From a6c3394dc0f2d6f0a50f72b2cb645f16bf87631f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 11:26:23 +0100 Subject: [PATCH 01/12] Users --- specification/activitypub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index d758775ad..b8fc4e400 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -346,7 +346,7 @@ For example, Alyssa P. Hacker likes to post to her ActivityPub powered blog via ActivityPub actors are generally one of the [ActivityStreams Actor Types](https://www.w3.org/TR/activitystreams-vocabulary/#actor-types), but they don't have to be. For example, a [Profile](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-profile) object might be used as an actor, or a type from an [ActivityStreams](https://www.w3.org/TR/activitystreams-core) extension. Actors are retrieved like any other Object in ActivityPub. Like other [ActivityStreams objects](https://www.w3.org/TR/activitystreams-vocabulary/#object-types), actors have an `id`, which is a URI. When entered directly into a user interface (for example on a login form), it is desirable to support simplified naming. For this purpose, ID normalization *SHOULD* be performed as follows: * If the entered ID is a valid URI, then it is to be used directly. - * If it appears that the user neglected to add a scheme for a URI that would otherwise be considered valid, such as `example.org/alice/`, clients *MAY* attempt to provide a default scheme, preferably `https`. + * If it appears that the user neglected to add a scheme for a URI that would otherwise be considered valid, such as `example.org/users/alice`, clients *MAY* attempt to provide a default scheme, preferably `https`. * Otherwise, the entered value should be considered invalid. Once the actor's URI has been identified, it should be dereferenced. From ebb4e8dba2d3546e662a2456b51598985514b213 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 11:33:59 +0100 Subject: [PATCH 02/12] Updated is optional --- specification/activitypub.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index b8fc4e400..2ceae6be9 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -389,9 +389,6 @@ Describes the [http header signature](https://datatracker.ietf.org/doc/html/draf #### 4.1.9 published This is a timestamp for when the account was first created, and is used to show a joined date on profile screens. -#### 4.1.10 updated -A timestamp for when this actor was last changed. This can be used by followers to update their actor caches. - ### Example 9 ``` json { @@ -466,6 +463,9 @@ A timestamp for when this actor was last changed. This can be used by followers Implementations *MAY*, in addition, provide the following properties: +#### 4.1.10 updated +A timestamp for when this actor was last changed. This can be used by followers to update their actor caches. + #### 4.1.11 streams A list of supplementary Collections which may be of interest. From 11dc5a100d69ae94912b640219518cbc4e79ff48 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 11:38:59 +0100 Subject: [PATCH 03/12] preferredUsername is pretty essential --- specification/activitypub.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index 2ceae6be9..f025042e0 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -389,6 +389,9 @@ Describes the [http header signature](https://datatracker.ietf.org/doc/html/draf #### 4.1.9 published This is a timestamp for when the account was first created, and is used to show a joined date on profile screens. +#### 4.1.10 preferredUsername +A short username which may be used to refer to the actor, with no uniqueness guarantees. + ### Example 9 ``` json { @@ -463,15 +466,12 @@ This is a timestamp for when the account was first created, and is used to show Implementations *MAY*, in addition, provide the following properties: -#### 4.1.10 updated +#### 4.1.11 updated A timestamp for when this actor was last changed. This can be used by followers to update their actor caches. -#### 4.1.11 streams +#### 4.1.12 streams A list of supplementary Collections which may be of interest. -#### 4.1.12 preferredUsername -A short username which may be used to refer to the actor, with no uniqueness guarantees. - #### 4.1.13 endpoints A json object which maps additional (typically server/domain-wide) endpoints which may be useful either for this actor or someone referencing this actor. This mapping may be nested inside the actor document as the value or may be a link to a JSON-LD document with these properties. From 54b2d55756f36fc197c41cc9ef6842a315d72e7d Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 11:40:54 +0100 Subject: [PATCH 04/12] Move example --- specification/activitypub.md | 68 ++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index f025042e0..9e76efe2e 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -358,40 +358,6 @@ ActivityPub does not dictate a specific relationship between "users" and Actors; ### 4.1 Actor objects Actor objects *MUST* have, in addition to the properties mandated by section 3.1 Object Identifiers, the following properties: -#### 4.1.1 inbox -A reference to an ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages received by the actor; see section 5.2 Inbox. - -#### 4.1.2 outbox -An ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages produced by the actor; see section 5.1 Outbox. - -Implementations *SHOULD*, in addition, provide the following properties: - -#### 4.1.3 following -A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that this actor is following; see section 5.4 Following Collection - -#### 4.1.4 followers -A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that follow this actor; see section 5.3 Followers Collection. - -#### 4.1.5 discoverable -Indicates whether the person wishes to be discoverable via recommendations or listings of active accounts. - -Implementations *MAY* provide the following properties: - -#### 4.1.6 liked -A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of objects this actor has liked; see section 5.5 Liked Collection. - -#### 4.1.7 manuallyApprovesFollowers -If true then followers for this account require permission to be granted. This can be an effective anti-spam or anti-harassment feature. - -#### 4.1.8 publicKey -Describes the [http header signature](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-07) public key for this account. This can be used by other accounts on the same or other federated servers to validate the authenticity of received posts. - -#### 4.1.9 published -This is a timestamp for when the account was first created, and is used to show a joined date on profile screens. - -#### 4.1.10 preferredUsername -A short username which may be used to refer to the actor, with no uniqueness guarantees. - ### Example 9 ``` json { @@ -464,6 +430,40 @@ A short username which may be used to refer to the actor, with no uniqueness gua } ``` +#### 4.1.1 inbox +A reference to an ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages received by the actor; see section 5.2 Inbox. + +#### 4.1.2 outbox +An ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages produced by the actor; see section 5.1 Outbox. + +Implementations *SHOULD*, in addition, provide the following properties: + +#### 4.1.3 following +A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that this actor is following; see section 5.4 Following Collection + +#### 4.1.4 followers +A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that follow this actor; see section 5.3 Followers Collection. + +#### 4.1.5 discoverable +Indicates whether the person wishes to be discoverable via recommendations or listings of active accounts. + +Implementations *MAY* provide the following properties: + +#### 4.1.6 liked +A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of objects this actor has liked; see section 5.5 Liked Collection. + +#### 4.1.7 manuallyApprovesFollowers +If true then followers for this account require permission to be granted. This can be an effective anti-spam or anti-harassment feature. + +#### 4.1.8 publicKey +Describes the [http header signature](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-07) public key for this account. This can be used by other accounts on the same or other federated servers to validate the authenticity of received posts. + +#### 4.1.9 published +This is a timestamp for when the account was first created, and is used to show a joined date on profile screens. + +#### 4.1.10 preferredUsername +A short username which may be used to refer to the actor, with no uniqueness guarantees. + Implementations *MAY*, in addition, provide the following properties: #### 4.1.11 updated From f8dd5319c70d0c1ab28e2fcfb02cc3d255de7fc6 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 11:42:42 +0100 Subject: [PATCH 05/12] Move example --- specification/activitypub.md | 144 +++++++++++++++++------------------ 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index 9e76efe2e..495288bf3 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -358,78 +358,6 @@ ActivityPub does not dictate a specific relationship between "users" and Actors; ### 4.1 Actor objects Actor objects *MUST* have, in addition to the properties mandated by section 3.1 Object Identifiers, the following properties: -### Example 9 -``` json -{ - "@context": [ - "https://www.w3.org/ns/activitystreams", - "https://w3id.org/security/v1", - {"@language": "ja"}, - { - "Curve25519Key": "toot:Curve25519Key", - "Device": "toot:Device", - "Ed25519Key": "toot:Ed25519Key", - "Ed25519Signature": "toot:Ed25519Signature", - "EncryptedMessage": "toot:EncryptedMessage", - "PropertyValue": "schema:PropertyValue", - "alsoKnownAs": {"@id": "as:alsoKnownAs", "@type": "@id"}, - "cipherText": "toot:cipherText", - "claim": {"@id": "toot:claim", "@type": "@id"}, - "deviceId": "toot:deviceId", - "devices": {"@id": "toot:devices", "@type": "@id"}, - "discoverable": "toot:discoverable", - "featured": {"@id": "toot:featured", "@type": "@id"}, - "featuredTags": {"@id": "toot:featuredTags", "@type": "@id"}, - "fingerprintKey": {"@id": "toot:fingerprintKey", "@type": "@id"}, - "focalPoint": {"@container": "@list", "@id": "toot:focalPoint"}, - "identityKey": {"@id": "toot:identityKey", "@type": "@id"}, - "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", - "messageFranking": "toot:messageFranking", - "messageType": "toot:messageType", - "movedTo": {"@id": "as:movedTo", "@type": "@id"}, - "publicKeyBase64": "toot:publicKeyBase64", - "schema": "http://schema.org#", - "suspended": "toot:suspended", - "toot": "http://joinmastodon.org/ns#", - "value": "schema:value" - } - ], - "id": "https://kenzoishii.example.com/users/kenzoishii", - "url": "https://kenzoishii.example.com/@kenzoishii" - "following": "https://kenzoishii.example.com/users/kenzoishii/following", - "followers": "https://kenzoishii.example.com/users/kenzoishii/followers", - "featured": "https://kenzoishii.example.com/users/kenzoishii/featured", - "featuredTags": "https://kenzoishii.example.com/users/kenzoishii/collections/tags", - "liked": "https://kenzoishii.example.com/users/kenzoishii/liked", - "inbox": "https://kenzoishii.example.com/users/kenzoishii/inbox", - "outbox": "https://kenzoishii.example.com/users/kenzoishii/outbox", - "endpoints": {"sharedInbox": "https://kenzoishii.example.com/inbox"}, - "preferredUsername": "kenzoishii", - "name": "石井健蔵", - "summary": "この方はただの例です", - "published": "2017-08-23T00:00:00Z", - "updated": "2022-02-09T00:00:00Z", - "discoverable": True, - "manuallyApprovesFollowers": False, - "icon": { - "mediaType": "image/png", - "type": "Image", - "url": "https://kenzoishii.example.com/accounts/avatars/730.png" - }, - "image": { - "mediaType": "image/jpeg", - "type": "Image", - "url": "https://kenzoishii.example.com/accounts/headers/zhw.jpg" - }, - "publicKey": {"id": "https://kenzoishii.example.com/users/kenzoishii#main-key", - "owner": "https://kenzoishii.example.com/users/kenzoishii", - "publicKeyPem": "-----BEGIN PUBLIC KEY-----\n" - "..." - "-----END PUBLIC KEY-----\n"}, - "type": "Person" -} -``` - #### 4.1.1 inbox A reference to an ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages received by the actor; see section 5.2 Inbox. @@ -526,6 +454,78 @@ Describes an image which represents the user's profile picture (this may be a th #### 4.1.20 image Describes the profile page background banner for this person. +### Example 9 +``` json +{ + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + {"@language": "ja"}, + { + "Curve25519Key": "toot:Curve25519Key", + "Device": "toot:Device", + "Ed25519Key": "toot:Ed25519Key", + "Ed25519Signature": "toot:Ed25519Signature", + "EncryptedMessage": "toot:EncryptedMessage", + "PropertyValue": "schema:PropertyValue", + "alsoKnownAs": {"@id": "as:alsoKnownAs", "@type": "@id"}, + "cipherText": "toot:cipherText", + "claim": {"@id": "toot:claim", "@type": "@id"}, + "deviceId": "toot:deviceId", + "devices": {"@id": "toot:devices", "@type": "@id"}, + "discoverable": "toot:discoverable", + "featured": {"@id": "toot:featured", "@type": "@id"}, + "featuredTags": {"@id": "toot:featuredTags", "@type": "@id"}, + "fingerprintKey": {"@id": "toot:fingerprintKey", "@type": "@id"}, + "focalPoint": {"@container": "@list", "@id": "toot:focalPoint"}, + "identityKey": {"@id": "toot:identityKey", "@type": "@id"}, + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "messageFranking": "toot:messageFranking", + "messageType": "toot:messageType", + "movedTo": {"@id": "as:movedTo", "@type": "@id"}, + "publicKeyBase64": "toot:publicKeyBase64", + "schema": "http://schema.org#", + "suspended": "toot:suspended", + "toot": "http://joinmastodon.org/ns#", + "value": "schema:value" + } + ], + "id": "https://kenzoishii.example.com/users/kenzoishii", + "url": "https://kenzoishii.example.com/@kenzoishii" + "following": "https://kenzoishii.example.com/users/kenzoishii/following", + "followers": "https://kenzoishii.example.com/users/kenzoishii/followers", + "featured": "https://kenzoishii.example.com/users/kenzoishii/featured", + "featuredTags": "https://kenzoishii.example.com/users/kenzoishii/collections/tags", + "liked": "https://kenzoishii.example.com/users/kenzoishii/liked", + "inbox": "https://kenzoishii.example.com/users/kenzoishii/inbox", + "outbox": "https://kenzoishii.example.com/users/kenzoishii/outbox", + "endpoints": {"sharedInbox": "https://kenzoishii.example.com/inbox"}, + "preferredUsername": "kenzoishii", + "name": "石井健蔵", + "summary": "この方はただの例です", + "published": "2017-08-23T00:00:00Z", + "updated": "2022-02-09T00:00:00Z", + "discoverable": True, + "manuallyApprovesFollowers": False, + "icon": { + "mediaType": "image/png", + "type": "Image", + "url": "https://kenzoishii.example.com/accounts/avatars/730.png" + }, + "image": { + "mediaType": "image/jpeg", + "type": "Image", + "url": "https://kenzoishii.example.com/accounts/headers/zhw.jpg" + }, + "publicKey": {"id": "https://kenzoishii.example.com/users/kenzoishii#main-key", + "owner": "https://kenzoishii.example.com/users/kenzoishii", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\n" + "..." + "-----END