activitypub
activitypub copied to clipboard
w3c
Section 5.1 "Outbox" describes returning "objects" or "posts" instead of "activities"
https://www.w3.org/TR/activitypub/#outbox
The outbox is discovered through the outbox property of an actor's profile. The outbox MUST be an OrderedCollection.
The outbox stream contains activities the user has published, subject to the ability of the requestor to retrieve the activity (that is, the contents of the outbox are filtered by the permissions of the person reading it). If a user submits a request without Authorization the server should respond with all of the Public posts. This could potentially be all relevant objects published by the user, though the number of available items is left to the discretion of those implementing and deploying the server.
The outbox accepts HTTP POST requests, with behaviour described in Client to Server Interactions.
Conclusion
Some changes:
- "requestor" -> "requester"
- Insert a comma after "Authorization"
- "all of the Public posts" -> "all of the Public activities"
- "all relevant objects" -> "all relevant activities"
Taken together, we can propose the following errata:
Section 5.1 "Outbox", second paragraph should read: ''The outbox stream contains activities the user has published, subject to the ability of the requester to retrieve the activity (that is, the contents of the outbox are filtered by the permissions of the person reading it). If a user submits a request without Authorization, the server should respond with all of the Public activities. This could potentially be all relevant activities published by the user, though the number of available items is left to the discretion of those implementing and deploying the server.''
All four of your bullet points are probably valid errata, and we could probably do them all in one shot.
I'd also change "user" to "actor" in the paragraph, to make it clear which user's activities to return.
I'm going to mark this as needs errata.
Proposed erratum added:
The outbox stream contains activities the actor has published, subject to the ability of the requester to retrieve the activity (that is, the contents of the outbox are filtered by the permissions of the person reading it). If a requester submits a request without Authorization, the server should respond with all of the Public activities. This could potentially be all relevant activities published by the actor, though the number of available items is left to the discretion of those implementing and deploying the server.
The proposed description of outbox is much better than the current one, but I searched through AP, AS2 and Activity Vocabulary documents and didn't find another instance of using "published" in the context of activities. Activities are usually "performed", not "published".
For example, in section 3.2 Actor Types of Activity Vocabulary, actors are described as "Object types that are capable of performing activities". The actor property is described as "entities that either performed or are expected to perform the activity".
I suggest replacing "published by actor" with "performed by actor" to align outbox description with other documents and to avoid ambiguity.
Section 4.1 Actor objects describes outbox as "OrderedCollection comprised of all the messages produced by the actor". I suggest replacing "produced" with "performed" there as well.
[@silverpill] Section 4.1 Actor objects describes outbox as "OrderedCollection comprised of all the messages produced by the actor". I suggest replacing "produced" with "performed" there as well.
That doesn't quite make sense to me. An actor doesn't "perform" a "message", they "perform" an "activity". Perhaps "comprised of all the messages produced by the activities performed by the actor", though that feels a little clumsy...?
I think replacing "produced" with "performed" is going too far, since it's up to whoever owns the outbox to decide what it contains. The outbox is an HTTP resource with its own semantics; ActivityPub defines that it contains Activities, but it's a matter of protocol or implementation detail which specific activities end up in there. For example in the case of inbox forwarding, an implementer may reasonably want to insert forwarded activities into the outbox. (The trust considerations are separate from this; such forwarded activities can be verified by re-fetching from origin, or by validating an attached signature, or by some other agreed-upon method.) There should be some freedom in what any given entity decides to publish or not.
That doesn't quite make sense to me. An actor doesn't "perform" a "message", they "perform" an "activity". Perhaps "comprised of all the messages produced by the activities performed by the actor", though that feels a little clumsy...?
@TallTed I think we can write "...comprised of all the activities performed by the actor". ActivityPub specification sometimes says "message" instead of "activity" because objects can also be POSTed to outbox (6. Client to Server Interactions):
The body of the POST request MUST contain a single Activity (which MAY contain embedded objects), or a single non-Activity object which will be wrapped in a Create activity by the server.
6.2.1 Object creation without a Create Activity:
The server then MUST attach this object as the object of a Create Activity.
Since objects are always wrapped in Create, the items of outbox collection will always be activities.
For example in the case of inbox forwarding, an implementer may reasonably want to insert forwarded activities into the outbox.
@trwnh According to section 7.1.2 Forwarding from Inbox, activities are forwarded by a server, not by an actor, so I don't think they are supposed to appear in any outbox. Existing implementations certainly don't put them there.