Still a ways to go, but here's a nomadic identity (this one only has one instance at the moment) incorporating some of the recent changes from FEP-ef61 - which required re-starting the testing regimen.
The sticky spots I see right now are abstracting a more portable url for profile-photo, cover-photo, and ed25519 publickey. Some portable links may not be portable across different platforms because the target platform may not support a particular data type, but ultimately we'll do our best to make everything portable within the same architecture and as easy as possible to map your data across divergent platforms.
Also working on a filter to turn this into an instance-neutral export file where the gateway urls are abstracted away and replaced with 'ap://' URLs. You should be able to import the resulting record into any FEP-ef61 compliant server running on any fediverse platform and have one identity to rule them all.
Note that there are a number of instance-specific non-portable links in this record. The export record will remove many and possibly all of them.
Don't try to follow this account, it's running in an isolated dev environment.
{<br> "@context": [<br> "https://www.w3.org/ns/activitystreams",<br> "https://w3id.org/security/v1",<br> "https://www.w3.org/ns/did/v1",<br> "https://w3id.org/security/multikey/v1",<br> "https://w3id.org/security/data-integrity/v1",<br> "https://purl.archive.org/socialweb/webfinger",<br> {<br> "gateway": {<br> "@id": "https://w3id.org/fep/ef61/gateway",<br> "@type": "@id",<br> "@container": "@list"<br> },<br> "nomad": "https://purl.org/nomad#",<br> "toot": "http://joinmastodon.org/ns#",<br> "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",<br> "oauthRegistrationEndpoint": "nomad:oauthRegistrationEndpoint",<br> "sensitive": "as:sensitive",<br> "movedTo": "as:movedTo",<br> "discoverable": "toot:discoverable",<br> "indexable": "toot:indexable",<br> "Hashtag": "as:Hashtag",<br> "canReply": "toot:canReply",<br> "canSearch": "nomad:canSearch",<br> "expires": "nomad:expires",<br> "directMessage": "nomad:directMessage",<br> "Category": "nomad:Category",<br> "copiedTo": "nomad:copiedTo",<br> "permissions": "nomad:permissions",<br> "searchContent": "nomad:searchContent",<br> "searchTags": "nomad:searchTags",<br> "collectionOf": "nomad:collectionOf",<br> "openwebauth": "nomad:openwebauth",<br> "authredirect": "nomad:authredirect"<br> }<br> ],<br> "id": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6",<br> "type": "Person",<br> "attachment": [],<br> "name": "nomad1",<br> "icon": {<br> "type": "Image",<br> "mediaType": "image/webp",<br> "updated": "2024-05-04T21:13:05Z",<br> "url": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6/photo/profile/l/15",<br> "height": 300,<br> "width": 300<br> },<br> "published": "2024-03-25T21:17:11Z",<br> "tag": [<br> {<br> "type": "Note",<br> "name": "Protocol",<br> "content": "zot6"<br> },<br> {<br> "type": "Note",<br> "name": "Protocol",<br> "content": "nomad"<br> },<br> {<br> "type": "Note",<br> "name": "Protocol",<br> "content": "activitypub"<br> }<br> ],<br> "updated": "2024-03-25T21:17:11Z",<br> "url": "https://streams.lndo.site/channel/nomad1",<br> "canSearch": [],<br> "inbox": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6/inbox",<br> "outbox": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6/outbox",<br> "followers": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6/followers",<br> "following": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6/following",<br> "permissions": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6/permissions",<br> "endpoints": {<br> "sharedInbox": "https://streams.lndo.site/inbox",<br> "oauthRegistrationEndpoint": "https://streams.lndo.site/api/client/register",<br> "oauthAuthorizationEndpoint": "https://streams.lndo.site/authorize",<br> "oauthTokenEndpoint": "https://streams.lndo.site/token",<br> "searchContent": "https://streams.lndo.site/search/nomad1?search={}",<br> "searchTags": "https://streams.lndo.site/search/nomad1?tag={}",<br> "openwebauth": "https://streams.lndo.site/owa",<br> "authredirect": "https://streams.lndo.site/magic"<br> },<br> "publicKey": {<br> "id": "https://streams.lndo.site/channel/nomad1?operation=rsakey",<br> "owner": "https://streams.lndo.site/channel/nomad1",<br> "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",<br> "publicKeyPem": "-----BEGIN PUBLIC