index.html

<!DOCTYPE html>
<html>
  <head>
    <title>ActivityPub</title>
    <meta charset="utf-8">
    <script src="https://www.w3.org/Tools/respec/respec-w3c-common"
            async class="remove"></script>
    <script class="remove">
      var respecConfig = {
          specStatus: "ED",
          publishDate: "2018-01-23",
          previousPublishDate: "2018-01-23",
          previousMaturity: "REC",
          license: "w3c-software-doc",
          shortName:  "activitypub",
          wg: "Social Web Working Group",
          wgURI: "https://www.w3.org/Social/WG",
          wgPublicList: "public-socialweb",
          wgPatentURI: "https://www.w3.org/2004/01/pp-impl/72531/status",
          edDraftURI: "https://w3c.github.io/activitypub/",
          testSuiteURI: "https://test.activitypub.rocks/",
          errata: "https://www.w3.org/wiki/ActivityPub_errata",
          implementationReportURI: "https://activitypub.rocks/implementation-report",
          otherLinks: [
              {
                  "key": "Repository",
                  "data": [
                      {
                          "value": "Git repository",
                          "href": "https://github.com/w3c/activitypub",
                      },
                      {
                          "value": "Issues",
                          "href": "https://github.com/w3c/activitypub/issues",
                      },
                      {
                          "value": "Commits",
                          "href": "https://github.com/w3c/activitypub/commits/gh-pages",
                      }
                  ]
              }
          ],
          editors: [
                {
                    name:       "Christopher Lemmer Webber",
                    url:        "https://dustycloud.org/",
                    w3cid:      "57007"
                },
                {
                    name:       "Jessica Tallon",
                    url:        "https://tsyesika.se",
                    w3cid:      "72695"
                },
          ],
          authors: [
              {
                  name: "Christopher Lemmer Webber",
                  url:  "https://dustycloud.org/"
              },
              {
                  name: "Jessica Tallon",
                  url:  "https://tsyesika.se"
              },
              {
                  name: "Erin Shepherd",
                  url: "http://erinshepherd.net/"
              },
              {
                  name: "Amy Guy",
                  url: "https://rhiaro.co.uk/"
              },
              {
                  name: "Evan Prodromou",
                  url: "https://en.wikipedia.org/wiki/Evan_Prodromou"
              }
          ],
          localBiblio:  {
            "ActivityStreams": {
              title:    "Activity Streams 2.0",
              href:     "https://www.w3.org/TR/activitystreams-core/",
              authors:  [
                "J. Snell",
              ],
              status:   "Editors Draft",
              publisher:  "ActivityStreams Working Group",
            },
            "Activity-Vocabulary": {
              title:    "Activity Vocabulary",
              href:     "https://www.w3.org/TR/activitystreams-vocabulary/",
              authors:  [
                "J. Snell",
              ],
              status:   "Editors Draft",
              publisher:  "ActivityStreams Working Group",
            },
            "OAuth-Server-Metadata": {
              title:    "OAuth 2.0 Authorization Server Metadata",
              href:     "https://tools.ietf.org/html/draft-ietf-oauth-discovery-06",
              authors:  [
                "M. Jones",
                "N. Sakimura",
                "J. Bradley"
              ],
              status:   "Internet-Draft",
              publisher:  "OAuth Working Group",
            },
        },
      };
    </script>
    <style type="text/css">
      img {
          max-width: 100%;
      }
    </style>
  </head>
  <!-- STYLISTIC NOTE: This document wraps on column 79 and at the end of every
       sentence. -->
  <body>
    <section id="abstract">
      <p>
        The ActivityPub protocol is a decentralized social networking protocol
        based upon the [[!ActivityStreams]] 2.0 data format.
        It provides a client to server API for creating, updating and deleting
        content, as well as a federated server to server API for delivering
        notifications and content.
      </p>
    </section>

    <section id="sotd">
    </section>

    <section id="Overview">
      <h2>Overview</h2>

      <p>ActivityPub provides two layers:</p>

      <ul>
        <li>
          <b>A server to server federation protocol</b>
          (so decentralized websites can share information)
        </li>
        <li>
          <b>A client to server protocol</b>
          (so users, including real-world users, bots, and other automated processes,
          can communicate with ActivityPub using their accounts on servers,
          from a phone or desktop or web application or whatever)
        </li>
      </ul>

      <p>
        ActivityPub implementations can implement just one of these things or
        both of them.
        However, once you've implemented one, it isn't too many steps to
        implement the other, and there are a lot of benefits to both (making
        your website part of the decentralized social web, and being able to
        use clients and client libraries that work across a wide variety of
        social websites).
      </p>

      <p>
        In ActivityPub, a user is represented by "<a href="#actors">actors</a>"
        via the user's accounts on servers.
        User's accounts on different servers correspond to different actors.
        Every Actor has:
      </p>

      <ul>
        <li><b>An <code>inbox</code>:</b>  How they get messages from the world</li>
        <li><b>An <code>outbox</code>:</b> How they send messages to others</li>
      </ul>

      <p>
        <img src="illustration/tutorial-1.png"
             alt="Actor with inbox and outbox" />
      </p>

      <p>
        These are endpoints, or really, just URLs which are listed in the
        ActivityPub actor's ActivityStreams description.
        (More on ActivityStreams later).
      </p>

      <p>
        Here's an example of the record of our friend Alyssa P. Hacker:
      </p>

      <pre class="example highlight json">
  {"@context": "https://www.w3.org/ns/activitystreams",
   "type": "Person",
   "id": "https://social.example/alyssa/",
   "name": "Alyssa P. Hacker",
   "preferredUsername": "alyssa",
   "summary": "Lisp enthusiast hailing from MIT",
   "inbox": "https://social.example/alyssa/inbox/",
   "outbox": "https://social.example/alyssa/outbox/",
   "followers": "https://social.example/alyssa/followers/",
   "following": "https://social.example/alyssa/following/",
   "liked": "https://social.example/alyssa/liked/"}
      </pre>

      <p>
        ActivityPub uses [[!ActivityStreams]] for its vocabulary.
        This is pretty great because ActivityStreams includes all the common
        terms you need to represent all the activities and content flowing
        around a social network.
        It's likely that ActivityStreams already includes all the vocabulary
        you need, but even if it doesn't, ActivityStreams can be extended
        via [[!JSON-LD]].
        If you know what JSON-LD is, you can take advantage of the cool linked
        data approaches provided by JSON-LD.
        If you don't, don't worry, JSON-LD documents and ActivityStreams can be
        understood as plain old simple JSON.
        (If you're going to add extensions, that's the point at which JSON-LD
        really helps you out).
      </p>

      <p>
        So, okay.
        Alyssa wants to talk to her friends, and her friends want to talk to
        her!
        Luckily these "inbox" and "outbox" things can help us out.
        They both behave differently for GET and POST.
        Let's see how that works:
      </p>

      <p>
        <img src="illustration/tutorial-2.png"
             alt="Actor with messages flowing from rest of world to inbox and from outbox to rest of world" />
      </p>

      <p>
        Hey nice, so just as a recap:
      </p>

      <ul>
        <li>
          You can POST to someone's inbox to send them a message
          (server-to-server / federation only... this <em>is</em> federation!)
        </li>
        <li>
          You can GET from your inbox to read your latest messages
          (client-to-server; this is like reading your social
          network stream)
        </li>
        <li>
          You can POST to your outbox to send messages to the world
          (client-to-server)
        </li>
        <li>
          You can GET from someone's outbox to see what messages they've
          posted (or at least the ones you're authorized to see).
          (client-to-server and/or server-to-server)
        </li>
      </ul>
 
      <p>
        Of course, if that last one (GET'ing from someone's outbox) was the
        only way to see what people have sent, this wouldn't be a very
        efficient federation protocol!
        Indeed, federation happens usually by servers posting messages sent by
        actors to actors on other servers' inboxes.
      </p>

      <p>
        Let's see an example!
        Let's say Alyssa wants to catch up with her friend, Ben Bitdiddle.
        She lent him a book recently and she wants to make sure he returns it
        to her.
        Here's the message she composes, as an ActivityStreams object:
      </p>

      <pre class="example highlight json">
  {"@context": "https://www.w3.org/ns/activitystreams",
   "type": "Note",
   "to": ["https://chatty.example/ben/"],
   "attributedTo": "https://social.example/alyssa/",
   "content": "Say, did you finish reading that book I lent you?"}
      </pre>

      <p>
        This is a note addressed to Ben.
        She POSTs it to her outbox.
      </p>

      <p>
        <img src="illustration/tutorial-3.png"
             alt="Actor posting message to outbox" />
      </p>

      <p>
        Since this is a non-activity object, the server recognizes that this is
        an object being newly created, and does the courtesy of wrapping it in
        a Create activity.
        (Activities sent around in ActivityPub generally follow the pattern of
        some activity by some actor being taken on some object.
        In this case the activity is a Create of a Note object, posted by a
        Person).
      </p>


      <pre class="example highlight json">
  {"@context": "https://www.w3.org/ns/activitystreams",
   "type": "Create",
   "id": "https://social.example/alyssa/posts/a29a6843-9feb-4c74-a7f7-081b9c9201d3",
   "to": ["https://chatty.example/ben/"],
   "actor": "https://social.example/alyssa/",
   "object": {"type": "Note",
              "id": "https://social.example/alyssa/posts/49e2d03d-b53a-4c4c-a95c-94a6abf45a19",
              "attributedTo": "https://social.example/alyssa/",
              "to": ["https://chatty.example/ben/"],
              "content": "Say, did you finish reading that book I lent you?"}}
      </pre>

      <p>
        Alyssa's server looks up Ben's ActivityStreams actor object, finds his
        inbox endpoint, and POSTs her object to his inbox.
      </p>

      <p>
        <img src="illustration/tutorial-4.png"
             alt="Server posting to remote actor's inbox" />
      </p>

      <p>
        Technically these are two separate steps... one is client to server
        communication, and one is server to server communication (federation).
        But, since we're using them both in this example, we can abstractly
        think of this as being a streamlined submission from outbox to inbox:
      </p>

      <p>
        <img src="illustration/tutorial-5.png"
             alt="Note flowing from one actor's outbox to other actor's inbox" />
      </p>