PUBLIC KEY-----\n"}, + "type": "Person" +} +``` + ## 5. Collections ActivityStreams defines the collection concept; ActivityPub defines several collections with special behavior. Note that ActivityPub makes use of [ActivityStreams paging](https://www.w3.org/TR/activitystreams-core/#paging) to traverse large sets of objects. From 25db1ebc10df9a157143c86fa762de1439922457 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 12:11:46 +0100 Subject: [PATCH 06/12] Grouping --- specification/activitypub.md | 83 +++++++++++++++++------------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index 495288bf3..8b0a26249 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -356,102 +356,97 @@ Once the actor's URI has been identified, it should be dereferenced. ActivityPub does not dictate a specific relationship between "users" and Actors; many configurations are possible. There may be multiple human users or organizations controlling an Actor, or likewise one human or organization may control multiple Actors. Similarly, an Actor may represent a piece of software, like a bot, or an automated process. More detailed "user" modelling, for example linking together of Actors which are controlled by the same entity, or allowing one Actor to be presented through multiple alternate profiles or aspects, are at the discretion of the implementation. ### 4.1 Actor objects -Actor objects *MUST* have, in addition to the properties mandated by section 3.1 Object Identifiers, the following properties: -#### 4.1.1 inbox +As the upstream vocabulary for ActivityPub, any applicable [ActivityStreams](https://www.w3.org/TR/activitystreams-core) property may be used on ActivityPub Actors. Some ActivityStreams properties are particularly worth highlighting to demonstrate how they are used in ActivityPub implementations. + +Properties containing natural language values, such as `name`, `preferredUsername`, or `summary`, make use of [natural language support defined in ActivityStreams](https://www.w3.org/TR/activitystreams-core/#naturalLanguageValues). + +#### 4.1.1 Actor objects *MUST* have, in addition to the properties mandated by section 3.1 Object Identifiers, the following properties: + +##### inbox A reference to an ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages received by the actor; see section 5.2 Inbox. -#### 4.1.2 outbox +##### outbox An ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages produced by the actor; see section 5.1 Outbox. Implementations *SHOULD*, in addition, provide the following properties: -#### 4.1.3 following +##### following A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that this actor is following; see section 5.4 Following Collection -#### 4.1.4 followers +##### followers A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that follow this actor; see section 5.3 Followers Collection. -#### 4.1.5 discoverable +##### discoverable Indicates whether the person wishes to be discoverable via recommendations or listings of active accounts. -Implementations *MAY* provide the following properties: - -#### 4.1.6 liked -A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of objects this actor has liked; see section 5.5 Liked Collection. - -#### 4.1.7 manuallyApprovesFollowers -If true then followers for this account require permission to be granted. This can be an effective anti-spam or anti-harassment feature. - -#### 4.1.8 publicKey +##### publicKey Describes the [http header signature](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-07) public key for this account. This can be used by other accounts on the same or other federated servers to validate the authenticity of received posts. -#### 4.1.9 published -This is a timestamp for when the account was first created, and is used to show a joined date on profile screens. - -#### 4.1.10 preferredUsername +##### preferredUsername A short username which may be used to refer to the actor, with no uniqueness guarantees. -Implementations *MAY*, in addition, provide the following properties: +#### 4.1.2 Implementations *MAY* provide the following properties: -#### 4.1.11 updated +##### liked +A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of