closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13012 Commits
4 Branches
567 MiB
Tree: f47c404f88
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f47c404f88'
${ noResults }
mastodon/FEDERATION.md

30 lines
1.7 KiB
Raw Normal View History

Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation.
3 years ago
 
  1. ## ActivityPub federation in Mastodon

  2. 

  3. Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
  4. 

  5. Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
  6. 

  7. ### Required extensions

  8. 

  9. #### Webfinger

  10. 

  11. In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
  12. This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
  13. 

  14. As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
  15. 

  16. More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
  17. 

  18. #### HTTP Signatures

  19. 

  20. In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).
  21. 

  22. Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
  23. 

  24. More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
  25. 

  26. ### Optional extensions

  27. 

  28. - Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
  29. - Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
  30. - Followers collection synchronization: https://git.activitypub.dev/ActivityPubDev/Fediverse-Enhancement-Proposals/src/branch/main/feps/fep-8fcf.md