> should we remove
if this is removed, then you lose a very valuable ability to address things like "the audience of a conversation" or "the members of a group". i would strongly recommend NOT removing it.
current behavior in mastodon is to upgrade "direct" posts to "limited" when a recipient is detected that doesn't dereference to either a user or a user's followers. they get presented in the mastodon api as "followers" though (for compat), so further interactions lose this nuance.
> 7.1.2
wrt inbox forwarding, this only helps when addressing collections of *someone else*, where the contents are private. for your own collections, unless you plan to deliver all such activities to yourself with the expectation that you will forward them (why didn't the outbox do it for you?^1), it doesn't help you.
^1: if the outbox doesn't have your credentials, then it can't do this. in this case, you or your client is responsible for deliveries, and the outbox only publishes.
i would be fine with removing this collection expansion behavior from outbox delivery if it was decided that outbox delivery itself is problematic and should be removed -- probably in favor of the client being responsible for sending notifications, where the client can apply whatever logic it wants.
this is kinda what mastodon does right now as a monolith -- it is both the activitypub client (submitting to its internal outbox) and also the http agent for linked data notifications.
@julian there's probably a bunch of open issues on the https://github.com/w3c/activitypub/issues tracker regarding the problems with outbox delivery. those problems might be addressable all together, but it might instead make more sense to conceive of a sort of "LDN proxy" which handles deliveries instead (and holds your keys as an HTTP agent sending signed messages)
@trwnh@mastodon.social so collection expansion is mainly for when I am sending an activity to collections that I control?
Then I'm wondering why this needs to be explicitly spelled out and required because it seems to be inferred already from a UX perspective.
@julian i don't think it's "inferred", and leaving ambiguous cases up to inference in specification is typically called "unspecified behavior" 
say you are an outbox and you get an activity to: some id. you deref the id and get some info. what do you do?
- in all cases, if it has an `inbox`, you send an LDN to that id if you can.
- in case it's an as:Collection, you iterate over its items in theory and repeat step 1 recursively. (this is also problematic because it can be both paged+unpaged)
@julian now remove the requirement. what do you do instead?
- if it has ldp:inbox, send an LDN
...and that's it. at no point were you ever told or required to do anything else, so your followers/audience/members/etc will never get the activity even if addressed, because the collection was never expanded.
@trwnh@mastodon.social said in Expanding collections on delivery:
> say you are an outbox and you get an activity to: some id. you deref the id and get some info. what do you do?
Simple. My outboxes send a "not supported" HTTP tag 
But I'm being facetious.
From a C2S standpoint I suppose that makes sense. Thanks.
@julian well, sure, with a monolithic implementation, the client and the outbox and the delivery agent are all the same app. but they don't have to be. the model is that the client submits to the outbox, and the outbox could also talk to a separate delivery agent internally. it's all opaque from outside the outbox. your internal "outbox" is the code that serializes activities and sends them to the delivery workers.
@silverpill @julian @technical-discussion
a "local collection" might still have access control on it.
(the interface being assumed throughout the AP spec is HTTP, or at least HTTP semantics; "with the user's credentials" in this case means using an Authorization header that lets the outbox access the collection. it's only confusing if you have a monolith with no boundaries between the outbox and anything else; in that case it'd be "lookup the collection in your db/store/etc")
@silverpill @julian @technical-discussion
example: alice and bob on site.example each have followers collections, but alice can't see bob's followers. if alice addresses bob's followers collection, then alice's outbox can't deliver to bob's followers. alice must address bob, and bob can choose to forward to bob's followers (inbox forwarding)
if site.example has a collection of "local users" that alice can see, then alice can address it and alice's outbox can deliver to items
@trwnh The statement is in "Server to Server Interactions" part of the spec, so it's either a database lookup or a remote collection.
@silverpill @technical-discussion it's part of the outbox delivery algorithm, which bridges between c2s and s2s. the intention is that the outbox publishes activities via c2s, but then optionally delivers based on addressing properties via s2s
(this ends up having other issues in practice due to the lack of an envelope, but at least the intent of "relevant activities should trigger notifications for relevant entities" makes sense, per 6.1 clients "look at" some relevant props)
@trwnh @silverpill @technical-discussion I'd claim that *outboxes* don't publish or deliver anything. Servers do. In all but one place, the spec wording is consistent with this claim. But... there is one place (out of many mentioning the outbox) that is phrased "the receiving outbox can then perform delivery". 
Although I believe this is just poor writing (very common in the spec), I suppose one could use this exception to claim outboxes deliver activities instead of servers.
@eyeinthesky @silverpill @technical-discussion outboxes are HTTP resources (commonly), and we use that HTTP resource's internal semantics (via HTTP POST, which is specified to mean exactly this) to publish and deliver.
the idea of a "server" is actually a lot less real than most would think. you have an application listening on TCP port 443 that you can talk to with TLS and HTTP, but after you send it the HTTP POST, everything else is completely opaque internally.
@eyeinthesky @silverpill @technical-discussion i would say the most consistent answer is that deliveries are done by an HTTP agent which delivers a constrained LDN (AS2 document with exactly 1 activity). this role *might* be played by the same software handling the outbox, but it doesn't have to be.
sending http agent -> POST -> ap outbox -> [internal interfaces] -> delivering http agent -> POST -> inbox
the [internal interfaces] can be anything, including HTTP POST
@eyeinthesky @silverpill @technical-discussion in most cases right now the [internal interfaces] are probably hardcoded function calls in the codebase between e.g. outbox controller and delivery workers. the outbox controller could do synchronous delivery inline if it wanted to, but async is more advantageous usually
@trwnh @silverpill @technical-discussion "Servers" are the term in the spec for what implements the AP side-effects. If Alice's *server* has access to Bob's follower collection, then it can be resolved and processed for delivery. This doesn't mean that Alice's "outbox" (if that even exists internally beyond the HTTP endpoint) has access to Bob's followers collections. The spec actually doesn't say anything about that AFAICT.
@eyeinthesky @silverpill @technical-discussion sure, but the "server" can have any internal architecture it wants -- monolith, microservice, etc -- and at the level of HTTP (the most common instantiation of AP, because AP uses HTTP semantics), you are talking to outboxes. you could deliver to inboxes yourself (and there might be good reasons to do this instead of expecting outboxes to deliver for you!) but you don't get to talk to a "server" directly, just an HTTP Host/Resource
Citiverse è un progetto che si basa su NodeBB ed è federato! | Categorie federate | Chat | 📱 Installa web app o APK | 🧡 Donazioni | Privacy Policy
