Conversation

Notices

1. Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:01 UTC Christine Lemmer-Webber

   ActivityPub left giant holes in the spec around two things which sound the same but which are not the same: Authentication and Authorization

   Trying to mix these two, you accidentally get ACLs, and then you get confused deputies and ambient authority, plagues of the security world

   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:00 UTC Christine Lemmer-Webber

     in reply to

     • The Spritely Institute

     Anyway, if you know *anything* about me, you know I am a big fan of capability security (ocaps) and that's the foundation of our work over at @spritely

     But we will come back to ocaps in a second because it turns out OCapPub is not the only time I proposed AP + ocaps!

   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:05 UTC Christine Lemmer-Webber

     in reply to

     The other time I wrote about ActivityPub + ocaps was in a proposal to, yes, Twitter's Bluesky process in 2020 with Jay Graber titled... "ActivityPub + OCaps"! https://gitlab.com/-/snippets/2535398

     I think that document laid out all the right ideas for *the fediverse* (not saying bsky, the fediverse)

   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:05 UTC Christine Lemmer-Webber

     in reply to

     Spec-wise in ActivityPub, I think it's possible. The ecosystem, as deployed? I think the ecosystem can and will only do part of it, if we really get everyone excited, maybe the content addressed storage and decentralized identity parts, in which case the fediverse will also survive nodes going down

   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:06 UTC Christine Lemmer-Webber

     in reply to

     (cotd ...)

     - Better anti-spam / anti-harassment using OCapPub ideas
     - Improved privacy with E2EE ("encrypted p2p" even a better goal)

     Whew! An improved fediverse?

     "Uh, Christine, this sounds like a lot, do you think the fediverse can take this on?"

   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:07 UTC Christine Lemmer-Webber

     in reply to

     • The Spritely Institute

     Now I want to be clear here that I *don't* think that proposal was necessarily the right one for Bluesky, and I *do* think Jay Graber *was* the right person to lead Bluesky

     What I wanted to do required a lot more research, and we have done that over at @spritely instead

     Itan [β]   :fediverse: repeated this.
   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:07 UTC Christine Lemmer-Webber

     in reply to

     Here is your recipe for making the "Correct Fediverse IMO (TM)":

     - Integrate ocaps, which is possible because actor model + ocaps compose
     - Content addressed storage!
     - Decentralized identity (notice the *y*, I did not say DIDs) on top of ~mutable CAS storage
     - Petname system UX

     (cotd...)

     Itan   :fedi: and Itan [β]   :fediverse: repeated this.
   • Christine Lemmer-Webber (cwebber@social.coop)'s status on Saturday, 23-Nov-2024 16:13:08 UTC Christine Lemmer-Webber

     in reply to

     The reason I bring up the proposal here is that I think it has all the right analysis of *what the fediverse should do*, if it was going to rise to the challenge of fulfilling its true potential

     So let me lay out what the things in that proposal were:

     Itan   :fedi: and Itan [β]   :fediverse: repeated this.