JP SugarbroadDec 17, 2022
So I'm reading the #ActivityPub spec, and honestly I don't understand why this is built on JSON-LD. While it makes sense for things to be *compatible* with it, requiring it in all compliant implementations is, in my opinion, a terrible mistake. Anyone that takes shortcuts or has bugs in expansion has potential gaping #security holes. Can I craft a message in which a compliant implementation sees user X but a naïve one sees user Y? I'm pretty sure I can.
Show threadJeffrey Yasskin

@taral Lol, welcome to the part of the W3C that thought the #SemanticWeb was a good idea. There's still an active argument in the Verifiable Credentials space about whether to make things JSON-LD: https://github.com/w3c/vc-data-model/issues/947.

The #SocialWebWG had some critical divisions that almost prevented it from publishing the ActivityPub REC, but I don't know if this was even part of that.

Make the usage of `@context` optional · Issue #947 · w3c/vc-data-model

It has been suggested that the use of @context should be made optional. This would be a normative change to the current specification, as the use of @context is required in both JSON and JSON-LD. T...

GitHub
Dec 17, 2022 at 9:00pmWeb
Show threadJP SugarbroadDec 17, 2022
@jyasskin It's not unrecoverable - the standard could be modified to impose a specific JSON schema so that non-LD consumers could operate in safety
Show threadJeffrey YasskinDec 17, 2022
@taral I'm sure we'll have that argument if the WG is rechartered.
Show threadJP SugarbroadDec 17, 2022
@jyasskin Of course the reality is that people will implement whatever works with the major implementations, regardless of what the standard says. And then in a couple of years the WG will have to deal with the fallout. 😞