FEP-7502: Limiting visibility to authenticated actors

Warning

このFEPはまだ翻訳されていません。

ここから翻訳に協力することができます。

Summary

Some servers require authentication for all requests made via ActivityPub, even for GET requests on public objects addressed to as:Public. This violates the requirement that anything addressed to as:Public is made available without requiring authentication. This FEP proposes an alternative addressing that may be used in such scenarios, signaling that the object is not fully public but is otherwise available to any actor.

Prior art

(このセクションは非規範的です。)

ActivityPub issue 339 discusses the shortcomings of as:Public and proposed a new delivery/addressing target of as:Authenticated, but this proposal was never adopted. The distinction between the two is as follows:

Public : Available to anyone without authentication

Authenticated : Available to any actor after authentication

Issues raised with this approach include:

  • the lack of semantic clarity around addressing pseudo-collections (including as:Public) as it relates to post-delivery use cases
  • the ease of creating puppet actors making this ineffective for anti-abuse use cases
  • the potential for tracking authenticated fetches that may occur

The concern with semantic clarity is unaddressed, as replacing as:Public with a different mechanism to signal fully public objects is out-of-scope for this FEP. However, this mechanism is still useful for addressing different concerns:

  • signaling an intent to disallow unauthenticated access, instead of lying about the object being fully "public"
  • a minimal level of tracking authentication being desirable in cases where blocks are to be enforced, by adding friction to fetching

In WAC, there is a distinction made between an "agent" (http://xmlns.com/foaf/0.1/Agent) and an "authenticated agent" (http://www.w3.org/ns/auth/acl#AuthenticatedAgent). This FEP proposes an addressing target for the latter.

Proposal

In addition to collections and objects, Activities may additionally be addressed to a special "authenticated" collection, with the identifier http://www.w3.org/ns/auth/acl#AuthenticatedAgent.

Activities addressed to this special URI shall be accessible to all actors, with authentication. Implementations MUST NOT deliver to the "authenticated" special collection; it is not capable of receiving actual activities.

An activity SHOULD NOT be addressed to both "public" and "authenticated". In such a case, addressing to "authenticated" has no effect while also addressed to "public".

Overview

  • ActivityPub Clients MAY author an activity that is addressed to or cc or includes in the audience the "authenticated agents" special identifier.
  • ActivityPub Servers receiving such an activity addressed to "authenticated agents" MUST enforce some method of authenticating actors on fetch, if the activity is persisted. (No specific method is required by this FEP, but in most practical cases it is currently sufficient to use the HTTP Signatures Cavage draft and sign the GET request with a domain-wide internal fetch actor representing the service running on that domain.)
  • ActivityPub Federated Servers that operate as an "instance" receiving such an activity addressed to "authenticated agents" MUST NOT serve representations of the received activity to any logged-out users.

実装

Pixelfed intends to implement this FEP when "signed fetch" is enabled, such that the resulting data returned after a signed fetch does not include as:Public.

Terms defined

Authenticated

URI
http://www.w3.org/ns/auth/acl#AuthenticatedAgent
Label
Anyone authenticated
Subclass of
Agent
Is defined by
Basic Access Control ontology

参考文献

著作権

CC0 1.0 ユニバーサル (CC0 1.0) パブリック ドメイン

法律で認められる範囲において、この Fediverse 拡張提案の著者は、この作品に対するすべての著作権および関連する権利または隣接する権利を放棄しています。