Update: https://codeberg.org/fediverse/fep/pulls/497
Uncategorized
26
Posts
8
Posters
0
Views
-
silverpill:
simple servers that store and transmit messages, and powerful clients
I think I've heard this idea before and I still don't think I understand it. The problem as I see it is that there are certain use cases that are not feasible to implement in a client. For instance, I don't see how you could implement a Reddit-like social platform with a "simple server" and a "powerful client". You simply could not implement the required sorting algorithms as a client.
I feel that this "simple servers, powerful clients" idea excludes many potential use cases and I fear that this would essentially reduce ActivityPub to some kind of glorified email, or at least make everything but the microblogging use case into a second-class citizen.
I keep federated groups in mind when I am working on this. I don't think it limits ActivityPub in any way, but I guess we will see once implementations begin to emerge.In any case, the idea here is not to replace existing ActivityPub network, but to complement it.
-
Can one use this combined with a HTTPS actor? e.g.
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/fep/ef61" ], "type": "Note", "id": "ap://did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/objects/dc505858-08ec-4a80-81dd-e6670fd8c55f", "attributedTo": "http://host.example/actor", "content": "Hello!", "to": [ "http://host.example/followers", "https://www.w3.org/ns/activitystreams#Public" ], "proof": {"...": "..."}}would be a message (with corresponding Create).
http://host.example/actorwould acknowledgedid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2by having it in itsassertionMethod.This would lead to portable objects without portable actors. In particular objects that don't need to live on servers.
-
Can one use this combined with a HTTPS actor? e.g.
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/fep/ef61" ], "type": "Note", "id": "ap://did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/objects/dc505858-08ec-4a80-81dd-e6670fd8c55f", "attributedTo": "http://host.example/actor", "content": "Hello!", "to": [ "http://host.example/followers", "https://www.w3.org/ns/activitystreams#Public" ], "proof": {"...": "..."}}would be a message (with corresponding Create).
http://host.example/actorwould acknowledgedid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2by having it in itsassertionMethod.This would lead to portable objects without portable actors. In particular objects that don't need to live on servers.
helge:Can one use this combined with a HTTPS actor?
Yes, I think it might work:
- The
did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2authority claims that object is attributed tohttp://host.example/actor - The
host.exampleauthority claims thatdid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2can sign things on its behalf.
Authorities agree, therefore this object can be trusted.
helge:This would lead to portable objects without portable actors. In particular objects that don’t need to live on servers.
Why not make actors portable too? FEP-ef61 can work in compatibility mode, in that case the actor ID would look like this:
http://host.example/.well-known/apgateway/did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/actor - The
-
helge:
Can one use this combined with a HTTPS actor?
Yes, I think it might work:
- The
did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2authority claims that object is attributed tohttp://host.example/actor - The
host.exampleauthority claims thatdid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2can sign things on its behalf.
Authorities agree, therefore this object can be trusted.
helge:This would lead to portable objects without portable actors. In particular objects that don’t need to live on servers.
Why not make actors portable too? FEP-ef61 can work in compatibility mode, in that case the actor ID would look like this:
http://host.example/.well-known/apgateway/did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/actorsilverpill:Why not make actors portable too?
It's the entire evolution not revolution concept. Sending portable objects from an existing https actor is kind of an intermediate step, where one doesn't have to change everything.
- The
-
Update: https://codeberg.org/fediverse/fep/pulls/529
Preferred gateways can be declared in a DID document (as DID services), and maybe in actor's
endpointsmapping too.I think using
endpointsfor that makes a lot of sense because according to the ActivityPub spec, this object "...maps additional (typically server/domain-wide) endpoints which may be useful either for this actor or someone referencing this actor." In FEP-ef61 world, these endpoints are "DID-wide". -
Can one use this combined with a HTTPS actor? e.g.
{ "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/data-integrity/v1", "https://w3id.org/fep/ef61" ], "type": "Note", "id": "ap://did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2/objects/dc505858-08ec-4a80-81dd-e6670fd8c55f", "attributedTo": "http://host.example/actor", "content": "Hello!", "to": [ "http://host.example/followers", "https://www.w3.org/ns/activitystreams#Public" ], "proof": {"...": "..."}}would be a message (with corresponding Create).
http://host.example/actorwould acknowledgedid:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2by having it in itsassertionMethod.This would lead to portable objects without portable actors. In particular objects that don't need to live on servers.
helge:Can one use this combined with a HTTPS actor?