KEY-----<br>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxzK3izOL4Q8T0gteL5z4<br>kGB9FBTJKBuQcp9J6s5joZcq6lZRlLtiFbVUb7YB6kabiTC3ZpR+aUBxtYBss7fO<br>W+FTSmmFIOmQl6nMWyqwnlzjuNfOwqwDvCsde5uGoJFqCAcZtjtF3kYgV936kWbW<br>uJKqXkUBEW5bz1v3l0DgjPk9yyeVY+CmwD4PKBkIteAG98Tm9Fb5mkckRbeqmjXL<br>0uL/pQyIZU84zJ0vk1iG4ur7K2mPMf7dFoWxZbce/sR1iNrayEb/TczLtrteGTSe<br>vQmYYsvFd56I90Vvgr42uj+Q5+TOk5yHNh4OHDqOmWnmBCf1n3aPMaNhMUDPmssQ<br>L6EVOLrbdAwIzwHYL0Z46yMgKUcmv5asxyTTv9IGYb1QrFf8wcuOfNBwmkEKgkMz<br>oQ6ngVcChayXMVj2vfPAU0a4Mdiw0GZdZEulRp1rLdw8+QoKXQlRjn4ks49o8PId<br>7arhr1ca/SDGTmQyOqawZSuYhgZ/2qpzuArRHouBeZXbrccJIu9RtS/3J1/Pi//8<br>hKHBvBKMl6YCtFrYpsRIDeTbFH3iDoMHPWn3rksWMb6RU/YK7Op+APNKjm+/1WVI<br>kf0glUoIHWGadBcz7GBVnM+92djVcSPj0yeFpeOCWIztfGF5YQu+N2Olig9ri1Ax<br>EbFEkTtsocQn1tR0xn/wKl0CAwEAAQ==<br>-----END PUBLIC KEY-----<br>"<br> },<br> "preferredUsername": "nomad1",<br> "discoverable": true,<br> "manuallyApprovesFollowers": true,<br> "webfinger": "acct:nomad1@streams.lndo.site",<br> "indexable": false,<br> "assertionMethod": [<br> {<br> "id": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6?operation=ed25519key",<br> "type": "Multikey",<br> "controller": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6",<br> "publicKeyMultibase": "z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6"<br> }<br> ],<br> "gateway": [<br> "https://streams.lndo.site"<br> ],<br> "proof": {<br> "type": "DataIntegrityProof",<br> "cryptosuite": "eddsa-jcs-2022",<br> "created": "2024-05-04T22:07:56Z",<br> "verificationMethod": "https://streams.lndo.site/.well-known/apgateway/did:key:z6MkovtpQRzHfKCg7N3gM7WexJdPFqx1dhJYveaFkFzjqtu6",<br> "proofPurpose": "assertionMethod",<br> "proofValue": "z3dFc2Nabch5CoAz3YW1JhmbX9QnPMy9TL9AbVynpom6tpnzL8eT9SuYgP5DXD8HLMFwxZB73BdVmbhHAvrErECa9"<br> }<br>}
Hamiller Friendica mag das.
silverpill
Als Antwort auf Mike Macgirvin 🖥️ • • •I can spot several differences between this document and the latest revision of FEP-ef61:
- FEP-ef61 now uses
gateways
property, notgateway
. I changed the property name because its value is an ordered list (and we already havereplies
andorderedItems
, so a plural doesn't feel inappropriate).- Canonical object ID has no path component. FEP-ef61 says that path is REQUIRED (according to RFC 3986, the path can be "empty", so I should probably change it to "path MUST NOT be empty").
- The value of
proof.verificationMethod
is a "compatible" ID, but according to FEP-ef61, "The value of verificationMethod property of the proof MUST match the authority component of the ap:// URL". In other words, it must be a DID.Of course, all of that is up to discussion, and the spec can be changed if necessary.
>The sticky spots I see right now are abstracting a more portable url for profile-photo, cover-photo
We can use content-addressing. See
... mehr anzeigenI can spot several differences between this document and the latest revision of FEP-ef61:
- FEP-ef61 now uses
gateways
property, notgateway
. I changed the property name because its value is an ordered list (and we already havereplies
andorderedItems
, so a plural doesn't feel inappropriate).- Canonical object ID has no path component. FEP-ef61 says that path is REQUIRED (according to RFC 3986, the path can be "empty", so I should probably change it to "path MUST NOT be empty").
- The value of
proof.verificationMethod
is a "compatible" ID, but according to FEP-ef61, "The value of verificationMethod property of the proof MUST match the authority component of the ap:// URL". In other words, it must be a DID.Of course, all of that is up to discussion, and the spec can be changed if necessary.
>The sticky spots I see right now are abstracting a more portable url for profile-photo, cover-photo
We can use content-addressing. See Discussion / Media section.
>and ed25519 publickey
I assume you're referring to the need for it to be a server-owned key? Per FEP-521a we can add multiple keys to
assertionMethod
array. Each nomadic clone can use its own key for signing HTTP requests, only the identity key (the "authority" part of 'ap' URL) must be shared.>You should be able to import the resulting record into any FEP-ef61 compliant server running on any fediverse platform and have one identity to rule them all.
In my implementation exported objects and the ones sent via S2S protocol will probably look the same, because in the future I will perform proof generation on the client side. This means the server will not be able to change published objects, its role will be merely of an indexer.
fep/fep/ef61/fep-ef61.md at main
Codeberg.orgMike Macgirvin 🖥️
Als Antwort auf silverpill • • •silverpill
Als Antwort auf Mike Macgirvin 🖥️ • • •did:ap
, to distinguish between DID URLs and DIDs. However, with the introduction of 'ap' URLs this requirement can be relaxed. I'm just not sure if it should be.