      <p>
        Cool!
        A while later, Alyssa checks what new messages she's gotten.
        Her phone polls her inbox via GET, and amongst a bunch of cat videos
        posted by friends and photos of her nephew posted by her sister, she
        sees the following:
      </p>

      <pre class="example highlight json">
  {"@context": "https://www.w3.org/ns/activitystreams",
   "type": "Create",
   "id": "https://chatty.example/ben/p/51086",
   "to": ["https://social.example/alyssa/"],
   "actor": "https://chatty.example/ben/",
   "object": {"type": "Note",
              "id": "https://chatty.example/ben/p/51085",
              "attributedTo": "https://chatty.example/ben/",
              "to": ["https://social.example/alyssa/"],
              "inReplyTo": "https://social.example/alyssa/posts/49e2d03d-b53a-4c4c-a95c-94a6abf45a19",
              "content": "&lt;p&gt;Argh, yeah, sorry, I'll get it back to you tomorrow.&lt;/p&gt;
                          &lt;p&gt;I was reviewing the section on register machines,
                             since it's been a while since I wrote one.&lt;/p&gt;"}}
      </pre>

      <p>Alyssa is relieved, and likes Ben's post:</p>

      <pre class="example highlight json">
  {"@context": "https://www.w3.org/ns/activitystreams",
   "type": "Like",
   "id": "https://social.example/alyssa/posts/5312e10e-5110-42e5-a09b-934882b3ecec",
   "to": ["https://chatty.example/ben/"],
   "actor": "https://social.example/alyssa/",
   "object": "https://chatty.example/ben/p/51086"}
      </pre>

      <p>
        She POSTs this message to her outbox.
        (Since it's an activity, her server knows it doesn't need to wrap it in
        a Create object).
      </p>

      <p>
        Feeling happy about things, she decides to post a public message to her
        followers.
        Soon the following message is blasted to all the members of her
        followers collection, and since it has the special Public group
        addressed, is generally readable by anyone.
      </p>

      <pre class="example highlight json">
  {"@context": "https://www.w3.org/ns/activitystreams",
   "type": "Create",
   "id": "https://social.example/alyssa/posts/9282e9cc-14d0-42b3-a758-d6aeca6c876b",
   "to": ["https://social.example/alyssa/followers/",
          "https://www.w3.org/ns/activitystreams#Public"],
   "actor": "https://social.example/alyssa/",
   "object": {"type": "Note",
              "id": "https://social.example/alyssa/posts/d18c55d4-8a63-4181-9745-4e6cf7938fa1",
              "attributedTo": "https://social.example/alyssa/",
              "to": ["https://social.example/alyssa/followers/",
                     "https://www.w3.org/ns/activitystreams#Public"],
              "content": "Lending books to friends is nice.  Getting them back is even nicer! :)"}}
      </pre>

      <section id="social-web-working-group" inlist="" rel="schema:hasPart"
               resource="#social-web-working-group">
        <h3 property="schema:name">Social Web Working Group</h3>
        <div datatype="rdf:HTML" property="schema:description">
          <p>
            <a href="#Overview">ActivityPub</a> is one of several related
            specifications being produced by the Social Web Working Group.
            Implementers interested in alternative approaches and complementary
            protocols should review [[Micropub]] and the overview document
            [[Social-Web-Protocols]].
          </p>
        </div>
      </section>
    </section>

    <section id="conformance">
      <section id="specification-profiles">
        <h2>Specification Profiles</h2>
        <p>
          This specification defines two closely related and interacting
          protocols:
        </p>
        <dl>
          <dt>A client to server protocol, or "Social API"</dt>
          <dd>
            This protocol permits a client to act <i>on behalf</i> of a user.
            For example, this protocol is used by a mobile phone application to
            interact with a social stream of the user's actor.
          </dd>
          <dt>A server to server protocol, or "Federation Protocol"</dt>
          <dd>
            This protocol is used to distribute activities between actors on
            different servers, tying them into the same social graph.
          </dd>
        </dl>
        <p>
          The ActivityPub specification is designed so that once either of
          these protocols are implemented, supporting the other is of very
          little additional effort.
          However, servers may still implement one without the other.
          This gives three conformance classes:
        </p>
        <dl>
          <dt>ActivityPub conformant Client</dt>
          <dd>
            This designation applies to any implementation of the entirety of the
            client portion of the client to server protocol.
          </dd>
          <dt>ActivityPub conformant Server</dt>
          <dd>
            This designation applies to any implementation of the entirety of the
            server portion of the client to server protocol.
          </dd>
          <dt>ActivityPub conformant Federated Server</dt>
          <dd>
            This designation applies to any implementation of the entirety of
            the federation protocols.
          </dd>
        </dl>
        <p>
          It is called out whenever a portion of the specification only applies
          to implementation of the federation protocol.
          In addition, whenever requirements are specified, it is called out
          whether they apply to the client or server (for the client-to-server
          protocol) or whether referring to a sending or receiving server in
          the server-to-server protocol.
        </p>
      </section>
    </section>

    <section id="obj">
      <h2>Objects</h2>
      <p>
        Objects are the core concept around which both [[!ActivityStreams]] and
        ActivityPub are built.
        Objects are often wrapped in Activities and are contained in streams of
        Collections, which are themselves subclasses of Objects.
        See the [[!Activity-Vocabulary]] document, particularly the
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#types">Core Classes</a>;
        ActivityPub follows the mapping of this vocabulary very closely.
      </p>
      <p>
        ActivityPub defines some terms in addition to those provided by
        ActivityStreams.
        These terms are provided in the ActivityPub
        <a href="http://www.w3.org/TR/json-ld/#the-context">JSON-LD context</a>
        at
        <code>https://www.w3.org/ns/activitystreams</code>.
        Implementers SHOULD include the ActivityPub context in their
        object definitions.
        Implementers MAY include additional context as appropriate.
      </p>
      <p>
        ActivityPub shares the same
        <a href="https://www.w3.org/TR/activitystreams-core/#urls">
          URI / IRI conventions as in ActivityStreams</a>.
      </p>
      <p>
        Servers SHOULD validate the content they receive to avoid content
        spoofing attacks.
        (A server should do something at least as robust as checking that
        the object appears as received at its origin, but mechanisms
        such as checking signatures would be better if available).
        No particular mechanism for verification is authoritatively specified by
        this document, but please see <a href="#security-considerations">Security 
        Considerations</a> for some suggestions and good practices.
      </p>
      <div class="informative">
        As an example, if example.com receives the activity
        <pre class="example">
         {
           "@context": "https://www.w3.org/ns/activitystreams",
           "type": "Like",
           "actor": "https://example.net/~mallory",
           "to": ["https://hatchat.example/sarah/",
                  "https://example.com/peeps/john/"],
           "object": {
             "@context": {"@language": "en"},
             "id": "https://example.org/~alice/note/23",
             "type": "Note",
             "attributedTo": "https://example.org/~alice",
             "content": "I'm a goat"
           }
         }
        </pre>
        it should dereference the <code>id</code> both to ensure that it exists
        and is a valid object, and that it is not misrepresenting the object.
        (In this example, Mallory could be spoofing an object allegedly posted
        by Alice).
      </div>
      <section id="obj-id">
        <h2>Object Identifiers</h2>
        <p>
          All Objects in [[!ActivityStreams]] should have unique global
          identifiers.
          ActivityPub extends this requirement; all objects distributed by the
          ActivityPub protocol MUST have unique global identifiers, unless they
          are intentionally transient (short lived activities that are not
          intended to be able to be looked up, such as some kinds of chat
          messages or game notifications).
          These identifiers must fall into one of the following groups:
        </p>
        <ol>
          <li>
            Publicly dereferencable URIs, such as HTTPS URIs, with their
            authority belonging to that of their originating server.
            (Publicly facing content SHOULD use HTTPS URIs).
          </li>
          <li>
            An ID explicitly specified as the JSON <code>null</code> object,
            which implies an anonymous object (a part of its parent context)
          </li>
        </ol>
        <p>
          Identifiers MUST be provided for activities posted in server to
          server communication, unless the activity is intentionally transient.
          However, for client to server communication, a server receiving an
          object posted to the outbox with no specified <code>id</code> SHOULD
          allocate an object ID in the actor's namespace and attach it to the
          posted object.
        </p>
        <p>All objects have the following properties:</p>
        <dl>
          <dt>id</dt>
          <dd>
            The object's unique global identifier (unless the object is transient,
            in which case the <code>id</code> MAY be omitted).
          </dd>
          <dt>type</dt>
          <dd>
            The type of the object.
          </dd>
        </dl>
      </section>

      <section id="retrieving-objects">
        <h2>Retrieving objects</h2>
        <p>
          The HTTP GET method may be dereferenced against an object's
          <code>id</code> property to retrieve the activity.
          Servers MAY use HTTP content negotiation as defined in [[!RFC7231]] to
          select the type of data to return in response to a request,
          but MUST present the ActivityStreams object representation
          in response to
          <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>,
          and SHOULD also present the ActivityStreams representation in
          response to <code>application/activity+json</code> as well.
          The client MUST specify an <code>Accept</code> header with the
          <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>
          media type in order to retrieve the activity.
        </p>
        <p>
          Servers MAY implement other behavior for requests which do not comply
          with the above requirement.
          (For example, servers may implement additional legacy protocols, or
          may use the same URI for both HTML and ActivityStreams
          representations of a resource).
        </p>
        <p>
          Servers MAY require authorization as specified in
          <a href="#authorization"></a>, and may additionally implement their
          own authorization rules.
          Servers SHOULD fail requests which do not pass their authorization
          checks with the appropriate HTTP error code, or the 403 Forbidden
          error code where the existence of the object is considered private.
          An origin server which does not wish to disclose the existence of
          a private target MAY instead respond with a status code of
          404 Not Found.
        </p>
      </section>