This is somewhat similar to FEP-c390 Identity proofs, where two authorities, domain-based and DID-based, are coordinating to create a verifiable link. I added a new section to FEP-fe34 called "Cross-origin relationships", where such use cases will be covered.
-
helge:
Can one use this combined with a HTTPS actor?
This is somewhat similar to FEP-c390 Identity proofs, where two authorities, domain-based and DID-based, are coordinating to create a verifiable link. I added a new section to FEP-fe34 called "Cross-origin relationships", where such use cases will be covered.
Hello! Just thought I'd share some early work I've done on adding FEP-ef61 support to my fork of Bluesky's PDS server with ActivityPub support. More information on that project can be found here:
https://github.com/bluesky-social/atproto/pull/3943
Anyway, as for FEP-ef61 support, it's not in my draft PR yet, but below you can find a few sample screenshots of responses. Notably, my in implementation I convert AtProto DID's into ActivityPub DID's by storing the AtProto DID's in
did:key's with the MultiDID encoding (as a base58 string).The first is my updated
webfinger, and a placeholderapgatewayshowcasing DID conversion.Second, an A/B comparison of what my standard actor profile response looks like, and what it looks like in "FEP ef61" format. It's currently only available behind a query parameter, at least until I finish the gateway.
EDIT: Click the GitHub link above. I'm not allowed to post 2 images or more than 2 links as a new user.
-
Hello! Just thought I'd share some early work I've done on adding FEP-ef61 support to my fork of Bluesky's PDS server with ActivityPub support. More information on that project can be found here:
https://github.com/bluesky-social/atproto/pull/3943
Anyway, as for FEP-ef61 support, it's not in my draft PR yet, but below you can find a few sample screenshots of responses. Notably, my in implementation I convert AtProto DID's into ActivityPub DID's by storing the AtProto DID's in
did:key's with the MultiDID encoding (as a base58 string).The first is my updated
webfinger, and a placeholderapgatewayshowcasing DID conversion.Second, an A/B comparison of what my standard actor profile response looks like, and what it looks like in "FEP ef61" format. It's currently only available behind a query parameter, at least until I finish the gateway.
EDIT: Click the GitHub link above. I'm not allowed to post 2 images or more than 2 links as a new user.
Hello @PoV !
PoV:Notably, my in implementation I convert AtProto DID’s into ActivityPub DID’s by storing the AtProto DID’s in
did:key’s with the MultiDID encoding (as a base58 string).You can use ATProto DIDs directly, without encoding them with multiDID.
FEP-ef61 is compatible with all DID methods, and
did:keyrequirement was added only to facilitate implementation convergence. But existing FEP-ef61 implementations support only Ed25519did:key, so we won't be able to interoperate.What do you think about
did:web? As far as I know, this method is supported by ATProto, and we also considered supporting it in Fediverse. -
silverpill:
You can use ATProto DIDs directly, without encoding them with multiDID.
That would be nice. As you'd expect, this lead me down this path:
DID Methods
Implementers MUST support the did:key method. Other DID methods SHOULD NOT be used, as it might hinder interoperability.
It might be worth clarifying that not using Multidid Ed25519 keys hinder interoperability, than simply not using
silverpill:did:key.FEP-ef61 is compatible with all DID methods, and
did:keyrequirement was added only to facilitate implementation convergence. But existing FEP-ef61 implementations support only Ed25519did:key, so we won’t be able to interoperate.I'm curious what existing implementations use the Ed25519 keys for, besides unique identifiers? I do realize they're also public keys, but I haven't got to signing or validating yet in my implementation.
silverpill:What do you think about
did:web? As far as I know, this method is supported by ATProto, and we also considered supporting it in Fediverse.I'm indifferent as I haven't personally used AtProto's
did:websupport. That said, from my understanding, it doesn't technically support the fulldid:webstandard (domains and subdomains only, no URLs). Parts of the code support encoding URL slashes as:'s, which I'm not sure is the standard or not, but according to the team this isn't the case everywhere. The only reliable part is the domain. -
silverpill:
You can use ATProto DIDs directly, without encoding them with multiDID.