objects this actor has liked; see section 5.5 Liked Collection. + +##### manuallyApprovesFollowers +If true then followers for this account require permission to be granted. This can be an effective anti-spam or anti-harassment feature. + +##### published +This is a timestamp for when the account was first created, and is used to show a joined date on profile screens. + +##### updated A timestamp for when this actor was last changed. This can be used by followers to update their actor caches. -#### 4.1.12 streams +##### streams A list of supplementary Collections which may be of interest. -#### 4.1.13 endpoints +##### endpoints A json object which maps additional (typically server/domain-wide) endpoints which may be useful either for this actor or someone referencing this actor. This mapping may be nested inside the actor document as the value or may be a link to a JSON-LD document with these properties. The `endpoints` mapping *MAY* include the following properties: -**proxyUrl** +###### *proxyUrl* Endpoint URI so this actor's clients may access remote ActivityStreams objects which require authentication to access. To use this endpoint, the client posts an `x-www-form-urlencoded` `id` parameter with the value being the `id` of the requested ActivityStreams object. -**oauthAuthorizationEndpoint** +###### *oauthAuthorizationEndpoint* If OAuth 2.0 bearer tokens [RFC6749](https://datatracker.ietf.org/doc/html/rfc6749) [RFC6750](https://datatracker.ietf.org/doc/html/rfc6750) are being used for authenticating client to server interactions, this endpoint specifies a URI at which a browser-authenticated user may obtain a new authorization grant. -**oauthTokenEndpoint** +###### *oauthTokenEndpoint* If OAuth 2.0 bearer tokens [RFC6749](https://datatracker.ietf.org/doc/html/rfc6749) [RFC6750](https://datatracker.ietf.org/doc/html/rfc6750) are being used for authenticating client to server interactions, this endpoint specifies a URI at which a client may acquire an access token. -**provideClientKey** +###### *provideClientKey* If Linked Data Signatures and HTTP Signatures are being used for authentication and authorization, this endpoint specifies a URI at which browser-authenticated users may authorize a client's public key for client to server interactions. -**signClientKey** +###### *signClientKey* If Linked Data Signatures and HTTP Signatures are being used for authentication and authorization, this endpoint specifies a URI at which a client key may be signed by the actor's key for a time window to act on behalf of the actor in interacting with foreign servers. -**sharedInbox** +###### *sharedInbox* An optional endpoint used for wide delivery of publicly addressed activities and activities sent to followers. `sharedInbox` endpoints *SHOULD* also be publicly readable `OrderedCollection` objects containing objects addressed to the Public special collection. Reading from the `sharedInbox` endpoint *MUST NOT* present objects which are not addressed to the `Public` endpoint. -**Note** - -As the upstream vocabulary for ActivityPub, any applicable [ActivityStreams](https://www.w3.org/TR/activitystreams-core) property may be used on ActivityPub Actors. Some ActivityStreams properties are particularly worth highlighting to demonstrate how they are used in ActivityPub implementations. - -#### 4.1.14 url +##### url A link to the actor's "profile web page", if not equal to the value of `id`. -#### 4.1.15 name +##### name The preferred "nickname" or "display name" of the actor. -#### 4.1.16 summary +##### summary A quick summary or biography by the user about themselves. -**Note** - -Properties containing natural language values, such as `name`, `preferredUsername`, or `summary`, make use of [natural language support defined in ActivityStreams](https://www.w3.org/TR/activitystreams-core/#naturalLanguageValues). - -#### 4.1.17 featured +##### featured Link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) containing "pinned" posts appearing on the account profile screen. Such posts are typically used to provide more information about the account, beyond the profile summary. -#### 4.1.18 featuredTags +##### featuredTags Link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) containing tag objects representing hashtags. This is used to improve discoverability. For example, Alyssa likes reading and so she pins a post containing hashtags for her favorite books to her profile. The post appears within the `featured` collection of her `actor` and the hashtags within the post appear within `featuredTags`. When searching the hashtag for a particular book, Misha discovers Alyssa's account and decides to send a follow request based upon their mutual interest. -#### 4.1.19 icon +##### icon Describes an image which represents