      <section id="source-property">
        <h2>The source property</h2>
        <p>
          In addition to all the properties defined by the
	  [[!Activity-Vocabulary]], ActivityPub extends the <code>Object</code> by
	  supplying the <code>source</code> property.
          The <code>source</code> property is intended to convey some
          sort of source from which the <code>content</code> markup
          was derived, as a form of provenance, or to support future
          editing by clients.
          In general, clients do the conversion from <code>source</code>
          to <code>content</code>, not the other way around.
        </p>
        <p>
          The value of <code>source</code> is itself an object
          which uses its own <code>content</code> and <code>mediaType</code>
          fields to supply source information.
        </p>
        <pre class="example">
          {
            "@context": ["https://www.w3.org/ns/activitystreams",
                         {"@language": "en"}],
            "type": "Note",
            "id": "http://postparty.example/p/2415",
            "content": "&lt;p&gt;I &lt;em&gt;really&lt;/em&gt; like strawberries!&lt;/p&gt;",
            "source": {
              "content": "I *really* like strawberries!",
              "mediaType": "text/markdown"}
          }
        </pre>
        <div class="note"
             title="What to do when clients can't meaningfully handle a mediaType?">
          <p>
            In general, it's best to let a user edit their original post
            in the same source format they originally composed it in.
            But not all clients can reliably provide a nice interface for
            all source types, and since clients are expected to do the
            conversion from <code>source</code> to <code>content</code>,
            some clients may work with a media type that another client
            does not know how to work with.
            While a client could feasibly provide the <code>content</code>
            markup to be edited and ignore the source, this means that the
            user will lose the more desirable form of the original
            <code>source</code> in any future revisions.
            A client doing so should thus provide a minimally obtrusive warning
            cautioning that the original source format is not understood and is
            thus being ignored.
          </p>
          <p>
            For example, Alyssa P. Hacker likes to post to her ActivityPub
            powered blog via an Emacs client she has written, leveraging
            <a href="http://orgmode.org/">Org mode</a>.
            Later she switches to editing on her phone's client, which
            has no idea what <code>text/x-org</code> is or how to render
            it to HTML, so it provides a text box to edit the original
            <code>content</code> instead.
            A helpful warning displays above the edit area saying,
            "This was originally written in another markup language we don't
            know how to handle.  If you edit, you'll lose your original
            source!"
            Alyssa decides the small typo fix isn't worth losing her nice
            org-mode markup and decides to make the update when she gets
            home.
          </p>
        </div>
      </section>
    </section>

    <section id="actors">
      <h2>Actors</h2>
      <p>
        ActivityPub actors are generally one of the
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#actor-types">
          ActivityStreams Actor Types</a>,
        but they don't have to be. For example, a 
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-profile">
          Profile</a> object
        might be used as an actor, or a type from an ActivityStreams extension.
        Actors are <a href="#retrieving-objects">retrieved</a> like any other
        Object in ActivityPub.
        Like other ActivityStreams objects, actors have an <code>id</code>,
        which is a URI.
        When entered directly into a user interface (for example on a login
        form), it is desirable to support simplified naming.
        For this purpose, ID normalization SHOULD be performed as follows:
      </p>
      <ol>
        <li>
          If the entered ID is a valid URI, then it is to be used directly.
        </li>
        <li>
          If it appears that the user neglected to add a scheme for a URI that
          would otherwise be considered valid, such as
          <code>example.org/alice/</code>, clients MAY attempt to provide
          a default scheme, preferably <code>https</code>.
        </li>
        <li>
          Otherwise, the entered value should be considered invalid.
        </li>
      </ol>

      <p>
        Once the actor's URI has been identified, it should be dereferenced.
      </p>

      <div class="note">
        ActivityPub does not dictate a specific relationship between
        "users" and Actors; many configurations are possible.
        There may be multiple human users or organizations controlling an
        Actor, or likewise one human or organization may control multiple
        Actors. Similarly, an Actor may represent a piece of software,
        like a bot, or an automated process.
        More detailed "user" modelling, for example linking together of Actors which
        are controlled by the same entity, or allowing one Actor to be presented
        through multiple alternate profiles or aspects, are at the discretion
        of the implementation.
      </div>

      <section id="actor-objects">
        <h2><i>Actor</i> objects</h2>
        <p>
          Actor objects MUST have, in addition to the properties mandated by
          <a href="#obj-id"></a>, the following properties:
        </p>
        <dl>
          <dt id="inbox-property">inbox</dt>
          <dd>
            A reference to an [[!ActivityStreams]]
            <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
              <code>OrderedCollection</code></a>
            comprised of all the messages received by the actor; see
            <a href="#inbox"></a>.
          </dd>
          <dt id="outbox-property">outbox</dt>
          <dd>
            An [[!ActivityStreams]]
            <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
              <code>OrderedCollection</code></a>
            comprised of all the messages produced by the actor; see
            <a href="#outbox"></a>.
          </dd>
        </dl>
        <p>
          Implementations SHOULD, in addition, provide the following
          properties:
        </p>
        <dl>
          <dt id="following-property">following</dt>
          <dd>
            A link to an [[!ActivityStreams]] collection of the actors that
            this actor is following; see <a href="#following"></a>
          </dd>
          <dt id="followers-property">followers</dt>
          <dd>
            A link to an [[!ActivityStreams]] collection of the actors that
            follow this actor; see <a href="#followers"></a>.
          </dd>
        </dl>
        <p>
          Implementations MAY provide the following properties:
        </p>
        <dl>
          <dt id="liked-property">liked</dt>
          <dd>
            A link to an [[!ActivityStreams]] collection of objects this
            actor has liked; see <a href="#liked"></a>.
          </dd>
        </dl>
        <pre class="example">
{
  "@context": ["https://www.w3.org/ns/activitystreams",
               {"@language": "ja"}],
  "type": "Person",
  "id": "https://kenzoishii.example.com/",
  "following": "https://kenzoishii.example.com/following.json",
  "followers": "https://kenzoishii.example.com/followers.json",
  "liked": "https://kenzoishii.example.com/liked.json",
  "inbox": "https://kenzoishii.example.com/inbox.json",
  "outbox": "https://kenzoishii.example.com/feed.json",
  "preferredUsername": "kenzoishii",
  "name": "石井健蔵",
  "summary": "この方はただの例です",
  "icon": [
    "https://kenzoishii.example.com/image/165987aklre4"
  ]
}
        </pre>
        <p>Implementations MAY, in addition, provide the following properties:</p>
        <dl>
          <dt id="streams-property">streams</dt>
          <dd>
            A list of supplementary Collections which may be of interest.
          </dd>
          <dt id="preferredUsername">preferredUsername</dt>
          <dd>
            A short username which may be used to refer to the actor, with no
            uniqueness guarantees.
          </dd>
          <dt id="endpoints">endpoints</dt>
          <dd>
            A json object which maps additional (typically server/domain-wide)
            endpoints which may be useful either for this actor or someone
            referencing this actor.
            This mapping may be nested inside the actor document as the value
            or may be a link to a JSON-LD document with these properties.
          </dd>
        </dl>

        <p>
          The <code>endpoints</code> mapping MAY include the following
          properties:
        </p>
        <dl>
          <dt id="proxyUrl">proxyUrl</dt>
          <dd>
            Endpoint URI so this actor's clients may access remote
            ActivityStreams objects which require authentication to access.
            To use this endpoint, the client posts an
            <code>x-www-form-urlencoded</code> <code>id</code> parameter
            with the value being the <code>id</code> of the requested
            ActivityStreams object.
          </dd>
          <dt id="oauthAuthorizationEndpoint">oauthAuthorizationEndpoint</dt>
          <dd>
            If OAuth 2.0 bearer tokens [[RFC6749]] [[RFC6750]] are being used
            for authenticating
            <a href="#client-to-server-interactions">client to server
              interactions</a>,
            this endpoint specifies a URI at which a browser-authenticated user
            may obtain a new authorization grant.
          </dd>
          <dt id="oauthTokenEndpoint">oauthTokenEndpoint</dt>
          <dd>
            If OAuth 2.0 bearer tokens [[RFC6749]] [[RFC6750]] are being used
            for authenticating
            <a href="#client-to-server-interactions">client to server
              interactions</a>,
            this endpoint specifies a URI at which a client may acquire an
	    access token.
          </dd>
          <dt id="provideClientKey">provideClientKey</dt>
          <dd>
            If Linked Data Signatures and HTTP Signatures are being used for
            authentication and authorization, this endpoint specifies a URI at
            which browser-authenticated users may authorize a client's public
            key for
            <a href="#client-to-server-interactions">client to server
              interactions</a>.
          </dd>
          <dt id="signClientKey">signClientKey</dt>
          <dd>
            If Linked Data Signatures and HTTP Signatures are being used for
            authentication and authorization, this endpoint specifies a URI at
            which a client key may be signed by the actor's key for a time
            window to act on behalf of the actor in interacting with foreign
            servers.
          </dd>
          <dt id="sharedInbox">sharedInbox</dt>
          <dd>
            An optional endpoint
            <a href="#shared-inbox-delivery">
              used for wide delivery of publicly addressed activities
              and activities sent to followers</a>.
            <code>sharedInbox</code> endpoints SHOULD also be publicly
            readable <code>OrderedCollection</code> objects containing
            objects addressed to the <a href="#public-addressing">Public</a>
            special collection.
            Reading from the <code>sharedInbox</code> endpoint MUST NOT present
            objects which are not addressed to the <code>Public</code>
            endpoint.
          </dd>
        </dl>

        <div class="note" id="as2-actor-properties">
          <p>
            As the upstream vocabulary for ActivityPub, any applicable
            [[!ActivityStreams]] property may be used on ActivityPub Actors.
            Some ActivityStreams properties are particularly worth highlighting
            to demonstrate how they are used in ActivityPub implementations.
          </p>

          <dl>
            <dt id="url-property">url</dt>
            <dd>
              A link to the actor's "profile web page", if not equal to the
              value of <code>id</code>.
            </dd>
            <dt id="name-property">name</dt>
            <dd>
              The preferred "nickname" or "display name" of the actor.
            </dd>
            <dt id="summary-property">summary</dt>
            <dd>A quick summary or bio by the user about themselves.</dd>
            <dt id="icon-property">icon</dt>
            <dd>
              A link to an image or an Image object which represents the user's
              profile picture (this may be a thumbnail).
            </dd>
          </dl>
        </div>
        <p class="note" id="actor-text-direction">
          Properties containing natural language values,
          such as <code>name</code>, <code>preferredUsername</code>, or
          <code>summary</code>, make use of
          <a href="https://www.w3.org/TR/activitystreams-core/#naturalLanguageValues">
            natural language support defined in ActivityStreams</a>.
        </p>
      </section>

