "FEP ef61" format. It's currently only available behind a query parameter, at least until I finish the gateway.
EDIT: Click the GitHub link above. I'm not allowed to post 2 images or more than 2 links as a new user.
-
Hello! Just thought I'd share some early work I've done on adding FEP-ef61 support to my fork of Bluesky's PDS server with ActivityPub support. More information on that project can be found here:
https://github.com/bluesky-social/atproto/pull/3943
Anyway, as for FEP-ef61 support, it's not in my draft PR yet, but below you can find a few sample screenshots of responses. Notably, my in implementation I convert AtProto DID's into ActivityPub DID's by storing the AtProto DID's in
did:key's with the MultiDID encoding (as a base58 string).The first is my updated
webfinger, and a placeholderapgatewayshowcasing DID conversion.Second, an A/B comparison of what my standard actor profile response looks like, and what it looks like in "FEP ef61" format. It's currently only available behind a query parameter, at least until I finish the gateway.
EDIT: Click the GitHub link above. I'm not allowed to post 2 images or more than 2 links as a new user.
Hello @PoV !
PoV:Notably, my in implementation I convert AtProto DID’s into ActivityPub DID’s by storing the AtProto DID’s in
did:key’s with the MultiDID encoding (as a base58 string).You can use ATProto DIDs directly, without encoding them with multiDID.
FEP-ef61 is compatible with all DID methods, and
did:keyrequirement was added only to facilitate implementation convergence. But existing FEP-ef61 implementations support only Ed25519did:key, so we won't be able to interoperate.What do you think about
did:web? As far as I know, this method is supported by ATProto, and we also considered supporting it in Fediverse. -
silverpill:
You can use ATProto DIDs directly, without encoding them with multiDID.
That would be nice. As you'd expect, this lead me down this path:
DID Methods
Implementers MUST support the did:key method. Other DID methods SHOULD NOT be used, as it might hinder interoperability.
It might be worth clarifying that not using Multidid Ed25519 keys hinder interoperability, than simply not using
silverpill:did:key.FEP-ef61 is compatible with all DID methods, and
did:keyrequirement was added only to facilitate implementation convergence. But existing FEP-ef61 implementations support only Ed25519did:key, so we won’t be able to interoperate.I'm curious what existing implementations use the Ed25519 keys for, besides unique identifiers? I do realize they're also public keys, but I haven't got to signing or validating yet in my implementation.
silverpill:What do you think about
did:web? As far as I know, this method is supported by ATProto, and we also considered supporting it in Fediverse.I'm indifferent as I haven't personally used AtProto's
did:websupport. That said, from my understanding, it doesn't technically support the fulldid:webstandard (domains and subdomains only, no URLs). Parts of the code support encoding URL slashes as:'s, which I'm not sure is the standard or not, but according to the team this isn't the case everywhere. The only reliable part is the domain. -
silverpill:
You can use ATProto DIDs directly, without encoding them with multiDID.
That would be nice. As you'd expect, this lead me down this path:
DID Methods
Implementers MUST support the did:key method. Other DID methods SHOULD NOT be used, as it might hinder interoperability.
It might be worth clarifying that not using Multidid Ed25519 keys hinder interoperability, than simply not using
silverpill:did:key.FEP-ef61 is compatible with all DID methods, and
did:keyrequirement was added only to facilitate implementation convergence. But existing FEP-ef61 implementations support only Ed25519did:key, so we won’t be able to interoperate.I'm curious what existing implementations use the Ed25519 keys for, besides unique identifiers? I do realize they're also public keys, but I haven't got to signing or validating yet in my implementation.
silverpill:What do you think about
did:web? As far as I know, this method is supported by ATProto, and we also considered supporting it in Fediverse.I'm indifferent as I haven't personally used AtProto's
did:websupport. That said, from my understanding, it doesn't technically support the fulldid:webstandard (domains and subdomains only, no URLs). Parts of the code support encoding URL slashes as:'s, which I'm not sure is the standard or not, but according to the team this isn't the case everywhere. The only reliable part is the domain.PoV:It might be worth clarifying that not using Multidid Ed25519 keys hinder interoperability, than simply not using
did:key.The recommendation to use Ed25519 is there too, it's in the next paragraph:
DID documents SHOULD contain Ed25519 public keys represented as verification methods with
Multikeytype (as defined in the Controlled Identifiers specification).Both are SHOULD, however. This is to say: we are exploring various DID methods, but did:key + ed25519 is what is currently used in production.
PoV:I’m curious what existing implementations use the Ed25519 keys for, besides unique identifiers? I do realize they’re also public keys, but I haven’t got to signing or validating yet in my implementation.
Those Ed25519 keys are used to sign ActivityPub objects. Here's an example of an actor:
The signature is in the
proofobject, produced in accordance with https://www.w3.org/TR/vc-data-integrity/ standard. -
Gotcha, thanks for that.
Curiously, I noticed that document has no JSON LD
@contextsection. While I realize JSON LD doesn't necessarily require it, I just haven't seen any "valid" documents without it. Is that at all commonplace, or just a fluke that this specific implementation doesn't use them?EDIT: Mmm... Is it omitted because the content type is
application/ld+json; profile="https://www.w3.org/ns/activitystreams", thus"@content": "https://www.w3.org/ns/activitystreams"is implied? -
Gotcha, thanks for that.
Curiously, I noticed that document has no JSON LD
@contextsection. While I realize JSON LD doesn't necessarily require it, I just haven't seen any "valid" documents without it. Is that at all commonplace, or just a fluke that this specific implementation doesn't use them?EDIT: Mmm... Is it omitted because the content type is
application/ld+json; profile="https://www.w3.org/ns/activitystreams", thus"@content": "https://www.w3.org/ns/activitystreams"is implied?It was a test, the
@contextis already restored.ActivityPub says that "Implementers SHOULD include the ActivityPub context in their object definitions." I think it means that@contextcould be omitted if you have a good reason do so. But Mastodon rejects actor documents without@context, so everyone includes it for compatibility reasons. Other implementations seem to be more forgiving - this is what I was testing -
Came across this historical artifact from @cwebber today that might be a good addition to the References:
https://bsky.app/profile/dustyweb.bsky.social/post/3lyvxn2ijt22g
-
Came across this historical artifact from @cwebber today that might be a good addition to the References:
https://bsky.app/profile/dustyweb.bsky.social/post/3lyvxn2ijt22g
erlend_sh:Came across this historical artifact from @cwebber today that might be a good addition to the References:
I probably read this document at some point, but I don't think it influenced the development of FEP-ef61 in any way. DIDs and content addressing were discussed on this forum too, there were even attempts to implement something, but they were not successful.
-
I didn't post about the latest update here, it happened about one month ago: https://codeberg.org/fediverse/fep/pulls/668
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@aeva are you sure that's not an eye condition?
-
@be which one
-
@aeva yeah I live right next to one. I hate it.
-
@aeva every time I have to cross one, for once
-
@aeva yes whenever i traverse one i think to myself "hmmm yes this is a stroad. how unpleasant."
-
@aeva I can't really stop tbh
-
you ever think about stroads
-
@aeva Enthusiastically optimizing draw distances with fog