That would be nice. As you'd expect, this lead me down this path:
DID Methods
Implementers MUST support the did:key method. Other DID methods SHOULD NOT be used, as it might hinder interoperability.
It might be worth clarifying that not using Multidid Ed25519 keys hinder interoperability, than simply not using
silverpill:did:key.FEP-ef61 is compatible with all DID methods, and
did:keyrequirement was added only to facilitate implementation convergence. But existing FEP-ef61 implementations support only Ed25519did:key, so we won’t be able to interoperate.I'm curious what existing implementations use the Ed25519 keys for, besides unique identifiers? I do realize they're also public keys, but I haven't got to signing or validating yet in my implementation.
silverpill:What do you think about
did:web? As far as I know, this method is supported by ATProto, and we also considered supporting it in Fediverse.I'm indifferent as I haven't personally used AtProto's
did:websupport. That said, from my understanding, it doesn't technically support the fulldid:webstandard (domains and subdomains only, no URLs). Parts of the code support encoding URL slashes as:'s, which I'm not sure is the standard or not, but according to the team this isn't the case everywhere. The only reliable part is the domain.PoV:It might be worth clarifying that not using Multidid Ed25519 keys hinder interoperability, than simply not using
did:key.The recommendation to use Ed25519 is there too, it's in the next paragraph:
DID documents SHOULD contain Ed25519 public keys represented as verification methods with
Multikeytype (as defined in the Controlled Identifiers specification).Both are SHOULD, however. This is to say: we are exploring various DID methods, but did:key + ed25519 is what is currently used in production.
PoV:I’m curious what existing implementations use the Ed25519 keys for, besides unique identifiers? I do realize they’re also public keys, but I haven’t got to signing or validating yet in my implementation.
Those Ed25519 keys are used to sign ActivityPub objects. Here's an example of an actor:
The signature is in the
proofobject, produced in accordance with https://www.w3.org/TR/vc-data-integrity/ standard. -
Gotcha, thanks for that.
Curiously, I noticed that document has no JSON LD
@contextsection. While I realize JSON LD doesn't necessarily require it, I just haven't seen any "valid" documents without it. Is that at all commonplace, or just a fluke that this specific implementation doesn't use them?EDIT: Mmm... Is it omitted because the content type is
application/ld+json; profile="https://www.w3.org/ns/activitystreams", thus"@content": "https://www.w3.org/ns/activitystreams"is implied? -
Gotcha, thanks for that.
Curiously, I noticed that document has no JSON LD
@contextsection. While I realize JSON LD doesn't necessarily require it, I just haven't seen any "valid" documents without it. Is that at all commonplace, or just a fluke that this specific implementation doesn't use them?EDIT: Mmm... Is it omitted because the content type is
application/ld+json; profile="https://www.w3.org/ns/activitystreams", thus"@content": "https://www.w3.org/ns/activitystreams"is implied?It was a test, the
@contextis already restored.ActivityPub says that "Implementers SHOULD include the ActivityPub context in their object definitions." I think it means that@contextcould be omitted if you have a good reason do so. But Mastodon rejects actor documents without@context, so everyone includes it for compatibility reasons. Other implementations seem to be more forgiving - this is what I was testing -
Came across this historical artifact from @cwebber today that might be a good addition to the References:
https://bsky.app/profile/dustyweb.bsky.social/post/3lyvxn2ijt22g
-
Came across this historical artifact from @cwebber today that might be a good addition to the References:
https://bsky.app/profile/dustyweb.bsky.social/post/3lyvxn2ijt22g
erlend_sh:Came across this historical artifact from @cwebber today that might be a good addition to the References:
I probably read this document at some point, but I don't think it influenced the development of FEP-ef61 in any way. DIDs and content addressing were discussed on this forum too, there were even attempts to implement something, but they were not successful.