the user's profile picture (this may be a thumbnail). -#### 4.1.20 image +##### image Describes the profile page background banner for this person. ### Example 9 From 1dd026798acc2713fe0a8da166509f95fe04aafd Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 12:14:20 +0100 Subject: [PATCH 07/12] Extra heading --- markdown.py | 1 + 1 file changed, 1 insertion(+) diff --git a/markdown.py b/markdown.py index f03737fce..bb8d83977 100644 --- a/markdown.py +++ b/markdown.py @@ -339,6 +339,7 @@ def markdown_to_html(markdown: str) -> str: ctr = 0 code_section = False titles = { + "h6": '######', "h5": '#####', "h4": '####', "h3": '###', From 43cb34f4ca4fa9f88e09ff1067e4ca7a7367c0a4 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 12:20:01 +0100 Subject: [PATCH 08/12] Adjust which actor items are essential --- specification/activitypub.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index 8b0a26249..97d091407 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -369,17 +369,12 @@ A reference to an ActivityStreams [OrderedCollection](https://www.w3.org/TR/acti ##### outbox An ActivityStreams [OrderedCollection](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection) comprised of all the messages produced by the actor; see section 5.1 Outbox. -Implementations *SHOULD*, in addition, provide the following properties: - ##### following A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that this actor is following; see section 5.4 Following Collection ##### followers A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of the actors that follow this actor; see section 5.3 Followers Collection. -##### discoverable -Indicates whether the person wishes to be discoverable via recommendations or listings of active accounts. - ##### publicKey Describes the [http header signature](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-07) public key for this account. This can be used by other accounts on the same or other federated servers to validate the authenticity of received posts. @@ -388,6 +383,9 @@ A short username which may be used to refer to the actor, with no uniqueness gua #### 4.1.2 Implementations *MAY* provide the following properties: +##### discoverable +Indicates whether the person wishes to be discoverable via recommendations or listings of active accounts. + ##### liked A link to an [ActivityStreams collection](https://www.w3.org/TR/activitystreams-core/#collections) of objects this actor has liked; see section 5.5 Liked Collection. From fc4b4a54cdce7372e2424cfd3929a6f7b3a5d260 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 15:21:33 +0100 Subject: [PATCH 09/12] http signature example --- specification/activitypub.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/specification/activitypub.md b/specification/activitypub.md index 97d091407..7317442c6 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -1150,6 +1150,16 @@ Servers should be careful to verify that new content is really posted by the act Verification of incoming posts SHOULD occur via a `http header signature` check. Currently, [draft 07 of the http signatures RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-07) has become the *de facto* standard, although later versions MAY be implemented provided that sufficient support exists between federated servers. +A typical http signature created by Alyssa's server on an outgoing POST might look like the following: + +``` http +Signature: keyId="https://instancedomain/users/alyssa#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="tsZYmLJTJJJ/U+HrxVdLTDOwuo8Erqx/uAG2nqcxiiAq0zTQ2Qe2ORPEYRADMBULMAKpX8pt1uZLZncWqyLLLfOSE+M/xMowQkYDaTlLmg9bnnX/+pgp74Ixo6O47R6JhhMUknmBk2bejYamYAtWa5ER6GoZ5/0M4lyyqX890+rP4qlZu10ltb3vFm4qD4jgEPFtOjAEVloeYiMJng7ml6BtiU60OrsEmvcTQvpcB8xazvtCyzocG8+knzAFgUlSZxFKukBE/bakj10DIjG8tjSuNe48iX0OyRdLM7xpVk9RZUK5I/qZ0Epe5iUdUrzlsrAXWHWkXAc+8lvv/asRtw==" +``` + +http signatures SHOULD include `host`, `date` and a `digest` created from the post. + +The receiving server can obtain Alyssa's public key from `https://instancedomain/users/alyssa#main-key` and use it to verify the signature. + In addition, to allow for relaying of posts [linked data signatures](https://w3c-ccg.github.io/data-integrity-spec) MAY be used. This can allow posts to be verified as authentic even if they have passed through intermediate servers. An incoming post SHOULD be considered valid if its `http header signature` fails but an attached `linked data signature` passes. ### B.3 Accessing localhost URIs From 4c4c17730aaa741a7d0e5dd8ae4ed5f33c15baf2 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 15:26:11 +0100 Subject: [PATCH 10/12] Simplify for readability --- specification/activitypub.