FEP-9091: Export Actor Service Endpoint
Summary
This FEP defines an API endpoint used to initiate the "Export Actor" operation. The output and semantics of the result of the export operation is out of scope, and left to subsequent FEPs. The endpoint only specifies how to start the operation, and by extension, how to tell if a given Actor's server supports this operation.
Data Model: Export Service Endpoint
Conforming ActivityPub Actor profiles MUST specify their export API endpoints using the
service descriptor property (inspired by the
DID Core Services section, and used in other
FEPs such as FEP-e3e9: Actor Relative URLs):
- The expanded
typeof the service descriptor object MUST behttps://w3id.org/fep/9091#Export(see example below). - The
serviceproperty MUST NOT contain more than one node with the#Exporttype.- If a client encounters multiple service descriptor objects with type ending in
#Export, the client SHOULD just use the first entry.
- If a client encounters multiple service descriptor objects with type ending in
Example Actor Profile with Export Service Endpoint
{
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://www.w3.org/ns/did/v1"
],
"id": "https://alice-personal-site.example/actor",
"type": "Person",
"name": "Alice",
"service": [{
"id": "https://alice-personal-site.example/actor#export",
"type": "https://w3id.org/fep/9091#Export",
"serviceEndpoint": "https://alice-personal-site.example/actor/accountExport"
}]
}
Protocol: Initiating the Export Actor Operation
If a client conforming to this FEP wishes to start the 'Export Actor' process, such as to create a backup of the Actor profile, its private key material, and all content associated with this actor, the client MUST perform the following steps:
- Fetch the Actor profile object.
- Locate the
servicedescription object with the expandedtypeequal tohttps://w3id.org/fep/9091#Export. -
Locate the corresponding
serviceEndpointURL, in that description object.- If no such service description item exists, this means that the server hosting the Actor's profile does not support this operation.
-
The client makes an HTTP
POSTto the URL in theserviceEndpointto initiate the export operation.- The client MUST include appropriate authorization credentials that indicate that it is authorized to perform this operation (that it's authorized to receive the highly private result of account export). The exact format of these authorization credentials is out of scope of this FEP.
Example Request and Response
Example synchronous request (with an empty body) and response:
POST /actor/accountExport HTTP/1.1
Host: alice-personal-site.example
Authorization: Bearer ....
Accept: application/x-tar
Content-Length: 0
HTTP/1.1 200 OK
Content-type: application/x-tar
Transfer-Encoding: chunked
<binary data of the resulting .tar file>
参考文献
-
Christine Lemmer Webber, Jessica Tallon, ActivityPub, 2018
- S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, 1997
- Manu Sporny, Dave Longley, Markus Sabadell, Drummond Reed, Orie Steele, Christopher Allen, Decentralized Identifiers (DIDs) v1.0, 2022
Copyright
CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
To the extent possible under law, the authors of this Fediverse Enhancement Proposal have waived all copyright and related or neighboring rights to this work.