search

erincandescent / activitypump

9 stars 86 forks source link

compare AP Notification with WebMention #1

Open elf-pavlik opened 9 years ago

elf-pavlik commented 9 years ago

http://oshepherd.github.io/activitypump/ActivityPump.html#notification On first sight it looks very similar to http://webmention.org/

Social WG charter lists it as one of possible inputs for Federation Protocol http://www.w3.org/2013/socialweb/social-wg-charter.html#deliverables

erincandescent commented 9 years ago

They're broadly similar concepts, yes.

WebMention just carries the post's URI; AP notification requires that the whole activity be conveyed. AP notification requires certain actions on behalf of the receiver (e.g. further distribution), in line with AP covering a whole social protocol rather than just a subset of it.

☮ elf Pavlik ☮ mailto:notifications@github.com 08 November 2014 21:23

http://oshepherd.github.io/activitypump/ActivityPump.html#notification On first sight it looks very similar to http://webmention.org/

Social WG charter lists it as one of possible inputs for Federation Protocol http://www.w3.org/2013/socialweb/social-wg-charter.html#deliverables

— Reply to this email directly or view it on GitHub https://github.com/oshepherd/activitypump/issues/1.

Sent using Postbox: http://www.getpostbox.com

elf-pavlik commented 9 years ago

WebMention lately adds Vouch extension for automated anti-spam http://indiewebcamp.com/Vouch Do you have anything addressing this issue? Searching your draft for spam gives no results. I think that unless you can sign the payload, fat push will have security issues and receiving just URI (as webmention does) gives you chance to fetch it yourself.

erincandescent commented 9 years ago

ActivityPump requires strict validation of payloads outside of the sending server's domain (i.e. fetching of them by the receiver). I plan to add that senders SHOULD elide the contents of any such payloads (substituting the URI of the object in their place, as AS2 permits). However, there is attractiveness in the "just send the URI" model; I'm not necessarily opposed to it.

As for spam... its' more difficult in our case than IndieWebCamp's, because IWC assumes person per domain, etc, and there aren't (presently) any open registration sites where spammers can setup camp.

I think we may wish to here suggest that implementations accept by default all messages from the people you follow & the people they follow, and then perhaps also implement some form of intelligent spam filtering algorithm (Bayesian or similar) for the rest, with a similar "spam folder."

We may note that Facebook implements similar logic with its' "Others" messaging category (except theres no Bayesian algorithm there).

Really, I think the spam filtering method should be up to implementers, but making suggestions about using "friends of friends" is probably a good idea.

☮ elf Pavlik ☮ wrote:

WebMention lately adds /Vouch/ extension for automated anti-spam http://indiewebcamp.com/Vouch Do you have anything addressing this issue? Searching your draft for /spam/ gives no results. I think that unless you can sign the payload, fat push will have security issues and receiving just URI (as webmention does) gives you chance to fetch it yourself.

— Reply to this email directly or view it on GitHub https://github.com/oshepherd/activitypump/issues/1#issuecomment-62283012.