forked from alemi/upub
docs: explained security and fetching and privacy
This commit is contained in:
parent
23da5bec62
commit
29f28701fd
1 changed files with 17 additions and 1 deletions
18
README.md
18
README.md
|
@ -1,7 +1,7 @@
|
|||
# μpub
|
||||
> micro social network, federated
|
||||
|
||||
μpub aims to be a fast, lightweight and secure [ActivityPub](https://www.w3.org/TR/activitypub/) server
|
||||
μpub aims to be a private, lightweight, modular and **secure** [ActivityPub](https://www.w3.org/TR/activitypub/) server
|
||||
|
||||
μpub is currently being developed and can do most basic things, like posting notes, liking things, following others, deliveries and browsing
|
||||
|
||||
|
@ -11,6 +11,22 @@ a test instance is _usually_ available at [feditest.alemi.dev](https://feditest.
|
|||
|
||||
upub's stock frontend is also being developed and can be viewed _usually_ at [feditest.alemi.dev/web](https://feditest.alemi.dev/web)
|
||||
|
||||
## about security
|
||||
most activitypub implementations don't really validate fetches: knowing an activity/object id will allow anyone to resolve it on most fedi software. this is of course unacceptable: "security through obscurity" just doesn't work
|
||||
|
||||
μpub correctly and rigorously implements and enforces access control on each object based on its addressing
|
||||
|
||||
most instances will have "authorized fetch" which kind of makes the issue less bad, but anyone can host an actor, have any server download their pubkey and then start fetching
|
||||
|
||||
μpub may be considered to have "authorized fetch" permanently on, except it depends on each post:
|
||||
* all posts marked public (meaning, addressed to "https://www.w3.org/ns/activitystreams#Public"), will be fetchable without any authorization
|
||||
* all posts not public will require explicit addressing and authentication: for example if post A is addressed to example.net/actor
|
||||
* anonymous fetchers will receive 404 on GET /posts/A
|
||||
* local users must authenticate and will be given said post only if it's addressed to them
|
||||
* remote servers will be given access to all posts from any of their users once they have authenticated themselves (with http signing)
|
||||
|
||||
note that followers get expanded: addressing to example.net/actor/followers will address to anyone following actor that the server knows of, at that time
|
||||
|
||||
## progress
|
||||
|
||||
- [x] barebone actors
|
||||
|
|
Loading…
Reference in a new issue