From 998134a76dfb24bb6879b36e18dfdd8537e41e45 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Mon, 20 Jul 2020 12:59:03 -0700 Subject: [PATCH] update AP, matrix, ssb --- protocols/activitypub.md | 14 +++++++++++--- protocols/matrix.md | 6 ++++-- protocols/ssb.md | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/protocols/activitypub.md b/protocols/activitypub.md index 0458d53..0cf2a6c 100644 --- a/protocols/activitypub.md +++ b/protocols/activitypub.md @@ -8,7 +8,9 @@ ActivityPub consists of two layers: A server-to-server federation protocol, and Users in ActivityPub are conceptualized as actor objects. Actor to actor communication bears a resemblance to email. To be spec compliant, each actor _must_ have an "inbox" and an "outbox" endpoint, as URLs which are accessible on the server. They also _should_ have "following" and "followers". They _may_ have "liked" collections, and many other predefined possibilities. -[Authentication](https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization): Server to server federation is authenticated using HTTP Signatures. The server creates a public and private keypair for each actor, and a publicly accessible JSON-LD document retrievable over HTTP which contains its public key. Each message the server sends on behalf of an actor is signed by its key. When a remote server receives a POST to its inbox, it verifies the signature on the HTTP request. To verify object integrity, linked data signatures are used to sign the object with the publicKey of the actor who authored it. +Although not part of the ActivityPub spec, in practice Webfinger is used to discover actor profiles. + +Server to server federation is [authenticated](https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization) using HTTP Signatures. The server creates a public and private keypair for each actor, and a publicly accessible JSON-LD document retrievable over HTTP which contains its public key. Each message the server sends on behalf of an actor is signed by its key. When a remote server receives a POST to its inbox, it verifies the signature on the HTTP request. To verify object integrity, linked data signatures are used to sign the object with the publicKey of the actor who authored it. A [paper](https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/activitypub-decentralized-distributed.md) from the 2017 Rebooting the Web of Trust conference describes how distributed, cryptographic identities could be added to ActivityPub. @@ -56,7 +58,9 @@ Any service that implements the ActivityPub server-to-server protocol can intero The client-to-server protocol defines a standard way for user client software to connect to ActivityPub servers. In practice, it is rarely used. None of the major Fediverse services implement it. The vision of how it would work if it were widely used is that a user application could mix and match different servers like Mastodon, Pleroma, PixelFed, and any new service that implemented it. -Diaspora, another federated social network, chose not to adopt ActivityPub. +[Bridgy Fed](https://github.com/snarfed/bridgy-fed) is a project to connect IndieWeb sites with the ActivityPub and OStatus federated networks. + +[Diaspora](../applications/diaspora.md), another federated social network, chose not to adopt ActivityPub. ### Scalability @@ -66,15 +70,19 @@ The ActivityPub ecosystem scales up by adding more server capacity to the networ [fediverse.network](https://fediverse.network/) maintains statistics of the known oStatus/ActivityPub fediverse. -### Implementations +### Implementations & Applications [W3C Implementation Report](https://activitypub.rocks/implementation-report/) +[Watchlist for ActivityPub Apps](https://git.feneas.org/feneas/fediverse/-/wikis/watchlist-for-activitypub-apps) + +Notable applications: - [Mastodon](https://mastodon.social/about) (the largest federated network built on ActivityPub) has 2699 nodes and 2.6M users as of 5/2020 - [Pleroma](https://pleroma.social/) is another federated social network. According to stats at [the-federation.info](the-federation.info), Pleroma has 620 nodes with 35K users as of 5/2020. - [PixelFed](https://pixelfed.org/) is an ActivityPub based image-sharing platform. - [Friendica](https://friendi.ca/) is a decentralized social network with support for ActivityPub, as well as the OStatus and diaspora protocols. - [PeerTube](https://joinpeertube.org/) is a free and decentralized video platform. +- [Plume](https://joinplu.me/) is a federated blogging application ### Related diff --git a/protocols/matrix.md b/protocols/matrix.md index b8c76f4..e1a94b0 100644 --- a/protocols/matrix.md +++ b/protocols/matrix.md @@ -4,13 +4,15 @@ Matrix is a protocol for replicating a signed history of JSON objects in realtim ### Identity -A matrix user ID includes the username along with the user's homeserver. For example: +A Matrix [identifier](https://matrix.org/docs/spec/appendices#common-identifier-format) takes the form of `*localpart:homeserver`, where \* is a “sigil” character which is used to identify the entity’s type. The sigil character "@" states that the entity is a Matrix user ID, and the "localpart" is an identity allocated by that homeserver. For example: `@bob:matrix.org` +Other sigil IDs include "!" for Room ID, "$" for Event ID, "+" for Group ID, and "#" for room alias. + User accounts, once created on a homeserver, cannot be migrated. To change servers, a user must make a new account. [Automated tooling](https://modular.im/tools/matrix-migration) exists to help with inviting the new account into rooms the previous account was in. -Users have a Matrix user ID, but can also use 3rd party IDs. Matrix identity servers map 3rd party IDs such as email addresses, social accounts, and phone numbers to Matrix ids. The use of this service is optional. A globally federated cluster of trusted identity servers verify and replicate the mappings, although this is considered a stopgap solution until a fully decentralized identity solution is adopted. +Users have a Matrix user ID, but can also use [3rd party IDs (3PIDs)](https://matrix.org/docs/spec/appendices#pid-types). Matrix identity servers map 3rd party IDs such as email addresses and phone numbers to Matrix ids. The use of this service is optional. A globally federated cluster of trusted identity servers verify and replicate the mappings, although this is considered a stopgap solution until a fully decentralized identity solution is adopted. User IDs used in conversations will soon be decoupled from permanent IDs, allowing one to decorrelate users from their messages. diff --git a/protocols/ssb.md b/protocols/ssb.md index 6b91b89..23c42ef 100644 --- a/protocols/ssb.md +++ b/protocols/ssb.md @@ -104,5 +104,5 @@ Other applications include: - [Overview](https://scuttlebot.io/more/protocols/secure-scuttlebutt.html) - [Ssb concepts](https://handbook.scuttlebutt.nz/concepts/) -- [Dark Crystal ssb protocol docs](https://darkcrystal.pw/ssb-protocol-docs.html) +- [Dark Crystal ssb protocol docs](https://darkcrystal.pw) - [3box comparison of p2p DBs: GUN, OrbitDB, Scuttlebutt](https://medium.com/3box/3box-research-comparing-distributed-databases-gun-orbitdb-and-scuttlebutt-2e3b5da34ef3)