-
I didn't post about the latest update here, it happened about one month ago: https://codeberg.org/fediverse/fep/pulls/668
-
Should one be able to publish a portable object that is repudiable? IIUC, FEP-ef61 portable objects (identified by ‘ap’ URIs) require FEP-8b32 integrity proofs, so they are non-repudiable. On the other hand, FEP-c390 identity proofs establishes links between DIDs and HTTP(S) actors, but they don’t make objects portable. So that seems to be not possible with current proposals.
I’m curious because there are cases where one doesn’t want non-repudiation. For example, you don’t want your private message to be disclosed by the recipient in a publicly verifiable way. But that does not necessarily mean that you don’t want the object to be portable.
-
Should one be able to publish a portable object that is repudiable? IIUC, FEP-ef61 portable objects (identified by ‘ap’ URIs) require FEP-8b32 integrity proofs, so they are non-repudiable. On the other hand, FEP-c390 identity proofs establishes links between DIDs and HTTP(S) actors, but they don’t make objects portable. So that seems to be not possible with current proposals.
I’m curious because there are cases where one doesn’t want non-repudiation. For example, you don’t want your private message to be disclosed by the recipient in a publicly verifiable way. But that does not necessarily mean that you don’t want the object to be portable.
If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
did:keydoesn't support VM rotation, but there will be other "blessed" DID methods (most likelydid:webanddid:webvh).Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
-
If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
did:keydoesn't support VM rotation, but there will be other "blessed" DID methods (most likelydid:webanddid:webvh).Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
silverpill:If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
this could work but only if the rotation was a "blind rotation", i.e. without a verifiable log of the old key being associated with the identity. if there is a log of the key rotation, then no.
more pressingly, if the key is your identity, then it cannot be rotated without also fundamentally changing your identity. so key rotation with repudiation requires a non-key identity -- in other words, a name (and authoritative name server) or description (and a way of asserting trusted claims that match the description).
silverpill:Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
from what i understood of the paper, it seems this is just delegating signatures to some authority who can sign things on your behalf. you can then claim the authority forged signatures on your behalf. it's basically like how fedi uses custodial keys in most cases.
-
silverpill:
If you rotate verification method, all previous FEP-8b32 proofs become unverifiable. Does this count as repudiation?
this could work but only if the rotation was a "blind rotation", i.e. without a verifiable log of the old key being associated with the identity. if there is a log of the key rotation, then no.
more pressingly, if the key is your identity, then it cannot be rotated without also fundamentally changing your identity. so key rotation with repudiation requires a non-key identity -- in other words, a name (and authoritative name server) or description (and a way of asserting trusted claims that match the description).
silverpill:Additionally, some cryptographic tricks may exist that enable repudiable signatures, for example I was able to find this paper: https://dl.acm.org/doi/10.1145/3659467.3659901
from what i understood of the paper, it seems this is just delegating signatures to some authority who can sign things on your behalf. you can then claim the authority forged signatures on your behalf. it's basically like how fedi uses custodial keys in most cases.
My question was addressed to @tesaguri
Yes,
did:keycan not be rotated, I think this is exactly what I said in my comment.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Let's stop saying Fediverse is federated + universe and start saying it's federated + diverse
-
@avilewis so all that opposition, that "diversity" from Trump's America was a lie?
What a surprise!
-
Io lessi 2700, i primi numeri almeno, per puro caso. Era una serie fantastica in tutti i sensi, ma non ho mai incontrato nessun altro che la conoscesse, e ho poi scoperto che gli autori erano giovanissimi.
Sapere che adesso uno è morto, a 55 anni, è triste, ma è un'occasione per recuperarla
https://fumettologica.it/2026/03/ugo-verdi-morto-disegnatore-2700-legs-weaver/
-
-
@evacide they stay in USA ?
-
Bologna: questa mattina udienza di convalida per le tre persone arrestate. migliaia di euro di multa ai residenti del pilastro
@anarchia
Udienza di convalida per i tre attivisti, una compagna e due compagni, arrestati lunedì mattina durante il violento sgombero del presidio di protesta contro il taglio degli alberi
-
RE: https://mastodon.social/@headius/116174666503370577
Mame"s article is pretty interesting, mostly because I didn't know he had a blog thingy
-
@TagYourToe @ml yeah next time maybe Dems will try to earn my vote instead of just taking it for granted.