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index 7317442c6..8e3588543 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -1153,7 +1153,10 @@ Verification of incoming posts SHOULD occur via a `http header signature` check. A typical http signature created by Alyssa's server on an outgoing POST might look like the following: ``` http -Signature: keyId="https://instancedomain/users/alyssa#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="tsZYmLJTJJJ/U+HrxVdLTDOwuo8Erqx/uAG2nqcxiiAq0zTQ2Qe2ORPEYRADMBULMAKpX8pt1uZLZncWqyLLLfOSE+M/xMowQkYDaTlLmg9bnnX/+pgp74Ixo6O47R6JhhMUknmBk2bejYamYAtWa5ER6GoZ5/0M4lyyqX890+rP4qlZu10ltb3vFm4qD4jgEPFtOjAEVloeYiMJng7ml6BtiU60OrsEmvcTQvpcB8xazvtCyzocG8+knzAFgUlSZxFKukBE/bakj10DIjG8tjSuNe48iX0OyRdLM7xpVk9RZUK5I/qZ0Epe5iUdUrzlsrAXWHWkXAc+8lvv/asRtw==" +Signature: keyId="https://instancedomain/users/alyssa#main-key", + algorithm="rsa-sha256", + headers="(request-target) host date digest content-type", + signature="tsZYmLJTJJJ/U+...==" ``` http signatures SHOULD include `host`, `date` and a `digest` created from the post. From c5d2638b9949d3ed048b82a50d395ccc1fd9907a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 16:44:11 +0100 Subject: [PATCH 11/12] Separate sections --- specification/activitypub.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index 8e3588543..f05e0398b 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -1148,6 +1148,8 @@ Servers should not trust client submitted content, and federated servers also sh Servers should be careful to verify that new content is really posted by the actor that claims to be posting it, and that the actor has permission to update the resources it claims to. See also section 3. Objects Authentication and Authorization. +#### B.2.1 HTTP Signature + Verification of incoming posts SHOULD occur via a `http header signature` check. Currently, [draft 07 of the http signatures RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-07) has become the *de facto* standard, although later versions MAY be implemented provided that sufficient support exists between federated servers. A typical http signature created by Alyssa's server on an outgoing POST might look like the following: @@ -1163,7 +1165,9 @@ http signatures SHOULD include `host`, `date` and a `digest` created from the po The receiving server can obtain Alyssa's public key from `https://instancedomain/users/alyssa#main-key` and use it to verify the signature. -In addition, to allow for relaying of posts [linked data signatures](https://w3c-ccg.github.io/data-integrity-spec) MAY be used. This can allow posts to be verified as authentic even if they have passed through intermediate servers. An incoming post SHOULD be considered valid if its `http header signature` fails but an attached `linked data signature` passes. +#### B.2.2 Linked Data Signature + +To allow for relaying of posts [linked data signatures](https://w3c-ccg.github.io/data-integrity-spec) MAY be used. This can allow posts to be verified as authentic even if they have passed through intermediate servers. An incoming post SHOULD be considered valid if its `http header signature` fails but an attached `linked data signature` passes. ### B.3 Accessing localhost URIs It is often convenient while developing to test against a process running on localhost. However, permitting requests to localhost in a production client or server instance can be dangerous. Making requests to URIs on localhost which do not require authorization may unintentionally access or modify resources assumed to be protected to be usable by localhost-only. From 05bf59c8255ca26d84c80293f7b8e67503bcfe3a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 29 Jun 2022 18:38:22 +0100 Subject: [PATCH 12/12] Tidying --- specification/activitypub.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/activitypub.md b/specification/activitypub.md index f05e0398b..dbb72b732 100644 --- a/specification/activitypub.md +++ b/specification/activitypub.md @@ -706,7 +706,7 @@ Any `to`, `bto`, `cc`, `bcc`, and `audience` properties specified on the object "type": "Note", "content": "This is a note", "published": "2015-02-10T15:04:55Z", - "to": ["https://example.org/@john/"], + "to": ["https://example.org/@john"], "cc": ["https://example.com/@erik/followers", "https://www.w3.org/ns/activitystreams#Public"] } @@ -727,12 +727,12 @@ The above example could be converted to this: "attributedTo": "https://example.net/users/mallory", "content": "This is a note", "published": "2015-02-10T15:04:55Z", - "to": ["https://example.org/@john/"], + "to": ["https://example.org/@john"], "cc": ["https://example.com/@erik/followers", "https://www.w3.org/ns/activitystreams#Public"] }, "published": "2015-02-10T15:04:55Z", - "to": ["https://example.org/@john/"], + "to": ["https://example.org/@john"], "cc": ["https://example.com/@erik/followers", "https://www.w3.org/ns/activitystreams#Public"] }