w3c / activitypub

http://w3c.github.io/activitypub/
Other
1.22k stars 77 forks source link

Conflicts with JSON-LD specification regarding object identifiers for anonymous objects #476

Open zotanmew opened 16 hours ago

zotanmew commented 16 hours ago

The AP spec states the following:

3.1 Object Identifiers All Objects in [ActivityStreams] should have unique global identifiers. ActivityPub extends this requirement; all objects distributed by the ActivityPub protocol MUST have unique global identifiers, unless they are intentionally transient (short lived activities that are not intended to be able to be looked up, such as some kinds of chat messages or game notifications). These identifiers must fall into one of the following groups:

  1. Publicly dereferencable URIs, such as HTTPS URIs, with their authority belonging to that of their originating server. (Publicly facing content SHOULD use HTTPS URIs).
  2. An ID explicitly specified as the JSON null object, which implies an anonymous object (a part of its parent context)

The JSON-LD spec (version 1.0) states the following:

7.4.3) If expanded property is @id and value is not a string, an invalid @id value error has been detected and processing is aborted. Otherwise, set expanded value to the result of using the IRI Expansion algorithm, passing active context, value, and true for document relative.

The JSON-LD spec (version 1.1) states the same thing:

13.4.3) If expanded property is @id: 13.4.3.1) If value is not a string, an invalid @id value error has been detected and processing is aborted. When the frameExpansion flag is set, value MAY be an empty map, or an array of one or more strings.

Since these are in conflict, it is not possible to comply with both the JSON-LD specification and the ActivityPub specification simultaneously.

This was noticed as AP implementer Akkoma has recently started federating anonymous objects in accordance with the AP specification (explicit nulls), which has broken federation with implementations performing JSON-LD expansion (for example, Iceshrimp.NET).

Some solutions were proposed in this Akkoma PR thread.

trwnh commented 4 hours ago

pretty sure this is an error in the text of the AP spec. the bit about "ID explicitly specified as the JSON null object" is clearly an error and should be reworded or removed. the correct behavior is to omit the id entirely, which triggers the "anonymous object" or "blank node" behavior that one would expect.

the section 3.1 text should read something like:

All Objects in [ActivityStreams] should have unique global identifiers. ActivityPub extends this requirement; all objects distributed by the ActivityPub protocol MUST have unique global identifiers, unless they are intentionally transient (short lived activities that are not intended to be able to be looked up, such as some kinds of chat messages or game notifications) or otherwise anonymous objects (an embedded node that is part of its parent context). These unique global identifiers SHOULD be HTTPS URIs for publicly facing content that is intended to be publicly dereferenceable. These identifiers must fall into one of the following groups: [...]

side note: @id should always be an IRI or expand to an IRI against the @base. the use of a string as @id (with no corresponding @base) might be fine on the JSON side, but it will cause all triples with that object as the subject to be removed from the output if converted to RDF (since at best it is interpreted as a "relative URI reference", which is not allowed for subjects)

other side note: this came up in #396 as well regarding "partial updates", except for properties instead of ids.