FEP-baf5: Administrator Collection
-
This is the discussion thread for the draft FEP-baf5: Administrator Collection
> This FEP introduces a mechanism for discovering the administrators of an ActivityPub instance. It extends the "Group Moderator" pattern from [FEP 1b12][1b12] and the "Application Actor" concept from [FEP 2677][2677] by defining an
OrderedCollectionof administrators referenced from the instance's application actor. -
1. I find the use of
attributedTohere confusing, because normally this property is used to indicate who owns an object or a collection, and its value is an actor. I am aware thatattributedTois used in a similar way in FEP-1b12, but it would be better to introduce a new property (administrators) instead of continuing to abuseattributedTo.
2. You say that your FEP supersedes the same-origin assumption described in FEP-fe34, but I think it describes a reciprocal claim, also described in FEP-fe34: https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md#reciprocal-claims. I suggest clarifying which aspect of FEP-fe34 is being superseded.
3. In the section "Security and Authorization" you say "authenticity" but what actually is being verified is a permission.
4. The entire problem of non-same-actor updates and deletes can be avoided by using different activities. For example,Updatecan be replaced with an annotation activity.Deletecan be replaced withRemove(from thread).
5. FEP links lead to w3id.org site, not directly to FEPs. -
1. I find the use of
attributedTohere confusing, because normally this property is used to indicate who owns an object or a collection, and its value is an actor. I am aware thatattributedTois used in a similar way in FEP-1b12, but it would be better to introduce a new property (administrators) instead of continuing to abuseattributedTo.
2. You say that your FEP supersedes the same-origin assumption described in FEP-fe34, but I think it describes a reciprocal claim, also described in FEP-fe34: https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md#reciprocal-claims. I suggest clarifying which aspect of FEP-fe34 is being superseded.
3. In the section "Security and Authorization" you say "authenticity" but what actually is being verified is a permission.
4. The entire problem of non-same-actor updates and deletes can be avoided by using different activities. For example,Updatecan be replaced with an annotation activity.Deletecan be replaced withRemove(from thread).
5. FEP links lead to w3id.org site, not directly to FEPs.> @silverpill@mitra.social said:
>
> 5. FEP links lead to w3id.org site, not directly to FEPs.Wasn't aware this was a problem? Figured the redirects would be okay.
-
1. I find the use of
attributedTohere confusing, because normally this property is used to indicate who owns an object or a collection, and its value is an actor. I am aware thatattributedTois used in a similar way in FEP-1b12, but it would be better to introduce a new property (administrators) instead of continuing to abuseattributedTo.
2. You say that your FEP supersedes the same-origin assumption described in FEP-fe34, but I think it describes a reciprocal claim, also described in FEP-fe34: https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md#reciprocal-claims. I suggest clarifying which aspect of FEP-fe34 is being superseded.
3. In the section "Security and Authorization" you say "authenticity" but what actually is being verified is a permission.
4. The entire problem of non-same-actor updates and deletes can be avoided by using different activities. For example,Updatecan be replaced with an annotation activity.Deletecan be replaced withRemove(from thread).
5. FEP links lead to w3id.org site, not directly to FEPs.> @silverpill@mitra.social said:
>
> You say that your FEP supersedes the same-origin assumption described in FEP-fe34, but I think it describes a reciprocal claim, also described in FEP-fe34: https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md#reciprocal-claims. I suggest clarifying which aspect of FEP-fe34 is being superseded.#2 I suppose supercedes is the incorrect term. It extends fe34, in a way. Would that be acceptable? Definitely not meaning to imply that fe34 is insufficient in any way.
#3 <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/2714.png?v=f187f9278b7" title=":heavy_check_mark:" /> okay
-
Wasn't aware this was a problem? Figured the redirects would be okay.
The canonical location of a FEP is on Codeberg, but no, it is not a problem.
#2 I suppose supercedes is the incorrect term. It extends fe34, in a way. Would that be acceptable? Definitely not meaning to imply that fe34 is insufficient in any way.
"Extends" is fine, I just think you're describing a reciprocal claim from FEP-fe34, so you could use that term (or maybe FEP-fe34 needs to be updated if "reciprocal claim" is not a good name for this mechanism?)
-
The reason why
attributedTowas chosen is because there is prior art to using that property to represent a collection of moderators. You could make the same argument against 1b12 (thatmoderatorsshould be the key instead ofattributedTo), too.The argument as to whether a custom property fits better is certainly valid, and worth debating. However, I would want to point out that keeping with prior art has the benefit of making this FEP much easier to adopt by threadiverse implementors.
-
Wasn't aware this was a problem? Figured the redirects would be okay.
The canonical location of a FEP is on Codeberg, but no, it is not a problem.
#2 I suppose supercedes is the incorrect term. It extends fe34, in a way. Would that be acceptable? Definitely not meaning to imply that fe34 is insufficient in any way.
"Extends" is fine, I just think you're describing a reciprocal claim from FEP-fe34, so you could use that term (or maybe FEP-fe34 needs to be updated if "reciprocal claim" is not a good name for this mechanism?)
> @silverpill@mitra.social said:
>
> Extends" is fine, I just think you're describing a reciprocal claim from FEP-fe34, so you could use that term (or maybe FEP-fe34 needs to be updated if "reciprocal claim" is not a good name for this mechanism?)I don't know if this is truly a reciprocal claim. My understanding from a reading of the relevant section from fe34 suggests a claim of A → B is reciprocal if there is an inverse claim B → A.
fe34solidifies the concept of same-origin trust (which iirc is only something like a line or two in AP spec?). baf5 builds upon that with an additional opt-in specificity. Sobaf5assumesfe34compatibility, but not the inverse. But we're splitting hairs I think <img class="not-responsive emoji" src="https://activitypub.space/assets/plugins/nodebb-plugin-emoji/emoji/android/1f604.png?v=f187f9278b7" title=":smile:" /> -
1. I find the use of
attributedTohere confusing, because normally this property is used to indicate who owns an object or a collection, and its value is an actor. I am aware thatattributedTois used in a similar way in FEP-1b12, but it would be better to introduce a new property (administrators) instead of continuing to abuseattributedTo.
