Concept for discussion: Replacing HTTP Signatures with Bearer Tokens for ActivityPub Federation
-
@kopper@not-brain.d.on-t.work sure, but I actually prefer this being out-of-band since it's much simpler to implement and verify. Not everything needs to be a relational document, especially not authentication data with secrets!
@hazelnoot yeah but won't you think of the poor international standards organization W3C -
@hazelnoot yeah but won't you think of the poor international standards organization W3C
Not knowledgeable enough on the subject, but saw @cwebber a couple of times advising UCAN as currently the best choice in anticipation of more of the OCapN efforts to become available. If we start looking on very different approaches, I wonder how - if at all - UCAN fits in, and whether someone is already exploring that direction.
Also I'd be in favor of going a direction that brings fediverse closer to actor model again, rather than further away.
-
Not knowledgeable enough on the subject, but saw @cwebber a couple of times advising UCAN as currently the best choice in anticipation of more of the OCapN efforts to become available. If we start looking on very different approaches, I wonder how - if at all - UCAN fits in, and whether someone is already exploring that direction.
Also I'd be in favor of going a direction that brings fediverse closer to actor model again, rather than further away.
@smallcircles @hazelnoot @cwebber I'm worried that capabilities in their entirety are an extremely dramatic break from current fedi, which makes it pretty much impossible to gain any adoption without a complete backwards-incompatible break that somehow all software are onboard with.
These tokens are a bit easier to implement which I would imagine would help adoption, but I'm still doubtful it will happen as it would also be a (smaller) backwards compatibility break.
For comparison, our Mastodon overlords seem to be doubling down on HTTP signatures though: github.com/mastodon/mastodon/pull/34814 -
@smallcircles @hazelnoot @cwebber I'm worried that capabilities in their entirety are an extremely dramatic break from current fedi, which makes it pretty much impossible to gain any adoption without a complete backwards-incompatible break that somehow all software are onboard with.
These tokens are a bit easier to implement which I would imagine would help adoption, but I'm still doubtful it will happen as it would also be a (smaller) backwards compatibility break.
For comparison, our Mastodon overlords seem to be doubling down on HTTP signatures though: github.com/mastodon/mastodon/pull/34814I wonder at what cost backwards-compatibility should for always be retained, and what kind of fediverse that'll give us in the future.
The other day I had a good brainstorm with @trwnh and @steve about an AP-compliant protocol extension returning to the promise of the conceptual architecture. Actor model + service-orientation.
Breaking compat with masto-flavored fedi and abstractions introduced but not part of the spec. No sharedInbox, etc.
Protosocial ActivityPub protocol
Protosocial ActivityPub v1.0.0 Pro-social protocol suite for the social web, based on ActivityPub Protosocial ActivityPub protocol is an extension of W3C ActivityPub that focuses on ease of use for the developm…
Discuss Social Coding (discuss.coding.social)
-
I wonder at what cost backwards-compatibility should for always be retained, and what kind of fediverse that'll give us in the future.
The other day I had a good brainstorm with @trwnh and @steve about an AP-compliant protocol extension returning to the promise of the conceptual architecture. Actor model + service-orientation.
Breaking compat with masto-flavored fedi and abstractions introduced but not part of the spec. No sharedInbox, etc.
Protosocial ActivityPub protocol
Protosocial ActivityPub v1.0.0 Pro-social protocol suite for the social web, based on ActivityPub Protosocial ActivityPub protocol is an extension of W3C ActivityPub that focuses on ease of use for the developm…
Discuss Social Coding (discuss.coding.social)
@kopper @hazelnoot @cwebber @trwnh @steve
You are most welcome to join the Groundwork labs matrix chatroom, which is themed to discussing how we can "lay the groundwork", the foundational technology base, for the next-gen social web.
You're invited to talk on Matrix
You're invited to talk on Matrix
(matrix.to)
-
@kopper @hazelnoot @cwebber @trwnh @steve
You are most welcome to join the Groundwork labs matrix chatroom, which is themed to discussing how we can "lay the groundwork", the foundational technology base, for the next-gen social web.
You're invited to talk on Matrix
You're invited to talk on Matrix
(matrix.to)
@smallcircles@social.coop @kopper@not-brain.d.on-t.work @cwebber@social.coop @trwnh@mastodon.social @steve@social.technoetic.com I appreciate the invite, but I get the sense that I would be ideologically at odds with everyone else ​
​
-
@smallcircles@social.coop @kopper@not-brain.d.on-t.work @cwebber@social.coop @trwnh@mastodon.social @steve@social.technoetic.com I appreciate the invite, but I get the sense that I would be ideologically at odds with everyone else ​
@trwnh@mastodon.social @steve@social.technoetic.com @smallcircles@social.coop @cwebber@social.coop @kopper@not-brain.d.on-t.work as an example, this:
an AP-compliant protocol extension returning to the promise of the conceptual architecture. Actor model + service-orientation.