    </section>

    <section id="collections">
      <h2>Collections</h2>
      <p>
        [[!ActivityStreams]] defines the collection concept; ActivityPub
        defines several collections with special behavior.
        Note that ActivityPub makes use of
        <a href="https://www.w3.org/TR/activitystreams-core/#paging">
          ActivityStreams paging</a>
        to traverse large sets of objects.
      </p>

      <p>
        Note that some of these collections are specified to be of type
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
          <code>OrderedCollection</code></a>
        specifically, while others are permitted to be either a
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-collection">
          <code>Collection</code></a>
        or an
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
          <code>OrderedCollection</code></a>.
        An
        <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
          <code>OrderedCollection</code></a>
        MUST be presented consistently in reverse chronological order.
      </p>

      <p class="note">
        What property is used to determine the reverse chronological order
        is intentionally left as an implementation detail.
        For example, many SQL-style databases use an incrementing integer
        as an identifier, which can be reasonably used for handling
        insertion order in most cases.
        In other databases, an insertion time timestamp may be preferred.
        What is used isn't important, but the ordering of elements must
        remain intact, with newer items first.
        A property which changes regularly, such a "last updated" timestamp,
        should not be used.
      </p>

      <section id="outbox">
        <h2>Outbox</h2>
        <p>
          The outbox is discovered through the <code>outbox</code>
          property of an <a href="#actors">actor's</a> profile.
          The <code>outbox</code> MUST be an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>.
        </p>
        <p>
          The outbox stream contains activities the user has
          published, subject to the ability of the requestor to retrieve the
          activity (that is, the contents of the outbox are filtered by the
          permissions of the person reading it).
          If a user submits a request without
          <a href="#authorization">Authorization</a> the server should
          respond with all of the <a href="#public-addressing">Public</a>
          posts.
          This could potentially be all relevant objects published by the
          user, though the number of available items is left to the
          discretion of those implementing and deploying the server.
        </p>
        <p>
          The outbox accepts HTTP POST requests, with behaviour described in
          <a href="#client-to-server-interactions">Client to Server
            Interactions</a>.
        </p>
      </section>

      <section id="inbox">
        <h2>Inbox</h2>

        <p>
          The inbox is discovered through the <code>inbox</code>
          property of an <a href="#actors">actor's</a> profile.
          The <code>inbox</code> MUST be an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>.
        </p>

        <p>
          The inbox stream contains all activities received by the
          actor.
          The server SHOULD filter content according to the requester's
          permission.
          In general, the owner of an inbox is likely to be able to access
          all of their inbox contents. Depending on access control, some
          other content may be public, whereas other content may require
          authentication for non-owner users, if they can access the inbox
          at all.
        </p>

        <p>
          The server MUST perform de-duplication of activities returned by
          the inbox. Duplication can occur if an activity is addressed both
          to an actor's followers, and a specific
          actor who also follows the recipient actor, and the server has failed
          to de-duplicate the recipients list.
          Such deduplication MUST be performed by comparing the
          <code>id</code> of the activities and dropping any activities
          already seen.
        </p>

        <p>
          The inboxes of actors on federated servers accepts HTTP POST requests,
          with behaviour described in <a href="#delivery">Delivery</a>.
          Non-federated servers SHOULD return a 405 Method Not Allowed upon
          receipt of a POST request.
        </p>
      </section>

      <section id="followers">
        <h2>Followers Collection</h2>
        <p>
          Every <a href="#actors">actor</a> SHOULD have a <code>followers</code>
          collection.
          This is a list of everyone who has sent a
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-follow">Follow</a>
          activity for the actor, added as a
          <a href="#follow-activity-outbox">side effect</a>.
          This is where one would find a list of all the actors that are
          following the actor.
          The <code>followers</code> collection MUST be either an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>
          or a
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-collection">
            <code>Collection</code></a>
          and MAY be filtered on privileges of an authenticated user
          or as appropriate when no authentication is given.
        </p>

        <p class="note" title="Default for notification targeting">
          The follow activity generally is a request to see the objects an actor
          creates. This makes the Followers collection an appropriate default
          target for <a href="#delivery">delivery</a> of notifications.
        </p>
      </section>

      <section id="following">
        <h2>Following Collection</h2>
        <p>
          Every actor SHOULD have a <code>following</code> collection.
          This is a list of everybody that the actor has followed, added as a
          <a href="#follow-activity-outbox">side effect</a>.
          The <code>following</code> collection MUST be either an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>
          or a
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-collection">
            <code>Collection</code></a>
          and MAY be filtered on privileges of an authenticated user
          or as appropriate when no authentication is given.
        </p>
      </section>

      <section id="liked">
        <h2>Liked Collection</h2>
        <p>
          Every actor MAY have a <code>liked</code> collection.
          This is a list of every object from all of the actor's <code>Like</code>
          activities, added as a <a href="#like-activity-outbox">side effect</a>.
          The <code>liked</code> collection MUST be either an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>
          or a
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-collection">
            <code>Collection</code></a>
          and MAY be filtered on privileges of an authenticated user
          or as appropriate when no authentication is given.
        </p>
      </section>

      <section id="public-addressing">
        <h2>Public Addressing</h2>
        <p>
          In addition to [[!ActivityStreams]] collections and objects,
          Activities may additionally be addressed to the special "public"
          collection, with the identifier
          <code>https://www.w3.org/ns/activitystreams#Public</code>.
          For example:
        </p>
        <pre class="example">
          {
            "@context": "https://www.w3.org/ns/activitystreams",
            "id": "https://www.w3.org/ns/activitystreams#Public",
            "type": "Collection"
          }
        </pre>
        <p>
          Activities addressed to this special URI shall be accessible to all
          users, without authentication.
          Implementations MUST NOT deliver to the "public" special collection;
          it is not capable of receiving actual activities.
          However, actors MAY have a
          <a href="#sharedInbox"><code>sharedInbox</code></a>
          endpoint which is available for efficient shared delivery of public
          posts (as well as posts to followers-only); see
          <a href="#shared-inbox-delivery"></a>.
        </p>
        <div class="note">
          <p>
            Compacting an ActivityStreams object using the ActivityStreams
            JSON-LD context might result in
            <code>https://www.w3.org/ns/activitystreams#Public</code>
            being represented as simply <code>Public</code> or <code>as:Public</code>
            which are valid representations of the Public collection.
            Implementations which treat ActivityStreams objects as simply
            JSON rather than converting an incoming activity over to a
            local context using JSON-LD tooling should be aware of this
            and should be prepared to accept all three representations.
          </p>
        </div>
      </section>

      <section id="likes">
        <h2>Likes Collection</h2>
        <p>
          Every object MAY have a <code>likes</code> collection.
          This is a list of all <code>Like</code> activities with this object
          as the <code>object</code> property, added as a
          <a href="#like-activity-inbox">side effect</a>.
          The <code>likes</code> collection MUST be either an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>
          or a
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-collection">
            <code>Collection</code></a>
          and MAY be filtered on privileges of an authenticated user
          or as appropriate when no authentication is given.
        </p>

        <div class="note">
          <p>
            Care should be taken to not confuse the the
            <a href="#likes"><code>likes</code></a>
            collection with the similarly named but different
            <a href="#liked"><code>liked</code></a> collection.
            In sum:
          </p>

          <ul>
            <li>
              <b>liked:</b>
              Specifically a property of actors.
              This is a collection of <code>Like</code> activities performed
              <i>by the actor</i>,
              added to the collection as a
              <a href="#like-activity-outbox">
                side effect of delivery to the outbox</a>.
            </li>

            <li>
              <b>likes:</b>
              May be a property of any object.
              This is a collection of <code>Like</code> activities referencing
              this object,
              added to the collection as a
              <a href="#like-activity-inbox">
                side effect of delivery to the inbox</a>.
            </li>
          </ul>
        </div>
      </section>

      <section id="shares">
        <h2>Shares Collection</h2>
        <p>
          Every object MAY have a <code>shares</code> collection.
          This is a list of all <code>Announce</code> activities with this object
          as the <code>object</code> property, added as a
          <a href="#announce-activity-inbox">side effect</a>.
          The <code>shares</code> collection MUST be either an
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection">
            <code>OrderedCollection</code></a>
          or a
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-collection">
            <code>Collection</code></a>
          and MAY be filtered on privileges of an authenticated user
          or as appropriate when no authentication is given.
        </p>
      </section>
    </section>

    <section id="client-to-server-interactions">
      <h2>Client to Server Interactions</h2>
      <p>
        Activities as defined by [[!ActivityStreams]] are the core mechanism
        for creating, modifying and sharing content within the social graph.
      </p>

      <p>
        Client to server interaction takes place through clients posting
        Activities to an actor's <a href="#outbox">outbox</a>.
        To do this, clients MUST discover the URL of the actor's outbox from
	their <a href="#actor-objects">profile</a> and then MUST make an HTTP
        <code>POST</code> request to this URL with the Content-Type of
        <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>.
        Servers MAY interpret a Content-Type or Accept header of
        <code>application/activity+json</code> as equivalent
        to <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>
        for client-to-server interactions.
        The request MUST be authenticated with the credentials of the user to
        whom the outbox belongs.
        The body of the <code>POST</code> request MUST contain a single
        Activity (which MAY contain embedded objects), or a single non-Activity
        object which
        <a href="#object-without-create">will be wrapped in a Create activity
          by the server</a>.
      </p>
      <pre class="example" title="Submitting an Activity to the Outbox">
POST /outbox/ HTTP/1.1
Host: dustycloud.org
Authorization: Bearer XXXXXXXXXXX
Content-Type: application/ld+json; profile="https://www.w3.org/ns/activitystreams"

{
  "@context": ["https://www.w3.org/ns/activitystreams",
               {"@language": "en"}],
  "type": "Like",
  "actor": "https://dustycloud.org/chris/",
  "name": "Chris liked 'Minimal ActivityPub update client'",
  "object": "https://rhiaro.co.uk/2016/05/minimal-activitypub",
  "to": ["https://rhiaro.co.uk/#amy",
         "https://dustycloud.org/followers",
         "https://rhiaro.co.uk/followers/"],
  "cc": "https://e14n.com/evan"
}
      </pre>