2. You say that your FEP supersedes the same-origin assumption described in FEP-fe34, but I think it describes a reciprocal claim, also described in FEP-fe34: https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md#reciprocal-claims. I suggest clarifying which aspect of FEP-fe34 is being superseded.
3. In the section "Security and Authorization" you say "authenticity" but what actually is being verified is a permission.
4. The entire problem of non-same-actor updates and deletes can be avoided by using different activities. For example,Updatecan be replaced with an annotation activity.Deletecan be replaced withRemove(from thread).
5. FEP links lead to w3id.org site, not directly to FEPs.> @silverpill@mitra.social said:
>
> 4. The entire problem of non-same-actor updates and deletes can be avoided by using different activities. For example, Update can be replaced with an annotation activity. Delete can be replaced with Remove (from thread).While true, this is outside the scope of the FEP.
Update/Deletewere mentioned in the FEP as they are recognizable, but this sort of explicit authorization* is relevant to any activity type.Offer,Undo,Bite,Zooboomafoo, etc.* I have to be careful when I use the term "authorization" because if I say it three times @thisismissem will show up and start talking about OAuth2/OIDC again.
-
> @julian said:
>
> * I have to be careful when I use the term "authorization" because if I say it three times @thisismissem will show up and start talking about OAuth2/OIDC again.Correction: it's just a single mention that makes me appear, people tend to confuse me with a genie but we're quite different.
(Also I saw other replies here but had an MCAS attack hangover today so didn't have energy to reply. I'll try to reply soon)
-
1. I find the use of
attributedTohere confusing, because normally this property is used to indicate who owns an object or a collection, and its value is an actor. I am aware thatattributedTois used in a similar way in FEP-1b12, but it would be better to introduce a new property (administrators) instead of continuing to abuseattributedTo.
2. You say that your FEP supersedes the same-origin assumption described in FEP-fe34, but I think it describes a reciprocal claim, also described in FEP-fe34: https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md#reciprocal-claims. I suggest clarifying which aspect of FEP-fe34 is being superseded.
3. In the section "Security and Authorization" you say "authenticity" but what actually is being verified is a permission.
4. The entire problem of non-same-actor updates and deletes can be avoided by using different activities. For example,Updatecan be replaced with an annotation activity.Deletecan be replaced withRemove(from thread).
5. FEP links lead to w3id.org site, not directly to FEPs.@silverpill@mitra.social @julian@activitypub.space @technical-discussion@activitypub.space
I agree with Silverpill 'attributedTo' should not be overloaded by this extra meaning
-
My understanding from a reading of the relevant section from fe34 suggests a claim of A → B is reciprocal if there is an inverse claim B → A.
Yes, and in my understanding these claims are:
- This actor is authorized to delete/update this object.
- This object is hosted on the server where this actor is an administrator.But I don't insist on importing this concept.
I would want to point out that keeping with prior art has the benefit of making this FEP much easier to adopt by threadiverse implementors.
I consider myself a threadiverse implementer too, and I don't really like the idea of dealing with ambiguous properties :)
At the very least, could you add
inboxandoutboxproperties to the Application actor example? https://codeberg.org/devnull/feps/src/branch/instance-admins/fep/baf5/fep-baf5.md#instance-actor-and-application-actor -
I agree with Silverpill that
attributedTois a little misplaced here, and a more explicit term would probably be better. e.g.,administratorsormoderatedBy(this is coming from the T&S taskforce and references a Moderation Group actor, not a collection). -
I am working a FEP which in some ways is related to your proposal:
FEP-5219: Groups and permissions
It introduces a new collection called
affiliations, which is intended as a single source of information on who is allowed to do what (within a specific domain).The FEP is mainly concerned with FEP-1b12 groups, but the
affiliationscollection could also be attached to Application actors, and be used in a way you described in FEP-baf5: Administrator Collection -
I am working a FEP which in some ways is related to your proposal:
FEP-5219: Groups and permissions
It introduces a new collection called
affiliations, which is intended as a single source of information on who is allowed to do what (within a specific domain).The FEP is mainly concerned with FEP-1b12 groups, but the
affiliationscollection could also be attached to Application actors, and be used in a way you described in FEP-baf5: Administrator Collection@silverpill@mitra.social no objections at first pass, will need to do a deeper read through.
Most importantly though it won't matter unless you get @nutomic@lemmy.ml and @rimu@piefed.social on board.
-
-
I really strongly encourage you all to come to the next ActivityPub Trust & Safety task force meeting: https://www.w3.org/events/meetings/29a5bd4f-bb6e-4830-bbf7-7ba290e89afa/20260701T100000/
Let's figure things out together instead of just in isolation.
Ciao! Sembra che tu sia interessato a questa conversazione, ma non hai ancora un account.
Stanco di dover scorrere gli stessi post a ogni visita? Quando registri un account, tornerai sempre esattamente dove eri rimasto e potrai scegliere di essere avvisato delle nuove risposte (tramite email o notifica push). Potrai anche salvare segnalibri e votare i post per mostrare il tuo apprezzamento agli altri membri della comunità.
Con il tuo contributo, questo post potrebbe essere ancora migliore 💗
Registrati Accedi