- From: Evan Prodromou <evan@prodromou.name>
- Date: Sun, 21 Apr 2024 20:00:44 -0400
- To: public-swicg@w3c.org
- Message-ID: <5727df5b-bac5-4d67-aae8-d46451d46676@prodromou.name>
So, in order to test the new extensions policy, and practice including an extension schema into the AS2 context document, I proposed using the Security Vocabulary: https://w3c.github.io/vc-data-integrity/vocab/security/vocabulary.html It's used by almost every ActivityPub implementation because it's required for HTTP Signature authentication <https://swicg.github.io/activitypub-http-signature/>. In our last meeting, when this topic came up for discussion, Dmitri made the very reasonable point that the Security Vocabulary includes dozens of terms, and has been something of a catchall for VCs and DIDs. Including the whole vocabulary would be unwieldy and unnecessary. We instead decided to focus on the ActivityPub Miscellaneous Terms <https://swicg.github.io/miscellany/> context instead. However, I haven't given up on the idea of including terms from the Security Vocabulary, since its context document URL is present in almost every AP document. I'd like to propose that, instead of including the /entire/ vocabulary, we only include the terms widely used in ActivityPub for HTTP Signatures: * publicKey * publicKeyPem * owner * Key I think this would cover the needs of most AP developers, would simplify millions of documents, and would not overload our context document with lots of unused security terms. If other terms from the Security Vocabulary become needed or necessary in ActivityPub again in the future, implementers can include its content document in their @context properties, and we can eventually include those terms into the Activity Streams 2.0 context document under the same policy. I'd like to propose this step at our next meeting. Evan
Received on Monday, 22 April 2024 00:00:48 UTC