      <p>
        If an Activity is submitted with a value in the <code>id</code>
        property, servers MUST ignore this and generate a new <code>id</code>
        for the Activity.
        Servers MUST return a <code>201 Created</code> HTTP code, and unless
        the activity is transient, MUST include the new <code>id</code> in the
        <code>Location</code> header.
      </p>
      <pre class="example" title="Outbox response to submitted Activity">
HTTP/1.1 201 Created
Location: https://dustycloud.org/likes/345
      </pre>

      <p id="remove-bto-bcc-before-delivery">
        The server MUST remove the <code>bto</code> and/or <code>bcc</code>
        properties, if they exist, from the ActivityStreams object before
        delivery, but MUST utilize the addressing originally stored
        on the <code>bto</code> / <code>bcc</code> properties for determining
        recipients in <a href="#delivery">delivery</a>.
      </p>

      <p>
        The server MUST then add this new Activity to the
        <a href="#outbox">outbox</a> collection.
        Depending on the type of Activity, servers may then be required to
        carry out further side effects.
        (However, there is no guarantee that time the Activity may appear in
        the outbox.
        The Activity might appear after a delay or disappear at any period).
        These are described per individual Activity below.
      </p>

      <p>
        Attempts to submit objects to servers not implementing client to server
        support SHOULD result in a <code>405 Method Not Allowed</code> response.
      </p>


      <p>
        HTTP caching mechanisms [[!RFC7234]] SHOULD be respected when
        appropriate, both in clients receiving responses from servers as well
        as servers sending responses to clients.
      </p>

      <section id="client-addressing">
        <h3>Client Addressing</h3>
          <p>
          <strong>Clients</strong> are responsible for addressing new Activities
          appropriately.
          To some extent, this is dependent upon the particular client
          implementation, but clients must be aware that the server will only
          forward new Activities to addressees in the <code>to</code>,
          <code>bto</code>, <code>cc</code>, <code>bcc</code>, and
          <code>audience</code> fields.
        </p>
        <p>
          The <a href="#followers">Followers Collection</a> and/or the
          <a href="#public-addressing">Public Collection</a> are good
          choices for the default addressing of new Activities.
        </p>
        <p>
          Clients SHOULD look at any objects attached to the new Activity via the
          <code>object</code>, <code>target</code>, <code>inReplyTo</code> and/or
          <code>tag</code> fields, retrieve <em>their</em> <code>actor</code> or
          <code>attributedTo</code> properties, and MAY also retrieve their addressing
          properties, and add these to the <code>to</code> or <code>cc</code>
          fields of the new Activity being created.
          Clients MAY recurse through attached objects, but if doing so, SHOULD
          set a limit for this recursion.
          (Note that this does not suggest that the client should "unpack"
          collections of actors being addressed as individual recipients).
        </p>
        <p>
          Clients MAY give the user the chance to amend this addressing in the
          UI.
        </p>
        <p>
          For example, when Chris likes the following article by Amy:
        </p>

        <pre class="example" title="An Article">
  {
    "@context": ["https://www.w3.org/ns/activitystreams",
                 {"@language": "en-GB"}],
    "id": "https://rhiaro.co.uk/2016/05/minimal-activitypub",
    "type": "Article",
    "name": "Minimal ActivityPub update client",
    "content": "Today I finished morph, a client for posting ActivityStreams2...",
    "attributedTo": "<strong>https://rhiaro.co.uk/#amy</strong>",
    "to": "<strong>https://rhiaro.co.uk/followers/</strong>",
    "cc": "<strong>https://e14n.com/evan</strong>"
  }
        </pre>

        <p>the like is generated by the client as:</p>

        <pre class="example" title="A Like of the Article">
  {
    "@context": ["https://www.w3.org/ns/activitystreams",
                 {"@language": "en"}],
    "type": "Like",
    "actor": "https://dustycloud.org/chris/",
    "summary": "Chris liked 'Minimal ActivityPub update client'",
    "object": "https://rhiaro.co.uk/2016/05/minimal-activitypub",
    "to": ["<strong>https://rhiaro.co.uk/#amy</strong>",
           "https://dustycloud.org/followers",
           "<strong>https://rhiaro.co.uk/followers/</strong>"],
    "cc": "<strong>https://e14n.com/evan</strong>"
  }
        </pre>

        <p>The receiving outbox can then perform <a href="#delivery">delivery</a>
        to not only the followers of Chris (the liker), but also to Amy, and Amy's
        followers and Evan, both of whom received the original article.</p>

        <p>
          Clients submitting the following activities to an <code>outbox</code>
          MUST provide the <code>object</code> property in the activity:
          <code>Create</code>, <code>Update</code>, <code>Delete</code>,
          <code>Follow</code>, <code>Add</code>, <code>Remove</code>,
          <code>Like</code>, <code>Block</code>, <code>Undo</code>.
          Additionally, clients submitting the following activities to an outbox
          MUST also provide the <code>target</code> property:
          <code>Add</code>, <code>Remove</code>.
        </p>

      </section>


      <section id="create-activity-outbox">
        <h3>Create Activity</h3>
        <p>
          The <code>Create</code> activity is used when posting a new object.
          This has the side effect that the object embedded within the Activity
          (in the <code>object</code> property) is created.
        </p>
        <p>
          When a <code>Create</code> activity is posted, the <code>actor</code>
          of the activity SHOULD be copied onto the <code>object</code>'s
          <code>attributedTo</code> field.
        </p>
        <p>
          A mismatch between addressing of the Create activity and its
          <code>object</code> is likely to lead to confusion.
          As such, a server SHOULD copy any recipients of the Create activity
          to its <code>object</code> upon initial distribution, and likewise
          with copying recipients from the <code>object</code> to the wrapping
          Create activity.
          Note that it is acceptable for the <code>object</code>'s addressing
          to be changed later without changing the <code>Create</code>'s
          addressing (for example via an <code>Update</code> activity).
        </p>

        <section id="object-without-create">
        <h4>Object creation without a Create Activity</h4>
        <p>
          For client to server posting, it is possible to submit an object for
          creation without a surrounding activity.
          The server MUST accept a valid [[!ActivityStreams]] object that
          isn't a subtype of <code>Activity</code> in the POST request to the
          outbox.
          The server then MUST attach this object as the <code>object</code>
          of a <a href="#create-activity-outbox">Create Activity</a>.
          For non-transient objects, the server MUST attach an
          <code>id</code> to both the wrapping <code>Create</code> and its
          wrapped <code>Object</code>.
        </p>

        <p class="note">
          The <code>Location</code> value returned by the server should be the URL of
          the new Create activity (rather than the object).
        </p>

        <p>
          Any <code>to</code>, <code>bto</code>, <code>cc</code>, <code>bcc</code>,
          and <code>audience</code> properties specified on the object MUST be
          copied over to the new Create activity by the server.
        </p>

        <pre class="example" title="Object with audience targeting">
        {
          "@context": "https://www.w3.org/ns/activitystreams",
          "type": "Note",
          "content": "This is a note",
          "published": "2015-02-10T15:04:55Z",
          "to": ["https://example.org/~john/"],
          "cc": ["https://example.com/~erik/followers",
                 "https://www.w3.org/ns/activitystreams#Public"]
        }
        </pre>

        The above example could be converted to this:
        <pre class="example" title="Create Activity wrapper generated by the server">
        {
          "@context": "https://www.w3.org/ns/activitystreams",
          "type": "Create",
          "id": "https://example.net/~mallory/87374",
          "actor": "https://example.net/~mallory",
          "object": {
            "id": "https://example.com/~mallory/note/72",
            "type": "Note",
            "attributedTo": "https://example.net/~mallory",
            "content": "This is a note",
            "published": "2015-02-10T15:04:55Z",
            "to": ["https://example.org/~john/"],
            "cc": ["https://example.com/~erik/followers",
                   "https://www.w3.org/ns/activitystreams#Public"]
          },
          "published": "2015-02-10T15:04:55Z",
          "to": ["https://example.org/~john/"],
          "cc": ["https://example.com/~erik/followers",
                 "https://www.w3.org/ns/activitystreams#Public"]
        }
        </pre>
        </section>
      </section>
      <section id="update-activity-outbox">
        <h3>Update Activity</h3>
        <p>
          The <code>Update</code> activity is used when updating an already
          existing object.
          The side effect of this is that the <code>object</code> MUST be
          modified to reflect the new structure as defined in the update
          activity, assuming the actor has permission to update this
          object.
        </p>

        <section id="partial-updates">
          <h4>Partial Updates</h4>
          <p>
            For client to server interactions, updates are partial;
            rather than updating the document all at once, any key value
            pair supplied is used to replace the existing value with
            the new value.
            This only applies to the top-level fields of the updated
            object.
            A special exception is for when the value is the json
            <code>null</code> type; this means that this field should be
            removed from the server's representation of the object.
          </p>
          <p>
            Note that this behavior is for client to server interaction where
            the client is posting to the server only.
            Server to server interaction and updates from the server to the client
            should contain the entire new representation of the object, after
            the partial update application has been applied.
            See the description of the
            <a href="#update-activity-inbox">Update activity for server to server
              interactions</a>
            for more details.
          </p>
        </section>
      </section>
      <section id="delete-activity-outbox">
        <h3>Delete Activity</h3>
        <p>
          The <code>Delete</code> activity is used to delete an already
          existing object.
          The side effect of this is that the server MAY replace the
          <code>object</code> with a <code>Tombstone</code> of the object
          that will be displayed in activities which reference the deleted
          object.
          If the deleted object is requested the server SHOULD respond with
          either the HTTP 410 Gone status code if a <code>Tombstone</code>
          object is presented as the response body, otherwise respond with a
          HTTP 404 Not Found.
        </p>