Is pretty much the opposite of where I think we should go. Not presuming to know more than actual AP designers, but as someone who builds and operates AP platforms my experience points towards instance-first being a more suitable design if federation is actually the goal. (as opposed to "true" decentralization like Nostr).
Breaking compat with masto-flavored fedi and abstractions introduced but not part of the spec. No sharedInbox, etc. -
@trwnh@mastodon.social @steve@social.technoetic.com @smallcircles@social.coop @cwebber@social.coop @kopper@not-brain.d.on-t.work as an example, this:
an AP-compliant protocol extension returning to the promise of the conceptual architecture. Actor model + service-orientation.
Is pretty much the opposite of where I think we should go. Not presuming to know more than actual AP designers, but as someone who builds and operates AP platforms my experience points towards instance-first being a more suitable design if federation is actually the goal. (as opposed to "true" decentralization like Nostr).
Breaking compat with masto-flavored fedi and abstractions introduced but not part of the spec. No sharedInbox, etc.@hazelnoot @steve @smallcircles @cwebber @kopper
> as someone who builds and operates [...] platforms
yeah, this is probably the fundamental distinction. anyone is free to agree or disagree with anything, but my personal direction is to do away with siloed platforms and make it easier to maintain personal websites. it's less about federating platforms and more about making the web be the platform. current fedi is more syndication than federation
-
@hazelnoot @steve @smallcircles @cwebber @kopper
> as someone who builds and operates [...] platforms
yeah, this is probably the fundamental distinction. anyone is free to agree or disagree with anything, but my personal direction is to do away with siloed platforms and make it easier to maintain personal websites. it's less about federating platforms and more about making the web be the platform. current fedi is more syndication than federation
@trwnh@mastodon.social @steve@social.technoetic.com @smallcircles@social.coop @cwebber@social.coop @kopper@not-brain.d.on-t.work that divide explains a lot, actually. The difference in goals might be causing much of the bikeshedding and conflict that tends to stall major changes to AP. Not sure what to do about that now, though
-
@trwnh@mastodon.social @steve@social.technoetic.com @smallcircles@social.coop @cwebber@social.coop @kopper@not-brain.d.on-t.work that divide explains a lot, actually. The difference in goals might be causing much of the bikeshedding and conflict that tends to stall major changes to AP. Not sure what to do about that now, though
@hazelnoot @kopper if i had to guess at what's leading to stalling, it's probably more that some aspects of the specs were not fully developed in time, and fedi made some choices based on incomplete guidance that resulted in tech debt, and now some factions want to fix the problems, while other factions want to ratify the problems. i guess you could chalk this up to "difference in goals" but there's also a certain amount of resistance to paying that tech debt.
-
@hazelnoot @kopper if i had to guess at what's leading to stalling, it's probably more that some aspects of the specs were not fully developed in time, and fedi made some choices based on incomplete guidance that resulted in tech debt, and now some factions want to fix the problems, while other factions want to ratify the problems. i guess you could chalk this up to "difference in goals" but there's also a certain amount of resistance to paying that tech debt.
@trwnh@mastodon.social @kopper@not-brain.d.on-t.work that makes sense. I'm honestly conflicted on that, since I'm generally in favor of fixing tech debt but this situation carries a strong risk of fracturing the network. Fedi admins are kindof infamously bad at updating...
-
@trwnh@mastodon.social @kopper@not-brain.d.on-t.work that makes sense. I'm honestly conflicted on that, since I'm generally in favor of fixing tech debt but this situation carries a strong risk of fracturing the network. Fedi admins are kindof infamously bad at updating...
@trwnh@mastodon.social @kopper@not-brain.d.on-t.work like, people still use FireFish even though it has known unfixed vulnerabilities and clear migration path to supported alternatives.
-
@trwnh@mastodon.social @kopper@not-brain.d.on-t.work like, people still use FireFish even though it has known unfixed vulnerabilities and clear migration path to supported alternatives.
@hazelnoot @kopper yeah, you'd need buy-in from existing softwares to implement some kind of transition period, but outside of mastodon recently i don't think anyone wants to charge ahead with new stuff. but mastodon doesnt want the responsibility of stewarding their own protocol, so it's convenient to paint it as a common approach to avoid concerns of "mastodon EEE" or whatever people are going to say when any attempt at progress is led by mastodon
-
@hazelnoot @kopper yeah, you'd need buy-in from existing softwares to implement some kind of transition period, but outside of mastodon recently i don't think anyone wants to charge ahead with new stuff. but mastodon doesnt want the responsibility of stewarding their own protocol, so it's convenient to paint it as a common approach to avoid concerns of "mastodon EEE" or whatever people are going to say when any attempt at progress is led by mastodon
@hazelnoot @kopper it feels like mastodon has recently become a bit more comfy with "next masto version supports consuming this new thing, next+1 masto version supports producing this thing" and letting everyone else figure out their own plans, so it depends on whether everyone else follows along or not (assuming they want masto compat)
(as someone who doesn't want masto compat, i'm more willing to make breaking changes for my personal website if it makes sense to do so)
