FEP-bebd: Follow Invites

This is the discussion thread for the draft FEP-bebd: Follow Invites

> This document describes an alternative method of accepting follow requests via an 'invite code' intended to be used with Private FEP-1b12 Groups, although it is applicable to any Actor. It further defines an extension of Webfinger to resolve an InviteCode to its corresponding Actor.

Full text here:
https://codeberg.org/MaddyUnderStars/fep/src/branch/invites/fep/bebd/fep-bebd.md

#fep_bebd #fep #fedidev

FEP-f228: Backfilling conversations has been updated:
https://codeberg.org/fediverse/fep/pulls/853

I added tootik and Lemmy to the implementation list and did a little cleanup. This FEP feels complete, so I am requesting final comments.

Full text:

https://fediverse.codeberg.page/fep/fep/f228/

#fep_f228 #fep #fedidev

Wrote my first FEP :) I guess I'd like some feedback before making the MR

Shoot, my ActivityPub instant messenger, already uses a slight modification of this protocol. I'll probably be updating Shoot to follow it properly soon.

FEP-bebd: Follow Invites

https://codeberg.org/MaddyUnderStars/fep/src/branch/invites/fep/bebd/fep-bebd.md

#FEP #fediverse #fedidev

FEP-baf5: Administrator Collection

This is the discussion thread for the draft FEP-baf5: Administrator Collection

This FEP introduces a mechanism for discovering the administrators of an ActivityPub instance. It extends the "Group Moderator" pattern from [FEP 1b12][1b12] and the "Application Actor" concept from [FEP 2677][2677] by defining an OrderedCollection of administrators referenced from the instance's application actor.

The full draft can be read here.

https://activitypub.space/post/1942

Question re: Origin Based Security Model (FEP-fe34)

I received a security vulnerability report regarding NodeBB's handling of Update and Delete activities.

tl;dr

• NodeBB implementes FEP fe34, and treats Update and Delete activities as valid if the activity's actor and the object's attributedTo differ but the origins are identical.
• e.g. @[email protected] is allowed to federate Delete(Note) on @[email protected]'s Note.
• The origin-based security model allows for moderator-style actions (third-party post editing and deletions) in the absence of explicit moderator claims.
• The reporter disagrees that this should be allowed.

Are they right? [...]

https://activitypub.space/post/1919

Recurring Events in Federation

https://event-federation.eu/2026/05/15/recurring-events-in-federation/

Multiple handles for Activity Intents

Hi @[email protected] I've got a question about Activity Intents!

I'm implementing it now (as you noticed) and have run into an interesting issue. The wording of 3b86 suggests that the intents are distinct between users. That is, the end user inputs their handle, the handle is queried via webfinger, and supported Intents are returned.

However, the intents themselves don't really distinguish between users.[...]

https://activitypub.space/post/1869

Hey @[email protected],

we are looking into your #Go #Activitypub library to implement federation in #LAUTI

One thing we need to do is implement the #FEP 8a8e by @[email protected]

Do you have time for a quick call to get an overview?

FEP-8b32 (Object Integrity Proofs) is getting updated: https://codeberg.org/fediverse/fep/pulls/839

I added two new requirements:

- Objects identified using fragment IDs SHOULD NOT have integrity proofs. It is enough to secure the top-level document.
- Verifiers SHOULD ignore proofs that use unsupported algorithms and verification methods. This requirement provides forward compatibility, which is important because sooner or later we will need to use different algorithms.

#fep_8b32 #fep #fedidev