        <p>A deleted object:</p>
        <pre class="example">
          {
            "@context": "https://www.w3.org/ns/activitystreams",
            "id": "https://example.com/~alice/note/72",
            "type": "Tombstone",
            "published": "2015-02-10T15:04:55Z",
            "updated": "2015-02-10T15:04:55Z",
            "deleted": "2015-02-10T15:04:55Z"
          }
        </pre>
      </section>
      <section id="follow-activity-outbox">
        <h3>Follow Activity</h3>
        <p>
          The <code>Follow</code> activity is used to subscribe to the
          activities of another actor.
        </p>
        <p>
          The side effect of receiving this in an <strong>outbox</strong>
          is that the server SHOULD add the <code>object</code> to the
          <code>actor</code>'s <a href="#following"><code>following</code> Collection</a>
          when and only if an <code>Accept</code> activity is subsequently
          received with this <code>Follow</code> activity as its object.
        </p>
      </section>
      <section id="add-activity-outbox">
        <h3>Add Activity</h3>
        <p>
          Upon receipt of an <code>Add</code> activity into the
          <strong>outbox</strong>, the server SHOULD
          add the <code>object</code> to the collection specified in the
          <code>target</code> property, unless:
        </p>
        <ul>
          <li>
            the <code>target</code> is not owned by the receiving
            server, and thus they are not authorized to update it.
          </li>
          <li>
            the <code>object</code> is not allowed to be added to the
            <code>target</code> collection for some other reason, at the
            receiving server's discretion.
          </li>
        </ul>
      </section>
      <section id="remove-activity-outbox">
        <h3>Remove Activity</h3>
        <p>
          Upon receipt of a <code>Remove</code> activity into the
          <strong>outbox</strong>, the server SHOULD
          remove the <code>object</code> from the collection specified in the
          <code>target</code> property, unless:
        <ul>
          <li>
            the <code>target</code> is not owned by the receiving server, and
            thus they are not authorized to update it.
          </li>
          <li>
            the <code>object</code> is not allowed to be removed from the
            <code>target</code> collection for some other reason, at the
            receiving server's discretion.
          </li>
        </ul>
      </section>
      <section id="like-activity-outbox">
        <h3>Like Activity</h3>
        <p>
          The <code>Like</code> activity indicates the <code>actor</code> likes
          the <code>object</code>.
        </p>
        <p>
          The side effect of receiving this in an <strong>outbox</strong>
          is that the server SHOULD add the <code>object</code> to the
          <code>actor</code>'s <a href="#liked"><code>liked</code> Collection</a>.
        </p>
      </section>
      <section id="block-activity-outbox">
        <h3>Block Activity</h3>
        <p>
          The <code>Block</code> activity is used to indicate that the posting
          actor does not want another actor (defined in the <code>object</code>
          property) to be able to interact with objects posted by the actor
          posting the <code>Block</code> activity.
          The server SHOULD prevent the blocked user from interacting with any object
          posted by the actor.
        </p>
        <p>
          Servers SHOULD NOT deliver Block Activities to their <code>object</code>.
        </p>
      </section>
      <section id="undo-activity-outbox">
        <h3>Undo Activity</h3>
        <p>
          The <code>Undo</code> activity is used to undo a previous activity.
          See the Activity Vocabulary documentation on
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#inverse">
            Inverse Activities and "Undo"</a>.
          For example, <code>Undo</code> may be used to undo a previous
          <code>Like</code>, <code>Follow</code>, or <code>Block</code>.
          The undo activity and the activity being undone MUST both have the
          same actor.
          Side effects should be undone, to the extent possible.
          For example, if undoing a <code>Like</code>, any counter that had
          been incremented previously should be decremented appropriately.
        </p>

        <p>
          There are some exceptions where there is an existing and explicit
          "inverse activity" which should be used instead.
          <code>Create</code> based activities should instead use
          <code>Delete</code>, and <code>Add</code> activities should use
          <code>Remove</code>.
        </p>
      </section>

      <section id="client-to-server-outbox-delivery">
        <h3>Delivery</h3>
        <p>
          Federated servers MUST perform delivery on all Activities posted to the
          <strong>outbox</strong> according to <a href="#outbox-delivery">
          outbox delivery</a>.
        </p>
      </section>

      <section id="uploading-media" class="informative">
        <h2>Uploading Media</h2>
        <p>
          Servers MAY support uploading document types to be referenced in
          activites, such as images, video or other binary data, but the
          precise mechanism is out of scope for this version of ActivityPub.
          The Social Web Community Group is refining the protocol in the
          <a href="https://www.w3.org/wiki/SocialCG/ActivityPub/MediaUpload">ActivityPub Media Upload report</a>.
        </p>
      </section>


    </section>

    <section id="server-to-server-interactions">
      <h2>Server to Server Interactions</h2>
      <p>
        Servers communicate with other servers and propagate information across
        the social graph by posting activities to actors'
        <a href="#inbox">inbox</a> endpoints.
        An Activity sent over the network SHOULD have an <code>id</code>,
        unless it is intended to be transient (in which case it MAY omit the
        <code>id</code>).
      <p>
        <code>POST</code> requests (eg. to the inbox) MUST be made with a Content-Type of
        <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>
        and <code>GET</code> requests (see also <a href="#retrieving-objects"></a>) 
        with an Accept header of 
        <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>.
        Servers SHOULD interpret a Content-Type or Accept
        header of <code>application/activity+json</code> as equivalent
        to <code>application/ld+json; profile="https://www.w3.org/ns/activitystreams"</code>
        for server-to-server interactions.
      </p>
      <p>
        In order to propagate updates throughout the social graph, Activities
        are sent to the appropriate recipients.
        First, these recipients are determined through following the
        appropriate links between objects until you reach an actor, and then
        the Activity is inserted into the actor's <em>inbox</em>
        (<a href="#delivery">delivery</a>).
        This allows recipient servers to:
      </p>
      <ul>
        <li>
          conduct any side effects related to the Activity (for example,
          notification that an actor has liked an object is used to update the
          object's like count);
        </li>
        <li>
          deliver the Activity to recipients of the original object, to ensure
          updates are propagated to the whole social graph (see <a href="#inbox-forwarding">
          inbox delivery</a>).
        </li>
      </ul>
      <p>Delivery is usually triggered by, for example:</p>
      <ul>
        <li>
          an Activity being created in an actor's <a href="#outbox">outbox</a>
          with their <a href="#followers">Followers Collection</a> as the
          recipient.
        </li>
        <li>
          an Activity being created in an actor's <a href="#outbox">outbox</a>
          with directly addressed recipients.
        </li>
        <li>
          an Activity being created in an actors's <a href="#outbox">outbox</a>
          with user-curated collections as recipients.
        </li>
        <li>
          an Activity being created in an actor's <a href="#outbox">outbox</a> or
          <a href="#inbox">inbox</a> which references another object.
        </li>
      </ul>

      <p>
        Servers performing delivery to the <code>inbox</code> or
        <code>sharedInbox</code> properties of actors on other servers MUST
        provide the <code>object</code> property in the activity:
        <code>Create</code>, <code>Update</code>, <code>Delete</code>,
        <code>Follow</code>, <code>Add</code>, <code>Remove</code>,
        <code>Like</code>, <code>Block</code>, <code>Undo</code>.
        Additionally, servers performing server to server delivery of the
        following activities MUST also provide the <code>target</code>
        property: <code>Add</code>, <code>Remove</code>.
      </p>

      <p>
        HTTP caching mechanisms [[!RFC7234]] SHOULD be respected when
        appropriate, both when receiving responses from other servers as well
        as sending responses to other servers.
      </p>

      <section id="delivery">
        <h2>Delivery</h2>

        <p><i>
          The following is required by federated servers communicating with
          other federated servers only.
        </i></p>

        <p>
          An activity is delivered to its targets (which are
          <a href="#actors">actors</a>) by first looking up the targets'
          inboxes and then posting the activity to those inboxes.
          Targets for delivery are determined by checking the
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#audienceTargeting">
            ActivityStreams audience targeting</a>;
          namely, the <code>to</code>, <code>bto</code>, <code>cc</code>,
          <code>bcc</code>, and <code>audience</code> fields of the activity.
        </p>

        <p>
          The <a href="#inbox">inbox</a> is determined by first
          <a href="#retrieving-objects">
            retrieving the target actor's JSON-LD representation</a>
          and then looking up the <code>inbox</code> property.
          If a recipient is a <code>Collection</code> or <code>OrderedCollection</code>,
          then the server MUST dereference the collection (with the user's
          credentials) and discover inboxes for each item in the collection.
          Servers MUST limit the number of layers of indirections through
          collections which will be performed, which MAY be one.
        </p>

        <p>
          Servers MUST de-duplicate the final recipient list. Servers MUST also
          exclude actors from the list which are the same as the <code>actor</code>
          of the Activity being notified about. That is, actors shouldn't have their
          own activities delivered to themselves.
        </p>

        <p class="note" title="Silent and private activities">
          What to do when there are no recipients specified is not defined,
          however it's recommended that if no recipients are specified the
          object remains completely private and access controls restrict the
          access to object.
          If the object is just sent to the "public" collection the object is
          not delivered to any actors but is publicly viewable in the actor's
          outbox.
        </p>

        <p>
          An HTTP POST request (with authorization of the submitting user) is
          then made to the <a href="#inbox">inbox</a>, with the Activity as
          the body of the request.
          This Activity is added by the receiver as an <code>item</code> in the
          <a href="#inbox">inbox</a> OrderedCollection.
          Attempts to deliver to an inbox on a non-federated server SHOULD
          result in a <code>405 Method Not Allowed</code> response.
        </p>

        <p>
          For federated servers performing delivery to a third party server,
          delivery SHOULD be performed asynchronously, and SHOULD additionally
          retry delivery to recipients if it fails due to network error.
        </p>

        <p>
          <strong>Note:</strong> Activities being distributed between actors on
          the same origin may use any internal mechanism, and are not required
          to use HTTP.
        </p>

        <p class="note" id="ldn-relationship" title="Relationship to Linked Data Notifications">
          While it is not required reading to understand this specification,
          it is worth noting that ActivityPub's targeting and delivery
          mechanism overlaps with the
          <a href="https://www.w3.org/TR/ldn/">Linked Data Notifications</a>
          specification, and the two specifications may interoperably
          combined.
          In particular, the <code>inbox</code> property is the same between
          ActivityPub and Linked Data Notifications, and the targeting
          and delivery systems described in this document are supported
          by Linked Data Notifications.
          In addition to JSON-LD compacted ActivityStreams documents, Linked
          Data Notifications also supports a number of RDF serializations
          which are not required for ActivityPub implementations.
          However, ActivityPub implementations which wish to be more broadly
          compatible with Linked Data Notifications implementations may wish to
          support other RDF representations.
        </p>

