Minutes from 2 May 2024 WG Meeting
-
@silverpill @nutomic @mikedev @julian
well, the benefit of my implementation of private groups is that it already exists
I'll write a FEP about my actor tokens.
-
The container approach works great for private communities because we aren't performing any third party fetches. The relationship is with the group actor, who relays the signed activities within an Add to Collection activity and these can be fetched directly from the group instance by anybody having a relationship with the group actor.
We're using FEP-8b32 (object integrity proofs) for signing these activities because LD-signatures have a number of issues, the most important of which is they have known limitations when nested. So in this case the third party is never fetching the activity from its origin. They have a signed activity delivered to them as the object of the Add activity.
The biggest issue by far with private group posts is the privacy of the original post in the thread. I've been in some heated debates about this. I don't expect anything different now. We revived an old fediverse concept (the bang tag) for privately addressing groups, whether the group is public or private. We also provide post-by-DM for sites that don't support bang tags. Using a bang tag (or DM) to perform an FEP-400e remote post-to-collection has the least user friction. We'll also accept simple @-mentions for public groups for compatibility with the FEP-1b12 mob, but this cannot be used with private groups for hopefully obvious reasons.
In any case, bang tags solve a lot of problems and provides some consistency between public and private groups and folks catch on to them real quick. Especially folks with historical ties to the StatusNet universe. -
@[email protected] said in Minutes from 2 May 2024 WG Meeting:
Also what does Evan mean by saying that Page shouldnt be used? Lemmy uses it since day one without any problems, its a perfectly fine type.
That might've been a simplification on my part. The distinction was between Article, Note, and Page and being displayed in-app with rich HTML support.
Page, as per spec, is better handled how Mastodon already handles it: a short summary with a link to the original page.
Correct me if I'm wrong @[email protected] ?
-
-
-
Mike Macgirvin 🖥️replied to infinite love ⴳ on last edited by@[email protected]
"how do you feel about the use of
context
in the exact same way thattarget
is used (invalidly according to as2-vocab, i might add)?"
Was just contemplating this statement, and will assert that it is possibly incorrect. The first activity in a collection operation is to Create an object in the target Collection, especially if it is a remote identity to the collection instance. This activity should be ignored by everybody except the owner (attributedTo) of the Collection, who will perform an Add (object) to Collection - or potentially ignore/reject it. This workflow is the fundamental basis of FEP-400e.
If that workflow is invalid, we'll have to discard FEP-400e and start over.
Mastodon will happily toss the target and display a Create Note (if the object is a note), and completely ignore the resultant Add/object/Collection activity. This is not my problem, and we have to co-exist with non-compliant implementations. It's not like we can stop them.
I would also suggest that the probability of project 'xyz' in the fediverse handling an array in the context without chucking an exception is less than 50%. This is also a reality we need to deal with. Maybe I'm wrong and maybe more projects have fixed their stuff since we last tried using an array on a field that Mastodon always sets to a string, but I would definitely run some interop tests and probably file lots of bugs on lots of projects before attempting it in production. And those projects will happily ignore the bug report for years if your platform has under 1 million users. That's the way the world works.
In any case the initial Create activity with a target is completely valid. But the only actor that "should" ever act on it is the Collection attributedTo. Everybody else "should" discard it, if they are compliant with the Collection workflow described in FEP-400e.
That said, I don't think we're completely compliant with FEP-400e either. I recall a couple of sticking points and we've extended it beyond its initial scope of groups. We're primarily using it as the basis for this basic Collection management workflow. -
infinite love ⴳreplied to Mike Macgirvin 🖥️ on last edited by
@mikedev Ah, I should clarify: Create with target is valid, but not immediately meaningful. Object with target is invalid because target is only defined for Activity types.
7888 uses the same Create/Add workflow as 400e but uses the “correct” property for this.
The use of multiple contexts is… possible, but it’s like using multiple inReplyTo. The main issue is where to send your activity for approval.
-
Mike Macgirvin 🖥️replied to infinite love ⴳ on last edited byThanks for the clarification. I'll take a look after another cuppa.
-
Mike Macgirvin 🖥️replied to infinite love ⴳ on last edited byI guess the real question is - if an 'object' field (an Activity is an extension of Object) cannot contain an Activity, how would you then Add a Like/Dislike/Attend/etc. Activity to a Collection of Activity?
-
infinite love ⴳreplied to Mike Macgirvin 🖥️ on last edited by
@mikedev I meant non-Activity types can’t have “target” property. Nothing to do with “object” property.
You can Add a Like (etc.) just fine.
