diff --git a/index.html b/index.html index ab50b41..2703756 100644 --- a/index.html +++ b/index.html @@ -9,7 +9,7 @@ // All config options at https://respec.org/docs/ var respecConfig = { specStatus: "CG-DRAFT", - editors: [{ name: "Evan Prodromou", url: "https://evanp.me/" }, { name: "a", url: "https://trwnh.com" }], + editors: [{ name: "a", url: "https://trwnh.com" }, { name: "Evan Prodromou", url: "https://evanp.me/" }], github: "swicg/activitypub-webfinger", shortName: "apwf", xref: "web-platform", @@ -38,11 +38,11 @@

Motivation

Conventionally, people can be identified by their user@domain address, while documents can be identified by their HTTPS location.

-
-

Discovery

+
+

Discovery

-
-

Discovery of an actor document given a WebFinger address

+
+

Forward discovery of an actor document given a WebFinger address

Given a username and hostname in the form user@domain:

  1. Construct an acct: URI of the form acct:user@domain (as defined in [[RFC7565]])
    2. @@ -80,14 +80,85 @@

    Discovery of an actor document given a WebFinger addr

    At this point, you can parse for the href of the element of links that has a rel of self and a type of either application/ld+json; profile="https://www.w3.org/ns/activitystreams" or application/activity+json (depending on the implementation).

    Due to the prevailing use of WebFinger addresses as canonical primary identifiers for users, implementations that require WebFinger for compatibility will often also deduplicate actors based on the WebFinger address. Therefore, it is generally expected that there is only one self link to an ActivityStreams document, in a unary relationship.

-
-

Reverse discovery of a WebFinger address given an actor document

+
+

Reverse discovery of a WebFinger address given an actor document

Given an actor with an id and a preferredUsername:

  1. Take the hostname of the id to discover the WebFinger domain
  2. Combine the preferredUsername and the WebFinger domain in order to form a WebFinger address
    3. -
  3. Verify that this WebFinger address links back to the same actor when performing discovery as described in . Optionally: If the subject contains an acct: URI different from the one you constructed, perform a verification discovery against that acct: URI instead. (In such cases, the subject of the JRD denotes the expected canonical identifier.)
    4. +
  4. Verify that this WebFinger address links back to the same actor when performing discovery as described in
    5. +
  5. Optionally: If the subject from the previous step contains an acct: URI different from the one you constructed, perform a verification discovery against that acct: URI afterward. (In such cases, the subject of the JRD denotes the expected canonical identifier.)
+

For example, given an actor document at https://activitypub.example.com/actor/1 like so:

+
+{
+  "@context": "https://www.w3.org/ns/activitystreams",
+  "id": "https://activitypub.example.com/actor/1",
+  "preferredUsername": "alice"
+}
+
+

The reverse discovery process would extract alice and activitypub.example.com, construct the acct: URI acct:alice@activitypub.example.com, then request https://activitypub.example.com/.well-known/webfinger?resource=acct:alice@activitypub.example.com like so:

+
+GET /.well-known/webfinger?resource=acct:alice@activitypub.example.com HTTP/1.1
+Host: activitypub.example.com
+
+HTTP/1.1 200 OK
+Content-Type: application/jrd+json
+
+{
+  "subject": "acct:alice@example.com",
+  "aliases": [
+    "https://example.com/@alyssa",
+    "https://activitypub.example.com/actors/1"
+  ],
+  "links": [
+    {
+      "rel": "http://webfinger.net/rel/profile-page",
+      "type": "text/html",
+      "href": "https://example.com/@alyssa"
+    },
+    {
+      "rel": "self",
+      "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
+      "href": "https://activitypub.example.com/actors/1"
+    }
+  ]
+}
+
+

At this point, we have validated that alice@activitypub.example.com links back to our actor document, but we can optionally verify that the canonical WebFinger address of alice@example.com also links back to the same actor document:

+
+GET /.well-known/webfinger?resource=acct:alice@example.com HTTP/1.1
+Host: example.com
+
+HTTP/1.1 307 Temporary Redirect
+Location: https://activitypub.example.com/.well-known/webfinger?resource=acct:alice@example.com
+
+GET /.well-known/webfinger?resource=acct:alice@example.com HTTP/1.1
+Host: activitypub.example.com
+
+HTTP/1.1 200 OK
+Content-Type: application/jrd+json
+
+{
+  "subject": "acct:alice@example.com",
+  "aliases": [
+    "https://example.com/@alyssa",
+    "https://activitypub.example.com/actors/1"
+  ],
+  "links": [
+    {
+      "rel": "http://webfinger.net/rel/profile-page",
+      "type": "text/html",
+      "href": "https://example.com/@alyssa"
+    },
+    {
+      "rel": "self",
+      "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
+      "href": "https://activitypub.example.com/actors/1"
+    }
+  ]
+}
+