        <section id="outbox-delivery">
          <h3>Outbox Delivery Requirements for Server to Server</h3>
          <p>
            When objects are received in the <a href="#outbox">outbox</a>
            (for servers which support both
            <a href="#client-to-server-interactions">Client to Server interactions</a>
            and
            <a href="#server-to-server-interactions">Server to Server Interactions</a>),
            the server MUST target and deliver to:
          </p>
          <ul>
            <li>
              The <code>to</code>, <code>bto</code>, <code>cc</code>,
              <code>bcc</code> or <code>audience</code> fields if their values
              are individuals or Collections owned by the actor.
            </li>
          </ul>
          <p>
            These fields will have been <a href="#client-addressing">
            populated appropriately by the client</a> which posted the Activity
            to the outbox.
          </p>
        </section>

        <section id="inbox-forwarding">
          <h3>Forwarding from Inbox</h3>

          <div class="note" title="Forwarding to avoid the ghost replies problem">
            <p>
              The following section is to mitigate the "ghost replies" problem
              which occasionally causes problems on federated networks.
              This problem is best demonstrated with an example.
            </p>

            <p>
              Alyssa makes a post about her having successfully presented a
              paper at a conference and sends it to her followers collection,
              which includes her friend Ben.
              Ben replies to Alyssa's message congratulating her and includes
              her followers collection on the recipients.
              However, Ben has no access to see the members of Alyssa's
              followers collection, so his server does not forward his messages
              to their inbox.
              Without the following mechanism, if Alyssa were then to reply to
              Ben, her followers would see Alyssa replying to Ben without having
              ever seen Ben interacting.
              This would be very confusing!
            </p>
          </div>

          <p>
            When Activities are received in the <a href="#inbox">inbox</a>, the
            server needs to forward these to recipients that the origin was unable
            to deliver them to. To do this, the server MUST target and
            <a href="#delivery">deliver</a>
            to the values of <code>to</code>, <code>cc</code>, and/or <code>audience</code>
            if and only if all of the following are true:
          </p>
          <ul>
            <li>This is the first time the server has seen this Activity.</li>
            <li>
              The values of <code>to</code>, <code>cc</code>, and/or
              <code>audience</code> contain a Collection owned by the server.
            </li>
            <li>
              The values of <code>inReplyTo</code>, <code>object</code>,
              <code>target</code> and/or <code>tag</code> are objects owned by
              the server.
              The server SHOULD recurse through these values to look for linked objects
              owned by the server, and SHOULD set a maximum limit for recursion (ie. the
              point at which the thread is so deep the recipients followers may not mind
              if they are no longer getting updates that don't directly involve the
              recipient).
              The server MUST only target the values of <code>to</code>,
              <code>cc</code>, and/or <code>audience</code>
              on the original object being forwarded, and not pick up any new
              addressees whilst recursing through the linked objects
              (in case these addressees were purposefully amended by or via the client).
            </li>
          </ul>
          <p>
            The server MAY filter its delivery targets according to
            implementation-specific rules (for example, spam filtering).
          </p>
        </section>

        <section id="shared-inbox-delivery">
          <h2>Shared Inbox Delivery</h2>
          <p>
            For servers hosting many actors, delivery to all followers can
            result in an overwhelming number of messages sent.
            Some servers would also like to display a list of all messages
            posted publicly to the "known network".
            Thus ActivityPub provides an optional mechanism for serving these
            two use cases.
          </p>
          <p>
            When an object is being delivered to the originating actor's
            followers, a server MAY reduce the number of receiving actors
            delivered to by identifying all followers which share the same
            <a href="#sharedInbox">sharedInbox</a>
            who would otherwise be individual recipients and instead deliver
            objects to said <code>sharedInbox</code>.
            Thus in this scenario, the remote/receiving server participates
            in determining targeting and performing delivery to specific
            inboxes.
          </p>
          <p>
            Additionally, if an object is addressed to the
            <a href="#public-addressing">Public</a> special collection, a
            server MAY deliver that object to all known
            <code>sharedInbox</code> endpoints on the network.
          </p>
          <p>
            Origin servers sending publicly addressed activities to
            <code>sharedInbox</code> endpoints MUST still deliver to actors
            and collections otherwise addressed (through <code>to</code>,
            <code>bto</code>, <code>cc</code>, <code>bcc</code>, and
            <code>audience</code>) which do not have a <code>sharedInbox</code>
            and would not otherwise receive the activity through the
            <code>sharedInbox</code> mechanism.
          </p>
        </section>
      </section>

      <section id="create-activity-inbox">
        <h3>Create Activity</h3>
        <p>
          Receiving a <code>Create</code> activity in an <code>inbox</code> has
          surprisingly few side effects; the activity should appear in the
          actor's <code>inbox</code> and it is likely that the server will want
          to locally store a representation of this activity and its accompanying
          object.
          However, this mostly happens in general with processing activities
          delivered to an <code>inbox</code> anyway.
        </p>
      </section>

      <section id="update-activity-inbox">
        <h3>Update Activity</h3>
        <p>
          For server to server interactions, an <code>Update</code> activity
          means that the receiving server SHOULD update its copy of the
          <code>object</code> of the same <code>id</code> to the copy
          supplied in the <code>Update</code> activity.
          Unlike the
          <a href="#update-activity-outbox">
            client to server handling of the Update activity</a>,
          this is not a partial update but a complete replacement of the object.
        </p>
        <p>
          The receiving server MUST take care to be sure that the
          <code>Update</code> is authorized to modify its <code>object</code>.
          At minimum, this may be done by ensuring that the <code>Update</code>
          and its <code>object</code> are of same origin.
        </p>
      </section>

      <section id="delete-activity-inbox">
        <h3>Delete Activity</h3>
        <p>
          The side effect of receiving this is that (assuming the
          <code>object</code> is owned by the sending actor / server) the
          server receiving the delete activity SHOULD remove its representation
          of the <code>object</code> with the same <code>id</code>, and MAY
          replace that representation with a <code>Tombstone</code> object.
        </p>
        <p>
          (Note that after an activity has been transmitted from an origin
          server to a remote server, there is nothing in the ActivityPub
          protocol that can <em>enforce</em> remote deletion of an object's
          representation).
        </p>
      </section>

      <section id="follow-activity-inbox">
        <h3>Follow Activity</h3>

        <p>
          The side effect of receiving this in an <strong>inbox</strong> is
          that the server SHOULD generate either an <code>Accept</code> or
          <code>Reject</code> activity with the Follow as the
          <code>object</code> and deliver it to the <code>actor</code> of the
          Follow.
          The <code>Accept</code> or <code>Reject</code> MAY be generated
          automatically, or MAY be the result of user input (possibly after
          some delay in which the user reviews).
          Servers MAY choose to not explicitly send a <code>Reject</code>
          in response to a <code>Follow</code>, though implementors ought to
          be aware that the server sending the request could be left in an
          intermediate state.
          For example, a server might not send a <code>Reject</code> to protect
          a user's privacy.
        </p>

        <p>
          In the case of receiving an <code>Accept</code> referencing this
          <code>Follow</code> as the object, the server SHOULD add the
          <code>actor</code> to the object actor's
          <a href="#followers">Followers Collection</a>.
          In the case of a <code>Reject</code>, the server MUST NOT add the
          actor to the object actor's
          <a href="#followers">Followers Collection</a>.
        </p>

        <div class="note">
          <p>
            Sometimes a successful <code>Follow</code> subscription may
            occur but at some future point delivery to the follower fails
            for an extended period of time.
            Implementations should be aware that there is no guarantee
            that actors on the network will remain reachable and should
            implement accordingly.
            For instance, if attempting to deliver to an actor for perhaps
            six months while the follower remains unreachable, it is
            reasonable that the delivering server remove the subscriber
            from the <code>followers</code> list.
            Timeframes and behavior for dealing with unreachable actors are
            left to the discretion of the delivering server.
          </p>
        </div>
        
      </section>

      <section id="accept-activity-inbox">
        <h3>Accept Activity</h3>
        <p>
          The side effect of receiving this in an <strong>inbox</strong> is
          determined by the type of the <code>object</code> received,
          and it is possible to accept types not described in this document
          (for example, an <code>Offer</code>).
        </p>

        <p>
          If the <code>object</code> of an <code>Accept</code> received to an
          <strong>inbox</strong> is a <code>Follow</code> activity
          previously sent by the receiver, the server SHOULD add the
          <code>actor</code> to the receiver's
          <a href="#following">Following Collection</a>.
        </p>
      </section>
      
      <section id="reject-activity-inbox">
        <h3>Reject Activity</h3>
        <p>
          The side effect of receiving this in an <strong>inbox</strong> is
          determined by the type of the <code>object</code> received,
          and it is possible to reject types not described in this document
          (for example, an <code>Offer</code>).
        </p>

        <p>
          If the <code>object</code> of a <code>Reject</code> received to an
          <strong>inbox</strong> is a <code>Follow</code> activity
          previously sent by the receiver, this means the recipient did not
          approve the <code>Follow</code> request. The server MUST NOT add the
          <code>actor</code> to the receiver's
          <a href="#following">Following Collection</a>.
        </p>
      </section>

