88 < script class ="remove ">
99 var respecConfig = {
1010 specStatus : "ED" ,
11- publishDate : "2018 -01-23 " ,
11+ publishDate : "2024 -01-04 " ,
1212 previousPublishDate : "2018-01-23" ,
1313 previousMaturity : "REC" ,
1414 license : "w3c-software-doc" ,
@@ -252,7 +252,7 @@ <h2>Overview</h2>
252252 (client-to-server and/or server-to-server)
253253 </ li >
254254 </ ul >
255-
255+
256256 < p >
257257 Of course, if that last one (GET'ing from someone's outbox) was the
258258 only way to see what people have sent, this wouldn't be a very
@@ -501,7 +501,7 @@ <h2>Objects</h2>
501501 the object appears as received at its origin, but mechanisms
502502 such as checking signatures would be better if available).
503503 No particular mechanism for verification is authoritatively specified by
504- this document, but please see < a href ="#security-considerations "> Security
504+ this document, but please see < a href ="#security-considerations "> Security
505505 Considerations</ a > for some suggestions and good practices.
506506 </ p >
507507 < div class ="informative ">
@@ -682,7 +682,7 @@ <h2>Actors</h2>
682682 ActivityPub actors are generally one of the
683683 < a href ="https://www.w3.org/TR/activitystreams-vocabulary/#actor-types ">
684684 ActivityStreams Actor Types</ a > ,
685- but they don't have to be. For example, a
685+ but they don't have to be. For example, a
686686 < a href ="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-profile ">
687687 Profile</ a > object
688688 might be used as an actor, or a type from an ActivityStreams extension.
@@ -910,7 +910,7 @@ <h2><i>Actor</i> objects</h2>
910910 </ div >
911911 < p class ="note " id ="actor-text-direction ">
912912 Properties containing natural language values,
913- such as < code > name</ code > , < code > preferredUsername </ code > , or
913+ such as < code > name</ code > or
914914 < code > summary</ code > , make use of
915915 < a href ="https://www.w3.org/TR/activitystreams-core/#naturalLanguageValues ">
916916 natural language support defined in ActivityStreams</ a > .
@@ -940,10 +940,13 @@ <h2>Collections</h2>
940940 or an
941941 < a href ="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection ">
942942 < code > OrderedCollection</ code > </ a > .
943- An
943+ These
944944 < a href ="https://www.w3.org/TR/activitystreams-vocabulary/#dfn-orderedcollection ">
945945 < code > OrderedCollection</ code > </ a >
946- MUST be presented consistently in reverse chronological order.
946+ objects MUST be presented consistently in reverse chronological order.
947+ Collections defined in other vocabularies, including extensions,
948+ are not subject to this requirement and can be unordered or ordered
949+ by other criteria.
947950 </ p >
948951
949952 < p class ="note ">
@@ -1636,9 +1639,9 @@ <h3>Undo Activity</h3>
16361639 < section id ="client-to-server-outbox-delivery ">
16371640 < h3 > Delivery</ h3 >
16381641 < p >
1639- Federated servers MUST perform delivery on all Activities posted to the
1640- < strong > outbox</ strong > according to < a href ="#outbox-delivery ">
1641- outbox delivery </ a > .
1642+ Federated servers SHOULD perform delivery on all Activities posted to the
1643+ < strong > outbox</ strong > according to < a href ="#outbox-delivery "> outbox delivery </ a > .
1644+ Servers MAY filter activities for privacy, abuse mitigation, or other reasons .
16421645 </ p >
16431646 </ section >
16441647
@@ -1668,8 +1671,8 @@ <h2>Server to Server Interactions</h2>
16681671 < p >
16691672 < code > POST</ code > requests (eg. to the inbox) MUST be made with a Content-Type of
16701673 < code > application/ld+json; profile="https://www.w3.org/ns/activitystreams"</ code >
1671- and < code > GET</ code > requests (see also < a href ="#retrieving-objects "> </ a > )
1672- with an Accept header of
1674+ and < code > GET</ code > requests (see also < a href ="#retrieving-objects "> </ a > )
1675+ with an Accept header of
16731676 < code > application/ld+json; profile="https://www.w3.org/ns/activitystreams"</ code > .
