mastodon/FEDERATION.md

# Federation

## Supported federation protocols and standards

- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
- [WebFinger](https://webfinger.net/)
- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
- [NodeInfo](https://nodeinfo.diaspora.software/)

## Supported FEPs

- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)

## ActivityPub in Mastodon

Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.

- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)

### Required extensions

#### WebFinger

In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.

As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.

- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)

#### HTTP Signatures

In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).

Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.

- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)

### Optional extensions

- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)
- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)

### Additional documentation

- [Mastodon documentation](https://docs.joinmastodon.org/)
docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 12:11:47 +01:00			`# Federation`

			`## Supported federation protocols and standards`

			`- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)`
			`- [WebFinger](https://webfinger.net/)`
			`- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)`
			`- [NodeInfo](https://nodeinfo.diaspora.software/)`

			`## Supported FEPs`

			`- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)`
			`- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)`
			`- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)`
			`- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)`

			`## ActivityPub in Mastodon`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.`

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 12:11:47 +01:00			`- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`### Required extensions`

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 12:11:47 +01:00			`#### WebFinger`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
			`This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.`

			As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 12:11:47 +01:00			`- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`#### HTTP Signatures`

			In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).

			Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 12:11:47 +01:00			`- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)`
Add FEDERATION.md (#17029) Some ActivityPub projects have a FEDERATION.md which is used to describe the various extensions they use. Everything here is also documented elsewhere, but it's a concise starting point with links to that documentation. 2021-11-23 00:15:31 +01:00
			`### Optional extensions`

docs: update FEDERATION.md to more closely follow FEP conventions. (#28838) 2024-01-22 12:11:47 +01:00			`- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)`
			`- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)`

			`### Additional documentation`

			`- [Mastodon documentation](https://docs.joinmastodon.org/)`