      <section id="add-activity-inbox">
        <h3>Add Activity</h3>
        <p>
          Upon receipt of an <code>Add</code> activity into the
          <strong>inbox</strong>, the server SHOULD
          add the <code>object</code> to the collection specified in the
          <code>target</code> property, unless:
        </p>
        <ul>
          <li>
            the <code>target</code> is not owned by the receiving server, and
            thus they can't update it.
          </li>
          <li>
            the <code>object</code> is not allowed to be added to the
            <code>target</code> collection for some other reason, at the
            receiver's discretion.
          </li>
        </ul>
      </section>
      <section id="remove-activity-inbox">
        <h3>Remove Activity</h3>
        <p>
          Upon receipt of a <code>Remove</code> activity into the
          <strong>inbox</strong>, the server SHOULD
          remove the <code>object</code> from the collection specified in the
          <code>target</code> property, unless:
        <ul>
          <li>
            the <code>target</code> is not owned by the receiving server, and
            thus they can't update it.
          </li>
          <li>
            the <code>object</code> is not allowed to be removed to the
            <code>target</code> collection for some other reason, at the
            receiver's discretion.
          </li>
        </ul>
      </section>
      <section id="like-activity-inbox">
        <h3>Like Activity</h3>
        <p>
          The side effect of receiving this in an <strong>inbox</strong> is
          that the server SHOULD increment the object's count of likes by
          adding the received activity to the
          <a href="#likes"><code>likes</code></a> collection
          if this collection is present.
        </p>
      </section>
      <section id="announce-activity-inbox">
        <h3>Announce Activity (sharing)</h3>
        <p>
          Upon receipt of an <code>Announce</code> activity in an
          <strong>inbox</strong>, a server SHOULD increment the object's count
          of shares by adding the received activity to the
          <a href="#shares"><code>shares</code></a> collection
          if this collection is present.
        </p>
        <div class="note">
          The <code>Announce</code> activity is effectively what is known as
          "sharing", "reposting", or "boosting" in other social networks.
        </div>
      </section>
      <section id="undo-activity-inbox">
        <h3>Undo Activity</h3>
        <p>
          The <code>Undo</code> activity is used to undo the side effects
          of previous activities.
          See the ActivityStreams documentation on
          <a href="https://www.w3.org/TR/activitystreams-vocabulary/#inverse">
            Inverse Activities and "Undo"</a>.
          The scope and restrictions of the <code>Undo</code> activity
          are the same as for
          <a href="#undo-activity-outbox">
            the Undo activity in the context of client to server
            interactions</a>,
          but applied to a federated context.
        </p>
      </section>
    </section>

    <section id="i18n-concerns" class="appendix informative">
      <h2>Internationalization</h2>
      <p>
        Building an international base of users is important in a federated
        network.
        <a href="https://www.w3.org/TR/activitystreams-core/#naturalLanguageValues">
          ActivityStreams provides tooling for internationalization of content</a>,
        which should be used whenever possible.
        However, it can be difficult for implementations to determine which
        <a href="https://www.w3.org/TR/activitystreams-core/#defaultlangcontext">
          <code>@language</code> property</a>
        to provide for user-submitted content.
        The
        <a href="https://www.w3.org/International/">W3C Internationalization group</a>
        provides some
        <a href="https://www.w3.org/International/wiki/LanguageDetection">
          guidance on language detection</a>.
      </p>
    </section>

    <section id="security-considerations" class="appendix informative">
      <h2>Security Considerations</h2>
      
      <section id="authorization">
        <h3>Authentication and Authorization</h3>
        <p>
          ActivityPub uses authentication for two purposes; first, to
          authenticate clients to servers, and secondly in federated
          implementations to authenticate servers to each other.
        </p>

        <p>
          Unfortunately at the time of standardization, there are no strongly
          agreed upon mechanisms for authentication.
          Some possible directions for authentication are laid out 
          <a href="https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization">in 
          the Social Web Community Group Authentication and 
          Authorization best practices report</a>.
        </p>

      </section>

      <section id="security-verification">
        <h2>Verification</h2>
        <p>
          Servers should not trust client submitted content, and
          federated servers also should not trust content received from a server
          other than the content's origin without some form of verification.
        </p>
        <p>
          Servers should be careful to verify that new content is really posted
          by the actor that claims to be posting it, and that the actor has
          permission to update the resources it claims to.
          See also
          <a href="#obj"></a> and <a href="#authorization"></a>.
        </p>
      </section>

      <section id="security-localhost">
        <h2>Accessing localhost URIs</h2>
        <p>
          It is often convenient while developing to test against a process
          running on localhost.
          However, permitting requests to localhost in a production client or
          server instance can be dangerous.
          Making requests to URIs on localhost which do not require
          authorization may unintentionally access or modify resources assumed
          to be protected to be usable by localhost-only.
        </p>
        <p>
          If your ActivityPub server or client does permit making requests to
          localhost URIs for development purposes, consider making it a
          configuration option which defaults to off.
        </p>
      </section>

      <section id="security-uri-schemes">
        <h2>URI Schemes</h2>
        <p>
          There are many types of URIs aside from just <code>http</code> and
          <code>https</code>.
          Some libraries which handle fetching requests at various URI schemes
          may try to be smart and reference schemes which may be undesirable,
          such as <code>file</code>.
          Client and server authors should carefully check how their libraries
          handle requests, and potentially whitelist only certain safe URI
          types, such as <code>http</code> and <code>https</code>.
        </p>
      </section>

      <section id="security-recursive-objects">
        <h2>Recursive Objects</h2>
        <p>
          Servers should set a limit on how deep to recurse while resolving objects,
          or otherwise specially handle ActivityStreams objects with recursive
          references.
	  Failure to properly do so may result in denial-of-service security
	  vulnerabilities.
        </p>
      </section>

      <section id="security-spam">
        <h2>Spam</h2>
        <p>
          Spam is a problem in any network, perhaps especially so in federated
          networks.
          While no specific mechanism for combating spam is provided in
          ActivityPub, it is recommended that servers filter incoming content
          both by local untrusted users and any remote users through some
          sort of spam filter.
        </p>
      </section>

      <section id="security-federation-dos">
        <h2>Federation denial-of-service</h2>
          <p>
            Servers should implement protections against denial-of-service
            attacks from other, federated servers.
            This can be done using, for example, some kind of ratelimiting
            mechanism.
            Servers should be especially careful to implement this protection
            around activities that involve side effects.
            Servers SHOULD also take care not to overload servers with
            submissions, for example by using an exponential backoff strategy.
          </p>
      </section>

      <section id="security-c2s-ratelimiting">
        <h2>Client-to-server ratelimiting</h2>
          <p>
            Servers should ratelimit API client submissions.
            This serves two purposes:
            <ol>
              <li>
                It prevents malicious clients from conducting
                denial-of-service attacks on the server.
              </li>
              <li>
                It ensures that the server will not distribute so many
                activities that it triggers another
                server's <a href="#security-federation-dos">denial-of-service
                protections</a>.
              </li>
            </ol>
          </p>
      </section>

      <section id="security-c2s-response-dos">
        <h2>Client-to-server response denial-of-service</h2>
        <p>
          In order to prevent a client from being overloaded by oversized
          Collections, servers should take care to limit the size of Collection 
          pages they return to clients.
          Clients should still be prepared to limit the size of
          responses they are willing to handle in case they connect to malicious or
          compromised servers, for example by timing out and generating
          an error.
        </p>
      </section>

      <section id="security-sanitizing-content">
        <h2>Sanitizing Content</h2>
        <p>
          Any activity field being rendered for browsers (or other rich
          text enabled applications) should take care to sanitize fields
          containing markup to prevent cross site scripting attacks.
        </p>
      </section>

      <section id="security-not-displaying-bto-bcc">
        <h2>Not displaying bto and bcc properties</h2>
        <p>
          <code>bto</code> and <code>bcc</code> already
          <a href="#remove-bto-bcc-before-delivery">must be removed for delivery</a>,
          but servers are free to decide how to represent the object
          in their own storage systems.
          However, since <code>bto</code> and <code>bcc</code> are only intended
          to be known/seen by the original author of the object/activity,
          servers should omit these properties during display as well.
        </p>
      </section>
    </section>

    <section class="appendix informative" id="acknowledgements">
      <h2>Acknowledgements</h2>
      <p>
        This specification comes from years of hard work and experience by a
        number of communities exploring the space of federation on the web.
        In particular, much of this specification is informed by
        <a href="https://www.w3.org/community/ostatus/wiki/Main_Page">OStatus</a>
        and the
        <a href="https://github.com/pump-io/pump.io/blob/master/API.md">Pump API</a>,
        as pioneered by StatusNet (now GNU Social) and Pump.io.
        Both of those initiatives were the product of many developers' hard work,
        but more than anyone, Evan Prodromou has been a constant leader in this
        space, and it is unlikely that ActivityPub would exist in something
        resembling its current state without his hard work.
      </p>

      <p>
        Erin Shepherd built the initial version of this specification, borrowed
        from the ideas in the
        <a href="https://github.com/pump-io/pump.io/blob/master/API.md">Pump API</a>
        document, mostly as a complete rewrite of text, but sharing most of
        the primary ideas while switching from ActivityStreams 1 to
        ActivityStreams 2.
      </p>

      <p>
        Jessica Tallon and Christopher Lemmer Webber took over as editors when
        the standard moved to the W3C Social Working Group and did the majority
        of transition from Erin Shepherd's document to its current state as
        ActivityPub.
        Much of the document was rewritten and reorganized under the long feedback
        process of the Social Working Group.
      </p>

      <p>
        ActivityPub has been shaped by the careful input of many members in the
        W3C Social Working Group.
        ActivityPub especially owes a great debt to Amy Guy, who has done more
        than anyone to map the ideas across the different Social Working Group
        documents through her work on [[Social-Web-Protocols]].
        Amy also laid out the foundations for a significant refactoring of the
        ActivityPub spec while sprinting for four days with Christopher Allan
        Webber.
        These revisions lead to cleaner separation between the client to server
        and server components, along with clarity about ActivityPub's relationship
        to [[!LDN]], among many other improvements.
        Special thanks also goes to Benjamin Goering for putting together the
        implementation report template.
        We also thank mray for producing the spectacular tutorial illustrations
        (which are licensed under the same license as the rest of this
        document).
      </p>

      <p>
        Many people also helped ActivityPub along through careful review.
        In particular, thanks to:
        Aaron Parecki,
        AJ Jordan,
        Benjamin Goering,
        Caleb Langeslag,
        Elsa Balderrama,
        elf Pavlik,
        Eugen Rochko,
        Erik Wilde,
        Jason Robinson,
        Manu Sporny,
        Michael Vogel,
        Mike Macgirvin,
        nightpool,
        Puck Meerburg,
        Sandro Hawke,
        Sarven Capadisli,
        Tantek Çelik, and
        Yuri Volkov.
      </p>

      <p>
        This document is dedicated to all citizens of planet Earth.
        You deserve freedom of communication; we hope we have contributed in
        some part, however small, towards that goal and right.
      </p>
    </section>
  </body>
</html>