diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2021-11-23 00:15:31 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-23 00:15:31 +0100 |
| commit | 9c44cf205f098ef499854bb52b698b594807b5c7 (patch) | |
| tree | 6517e2d09a2063734b4ba0945a7403a93aa4134e /FEDERATION.md | |
| parent | db32835338e113f23a474d323e398916a999619f (diff) | |
Add FEDERATION.md (#17029)
Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation.
Diffstat (limited to 'FEDERATION.md')
| -rw-r--r-- | FEDERATION.md | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/FEDERATION.md b/FEDERATION.md new file mode 100644 index 000000000..cd1957cbd --- /dev/null +++ b/FEDERATION.md @@ -0,0 +1,30 @@ +## ActivityPub federation in Mastodon + +Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all. + +Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/ + +### Required extensions + +#### Webfinger + +In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`). +This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings. + +As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger. + +More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/ + +#### HTTP Signatures + +In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests). + +Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server. + +More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http + +### Optional extensions + +- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld +- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/ +- Followers collection synchronization: https://git.activitypub.dev/ActivityPubDev/Fediverse-Enhancement-Proposals/src/branch/main/feps/fep-8fcf.md |