FEP-7502: Limiting visibility to authenticated actors
Summary
Some servers require authentication for all requests made via ActivityPub, even for GET requests on public objects addressed to as:Public. This violates the requirement that anything addressed to as:Public is made available without requiring authentication. This FEP proposes an alternative addressing that may be used in such scenarios, signaling that the object is not fully public but is otherwise available to any actor.
Prior art
(このセクションは非規範的です。)
ActivityPub issue 339 discusses the shortcomings of as:Public and proposed a new delivery/addressing target of as:Authenticated, but this proposal was never adopted. The distinction between the two is as follows:
Public : Available to anyone without authentication
Authenticated : Available to any actor after authentication
Issues raised with this approach include:
- the lack of semantic clarity around addressing pseudo-collections (including as:Public) as it relates to post-delivery use cases
- the ease of creating puppet actors making this ineffective for anti-abuse use cases
- the potential for tracking authenticated fetches that may occur
The concern with semantic clarity is unaddressed, as replacing as:Public with a different mechanism to signal fully public objects is out-of-scope for this FEP. However, this mechanism is still useful for addressing different concerns:
- signaling an intent to disallow unauthenticated access, instead of lying about the object being fully "public"
- a minimal level of tracking authentication being desirable in cases where blocks are to be enforced, by adding friction to fetching
In WAC, there is a distinction made between an "agent" (http://xmlns.com/foaf/0.1/Agent) and an "authenticated agent" (http://www.w3.org/ns/auth/acl#AuthenticatedAgent). This FEP proposes an addressing target for the latter.
Proposal
In addition to collections and objects, Activities may additionally be addressed to a special "authenticated" collection, with the identifier http://www.w3.org/ns/auth/acl#AuthenticatedAgent.
Activities addressed to this special URI shall be accessible to all actors, with authentication. Implementations MUST NOT deliver to the "authenticated" special collection; it is not capable of receiving actual activities.
An activity SHOULD NOT be addressed to both "public" and "authenticated". In such a case, addressing to "authenticated" has no effect while also addressed to "public".
Overview
- ActivityPub Clients MAY author an activity that is addressed
toorccor includes in theaudiencethe "authenticated agents" special identifier. - ActivityPub Servers receiving such an activity addressed to "authenticated agents" MUST enforce some method of authenticating actors on fetch, if the activity is persisted. (No specific method is required by this FEP, but in most practical cases it is currently sufficient to use the HTTP Signatures Cavage draft and sign the GET request with a domain-wide internal fetch actor representing the service running on that domain.)
- ActivityPub Federated Servers that operate as an "instance" receiving such an activity addressed to "authenticated agents" MUST NOT serve representations of the received activity to any logged-out users.
実装
Pixelfed intends to implement this FEP when "signed fetch" is enabled, such that the resulting data returned after a signed fetch does not include as:Public.
Terms defined
Authenticated
- URI
http://www.w3.org/ns/auth/acl#AuthenticatedAgent- Label
- Anyone authenticated
- Subclass of
- Agent
- Is defined by
- Basic Access Control ontology
参考文献
- ActivityPub Christine Lemmer Webber, Jessica Tallon, ActivityPub, 2018
- 339 kaniini, as:Authenticated proposal, 2019
- WAC Sarven Capadisli, Tim Berners-Lee, Henry Story, Web Access Control, 2023
著作権
CC0 1.0 ユニバーサル (CC0 1.0) パブリック ドメイン
法律で認められる範囲において、この Fediverse 拡張提案の著者は、この作品に対するすべての著作権および関連する権利または隣接する権利を放棄しています。