#social 2020-07-26

2020-07-26 UTC
sl007, ajordan and montezuma joined the channel
# 17:19 
montezuma hi I have a question regarding activitypub. Is there any mechanism to allow an actor to modify a remote object, that is an object that he doesn't own but that he is allowed to modify? What I mean, for example, if an actor creates an object, say an Article, and wants to allow his colleagues to edit the object from another instance, how can this be implemented?
# 17:19 
montezuma As far as I know in the spec there isn't a "ask permission" activity
# 17:21 
montezuma should the colleague just send an "update" activity to the actor who owns the Article and then the owner will do the actual update?
# 17:28 
BradKoehn[m] The specification doesn't get into that kind of detail, so the specifics of the interaction will be up to you to define. I would probably use an "Update" object on the article, which combined with proper authorization should allow the actor to make the change.
# 17:30 
BradKoehn[m] To use AP to determine the permissions you'd need to extend the existing objects; you could add a `permission` section to any document that describes the roles permitted to do things to it, or ACLs, or however you'd like to model authorization in your application. But it would probably take the form of an extension to the base specification.
# 17:32 
nightpool[m] you don't even need to go that far, I think most implementations are happy handling permissions internally
# 17:32 
nightpool[m] without really needing to expose them to the s2s protocol
# 17:37 
montezuma thank you. Basically if actor A wants to edit the "content" property of a remote Article, the idea is to create an Update activity where the object of the activity is the remote object (that the actor doesn't own) and when the actor who own the article receives the activity it can decide to add the changes or not?
# 17:40 
nightpool[m] yep!
# 17:41 
montezuma ty