From 04b03e136b8e30c666222fb9fc3e3b060d18a8e7 Mon Sep 17 00:00:00 2001 From: Jesse Wierzbinski Date: Fri, 23 Aug 2024 16:43:37 +0200 Subject: [PATCH] feat: :sparkles: Add Delegation --- app/changelog/page.mdx | 1 + app/entities/delete/page.mdx | 2 +- app/entities/instance-metadata/page.mdx | 2 +- app/entities/user/page.mdx | 6 ++++-- app/federation/delegation/page.mdx | 25 +++++++++++++++++++++++++ app/federation/page.mdx | 1 + components/Navigation.tsx | 1 + 7 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 app/federation/delegation/page.mdx diff --git a/app/changelog/page.mdx b/app/changelog/page.mdx index bb7fbc4..94a207b 100644 --- a/app/changelog/page.mdx +++ b/app/changelog/page.mdx @@ -12,6 +12,7 @@ This page lists changes since Working Draft 03. {{ className: 'lead' }} - Rewrote the signature system from scratch to be simpler and not depend on dates. - Moved Likes and Dislikes to an extension. +- Added [Delegation](/federation/delegation). - Renamed fields on several common entities like [Users](/entities/user) and [Notes](/entities/note). - Removed the `Patch` entity. - Useless since edits can just be sent to inboxes directly. diff --git a/app/entities/delete/page.mdx b/app/entities/delete/page.mdx index e9823b5..5495431 100644 --- a/app/entities/delete/page.mdx +++ b/app/entities/delete/page.mdx @@ -12,7 +12,7 @@ Signals the deletion of an entity. {{ className: 'lead' }} Implementations **must** ensure that the author of the `Delete` entity has the authorization to delete the target entity. Having the authorization is defined as: -- The author is the creator of the target entity (including [delegation](/delegation)). +- The author is the creator of the target entity (including [delegation](/federation/delegation)). - The author is the instance. ## Entity Definition diff --git a/app/entities/instance-metadata/page.mdx b/app/entities/instance-metadata/page.mdx index 78b9dac..79d19b0 100644 --- a/app/entities/instance-metadata/page.mdx +++ b/app/entities/instance-metadata/page.mdx @@ -72,7 +72,7 @@ On all entities that have an `author` field, the `author` can be `null` to repre ``` - `algorithm`: Algorithm used for the public key. Can only be `ed25519` for now. - - `key`: Public key of the instance. Must follow the [Versia Public Key](/signatures) format. + - `key`: Instance public key, in SPKI-encoded base64 (from raw bytes, not a PEM format). URI to [Collection](/structures/collection) of instance moderators. diff --git a/app/entities/user/page.mdx b/app/entities/user/page.mdx index cd3861e..22afa3a 100644 --- a/app/entities/user/page.mdx +++ b/app/entities/user/page.mdx @@ -71,9 +71,11 @@ Instance **must** be the host of the instance the user is on (hostname with opti A header image for the user's profile. Also known as a cover photo or a banner. Must be an image format (`image/*`). - The user's public key. Must follow the [Versia Public Key](/signatures) format. `actor` may be a URI to another user's profile, in which case this key may allow the user to act on behalf of the other user (see [delegation](/delegation)). + The user's public key. Must follow the [Versia Public Key](/signatures) format. `actor` may be a URI to another user's profile, in which case this key may allow the other user act on behalf of this user (see [delegation](/federation/delegation)). - `algorithm` must be `ed25519` for now. + - `algorithm`: Must be `ed25519` for now. + - `key`: The public key in SPKI-encoded base64 (from raw bytes, not a PEM format). Must be the key associated with the `actor` URI. + - `actor`: URI to a user's profile, most often the user's own profile. ```typescript type URI = string; diff --git a/app/federation/delegation/page.mdx b/app/federation/delegation/page.mdx new file mode 100644 index 0000000..43d4e8c --- /dev/null +++ b/app/federation/delegation/page.mdx @@ -0,0 +1,25 @@ +export const metadata = { + title: 'Delegation', + description: 'Delegation is used to authorize actions on behalf of another user', +} + +# Delegation + +Delegation is used to authorize actions on behalf of another user. {{ className: 'lead' }} + +## Vocabulary + +- **Delegator**: The user that is delegating actions to another user. (The user that owns the key) +- **Delegate**: The user that is being delegated actions. (The user that the key is pointing to) + +## The `actor` Field on Public Keys + +[Users](/entities/user)'s `public_key` property contains a field called `actor`. This field contains the URI to the **delegator** user, which is used to authorize actions on behalf of the **delegate** user. + +This means that the **delegator** user can sign requests with their private key, and any implementations should consider the **delegate** user as equivalent to the **delegator** user. + +## Implementation Details + +Any actions or entities created by the **delegate** should be attributed to the **delegator** user in clients transparently to end-users (e.g. showing the **delegator** user's name and avatar). This allows for a form of "consensual impersonation" that is authorized by the **delegators** and **delegates**. + +This is useful as a way to centralize all of a user's many "alt accounts" into a single, unified feed. \ No newline at end of file diff --git a/app/federation/page.mdx b/app/federation/page.mdx index b098fd5..d832007 100644 --- a/app/federation/page.mdx +++ b/app/federation/page.mdx @@ -16,4 +16,5 @@ Federation is built on the [HyperText Transfer Protocol (HTTP)](https://tools.ie + \ No newline at end of file diff --git a/components/Navigation.tsx b/components/Navigation.tsx index a9d00c9..850acbc 100644 --- a/components/Navigation.tsx +++ b/components/Navigation.tsx @@ -260,6 +260,7 @@ export const navigation: NavGroup[] = [ { title: "HTTP", href: "/federation/http" }, { title: "Validation", href: "/federation/validation" }, { title: "Discovery", href: "/federation/discovery" }, + { title: "Delegation", href: "/federation/delegation" }, ], }, {