16741677 Servers SHOULD interpret a Content-Type or Accept
16751678 header of < code > application/activity+json</ code > as equivalent
@@ -1833,7 +1836,7 @@ <h3>Outbox Delivery Requirements for Server to Server</h3>
18331836 < a href ="#client-to-server-interactions "> Client to Server interactions</ a >
18341837 and
18351838 < a href ="#server-to-server-interactions "> Server to Server Interactions</ a > ),
1836- the server MUST target and deliver to:
1839+ the server SHOULD target and deliver to:
18371840 </ p >
18381841 < ul >
18391842 < li >
@@ -1842,6 +1845,10 @@ <h3>Outbox Delivery Requirements for Server to Server</h3>
18421845 are individuals or Collections owned by the actor.
18431846 </ li >
18441847 </ ul >
1848+ < p >
1849+ Servers MAY filter activities for privacy, abuse mitigation,
1850+ or other reasons.
1851+ </ p >
18451852 < p >
18461853 These fields will have been < a href ="#client-addressing ">
18471854 populated appropriately by the client</ a > which posted the Activity
@@ -2046,7 +2053,7 @@ <h3>Follow Activity</h3>
20462053 left to the discretion of the delivering server.
20472054 </ p >
20482055 </ div >
2049-
2056+
20502057 </ section >
20512058
20522059 < section id ="accept-activity-inbox ">
@@ -2066,7 +2073,7 @@ <h3>Accept Activity</h3>
20662073 < a href ="#following "> Following Collection</ a > .
20672074 </ p >
20682075 </ section >
2069-
2076+
20702077 < section id ="reject-activity-inbox ">
20712078 < h3 > Reject Activity</ h3 >
20722079 < p >
@@ -2189,7 +2196,7 @@ <h2>Internationalization</h2>
21892196
21902197 < section id ="security-considerations " class ="appendix informative ">
21912198 < h2 > Security Considerations</ h2 >
2192-
2199+
21932200 < section id ="authorization ">
21942201 < h3 > Authentication and Authorization</ h3 >
21952202 < p >
@@ -2201,9 +2208,9 @@ <h3>Authentication and Authorization</h3>
22012208 < p >
22022209 Unfortunately at the time of standardization, there are no strongly
22032210 agreed upon mechanisms for authentication.
2204- Some possible directions for authentication are laid out
2205- < a href ="https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization "> in
2206- the Social Web Community Group Authentication and
2211+ Some possible directions for authentication are laid out
2212+ < a href ="https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization "> in
2213+ the Social Web Community Group Authentication and
22072214 Authorization best practices report</ a > .
22082215 </ p >
22092216
@@ -2318,7 +2325,7 @@ <h2>Client-to-server ratelimiting</h2>
23182325 < h2 > Client-to-server response denial-of-service</ h2 >
23192326 < p >
23202327 In order to prevent a client from being overloaded by oversized
2321- Collections, servers should take care to limit the size of Collection
2328+ Collections, servers should take care to limit the size of Collection
23222329 pages they return to clients.
23232330 Clients should still be prepared to limit the size of
23242331 responses they are willing to handle in case they connect to malicious or
@@ -2432,5 +2439,18 @@ <h2>Acknowledgements</h2>
24322439 some part, however small, towards that goal and right.
24332440 </ p >
24342441 </ section >
2442+
2443+ < section class ="appendix informative " id ="changelog ">
2444+ < h2 > Changelog</ h2 >
2445+ < p >
2446+ This section is non-normative.
2447+ </ p >
2448+ < li >
2449+ < ul > < strong > 2024-01-04</ strong > : Include erratum allowing filtering in section 6.11.</ ul >
2450+ < ul > < strong > 2024-01-04</ strong > : Include erratum allowing filtering in section 7.1.1.</ ul >
2451+ < ul > < strong > 2024-01-04</ strong > : Include erratum allowing different ordering in collections in section 5.</ ul >
2452+ < ul > < strong > 2024-01-04</ strong > : Include erratum removing preferredUsername from list of natural-language-enabled properties in section 4.1.</ ul >
2453+ </ li >
2454+ </ section >
24352455 </ body >
24362456</ html >
0 commit comments