-
Mike Macgirvin 🖥️replied to infinite love ⴳ on last edited by@[email protected] Then I guess I'm not seeing what you have an issue with, unless it's just a poor description of something in my container documentation. I don't think that I'm actually using a target anywhere that isn't associated with an activity.
-
infinite love ⴳreplied to Mike Macgirvin 🖥️ on last edited by
@mikedev My mistake, FEP-400e does, and I was under the impression Conversation Containers did as well. https://w3id.org/fep/400e#using-target-in-objects
I had another look at https://codeberg.org/streams/streams/src/branch/release/doc/develop/en/Containers.mc and my only nitpick is that the initial Create would make more semantic sense as a dual-typed ["Create", "Add"]. With that said... I understand why you didn't do it that way.
Also I still think that context+target is redundant since they point to the same collection. But again, that's the price of compatibility.
-
[email protected]replied to Evan Prodromou on last edited byThe Activitystreams standard doesnt mention that. And it makes a lot of sense for Lemmy, because the comments are a major part of it.
-
@mikedev Okay, I think I'm starting to see the big picture here. When a group actor publishes Add or Announce activity which wraps another activity, the recipients should somehow verify the authenticity of a wrapped activity. With FEP-8b32 this is easy. Without FEP-8b32 you need to fetch the wrapped activity from its server of origin. However, when the group is private the activity would be private as well, and everything becomes complicated. The originating server may not know who is part of the group and who is not, and therefore it can't enforce privacy by requiring a signed fetch.
To work around this in his non-FEP-8b32 implementation of FEP-400e, @grishka invented "actor tokens": https://codeberg.org/fediverse/fep/src/branch/main/fep/db0e/fep-db0e.md
Am I getting this right?
Curiously, the authentication of wrapped activities is not described in FEP-1b12. I posted about this problem on SocialHub forum yesterday but haven't gotten a response yet: https://socialhub.activitypub.rocks/t/fep-1b12-group-federation/2724/66
Is it so obvious that it doesn't need to be stated? Or is there a huge security hole in existing FEP-1b12 implementations because no one have bothered to think about this?
-
Third party issues are subtle enough that they're obvious only after you actually have to deal with them. I've been dealing with them for a long time now. Both in private groups and multiple protocol interactions - where we were trying to make something from protocol 'A' visible to somebody using protocol 'B' when we ourselves used protocol 'C'.
Tokens are one way to do it, but they can be real tricky to secure, and they need to be stripped from conversational objects or inReplyTo's and de-duplication don't work correctly. Or give everybody in the conversation the exact same token - in which case they don't really provide very good access control. These are things most people don't come to grips with until they try it.
We've traditionally implemented private groups in other protocols by doing a straight resend/relay of a signed activity by the group actor, and we did this in AP with LD-signatures for a while. I don't think Mastodon supports relaying any more because they're now verifying sender-id (via the HTTP-sig) against actor-id and rejecting mismatches.
FEP-8b32 along with Collections conveniently gets around all of the related issues. The sender and actor id of the Add activity matches, and the object is a complete signed activity. -
-
@[email protected] said in Minutes from 2 May 2024 WG Meeting:
Do you authenticate wrapped activities?
Do you mean something like a
Announce(Note)
? If it'sAnnounce(Create(Note))
, I am pretty sure NodeBB doesn't handle that yet, so they're dropped.But for the former... on the way in, if
object
is anything other than a uri, we check it's origin. If it matches the actor, then we assume validity. Otherwise we retrieve the object anew from the source.We don't currently support integrity proofs (8b32) or actor tokens (db0e) yet, so if the object cannot be retrieved, then the entire activity is dropped as unprocessable.
-
@julian Makes sense. Accept if origin is the same, otherwise retrieve from source. I think Announce(Create(Note)) and other FEP-1b12 activities should be processed in the same way:
https://socialhub.activitypub.rocks/t/fep-1b12-group-federation/2724/68
-
@[email protected] is the sending of
Announce(Create(Note))
an implementation quirk, or is it explicitly defined in an FEP?My assumption is that you announce Likes and Notes, but I guess there's theoretically nothing stopping someone from Announcing that someone Liked your Announce of a Creation of a Note — a
Announce(Like(Announce(Create(Note))))
... but... yikes.
-
-
@julian Activities like
Announce(Create(Note))
are the main point of FEP-1b12:>In case the incoming activity is deemed valid, the group MUST wrap it in an Announce activity, with the original activity as object.
Announce(Note)
is an additional activity that Lemmy sends to remain compatible with micro-blogging apps.