indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Authentication

merge-requests/30/head
Bob Mottram 2022-06-28 20:07:32 +01:00
parent 4648d75cba
commit d56cc66936
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
specification/activitypub.md
View File

@ -1140,14 +1140,15 @@ To support multiple languages, `Note` and `Article` objects can include `content
}
```
## B. Security Considerations
*This section is non-normative.*
### B.1 Authentication and Authorization
ActivityPub uses authentication for two purposes; first, to authenticate clients to servers, and secondly in federated implementations to authenticate servers to each other.
Unfortunately at the time of standardization, there are no strongly agreed upon mechanisms for authentication. Some possible directions for authentication are laid out [in the Social Web Community Group Authentication and Authorization best practices report](https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization).
In most implementations authentication from client to server happens via [OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749), although other methods MAY be used.
Also see the [Social Web Community Group Authentication and Authorization best practices report](https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization).
### B.2 Verification
Servers should not trust client submitted content, and federated servers also should not trust content received from a server other than the content's origin without some form of verification.