osma,
@osma@mas.to avatar

A case of spec ambiguity, maybe? I can't find a mention in WebFinger or ActivityPub specs of usernames being case insensitive. Are @osma and @osma referring to the same actor? Is that up to implementation? How does a remote server determine which is correct?

Edit: I wrote above (at)Osma@mas.to and (at)osma@mas.to, but some part of the stack converted both to a lowercase mention during posting. I don't know which part, and what specs describes that.

#WebFinger #ActivityPub

mikedev,

To my knowledge there are no specifications for this. It's left completely to the implementation. Some projects have case-sensitive usernames and some do not. Some provide case-insensitive search and some do not. As a general rule, you'll often avoid issues if you use whatever form was used by the source of the information that you got it from.

osma,
@osma@mas.to avatar

@mikedev
Yep. I only ran into this when my server received messages with mixed conventions... Didn't have a unique lowercase index on the actors, so ended up having two records for the "same" one -- for informal understandings of sameness.

aslakr,
@aslakr@mastodon.social avatar

@osma Maybe https://datatracker.ietf.org/doc/html/rfc7565#section-6

> o The userpart consists only of Unicode code points that conform to the PRECIS IdentifierClass specified in [RFC7564].

and https://datatracker.ietf.org/doc/html/rfc7564#section-5.2.3 ?

osma,
@osma@mas.to avatar

@aslakr
Thanks. This is closest to the topic among everything I've seen, but I just can't place where it says unambiguously whether case should be folded or not. For example:

> If an application needs to compare two 'acct' URIs (e.g., for purposes of authentication and authorization), it MUST do so using case normalization and percent-encoding normalization as specified in Sections 6.2.2.1 and 6.2.2.2 of [RFC3986].

..only refer to scheme, host and percent-encoding.

aslakr,
@aslakr@mastodon.social avatar

@osma The IdentifierClass is defined in https://datatracker.ietf.org/doc/html/rfc7564#section-4.2 but does it say somewhere that activitypub should use UsernameCaseMapped Profile https://datatracker.ietf.org/doc/html/rfc8265#section-3.3 or UsernameCasePreserved Profile https://datatracker.ietf.org/doc/html/rfc8265#section-3.4

I have no idea, but I suppose UsernameCaseMapped seems appropriate.

osma,
@osma@mas.to avatar

@aslakr
I googled for various combinations of keywords on this, and couldn't find anything that would tie ActivityPub, ActivityStreams, or WebFinger to the UsernameCaseMapped or -Preserved profiles.

osma,
@osma@mas.to avatar

Watching my own server incoming stream, I have noticed for example that Fediverse@lemmy.ml and fediverse@lemmy.ml both appear. I don't see an automatic method for determining whether they're distinct entities. The actor_uri's appear to resolve to the same thing with a different (case sensitive) URL.
https://lemmy.ml/u/Fediverse
https://lemmy.ml/u/fediverse

osma,
@osma@mas.to avatar

ActivityStreams identifies actors by id (IRI, which by convention but not by spec is URL): https://www.w3.org/TR/activitystreams-core/#actors. This spec makes no use of username@server.domain style mentions, because those come from WebFinger. "All URIs are IRIs" (modulo Unicode), and all URLs are URIs. RFC 3986 states in reference to all but the scheme and host components:

> The other generic syntax components are assumed to be case-sensitive unless specifically defined otherwise by the scheme

osma,
@osma@mas.to avatar

WebFinger uses the acct URI scheme [RFC 7565], which says "The userpart consists only of Unicode code points that conform to the PRECIS IdentifierClass specified in [RFC7564]", and refers to case folding/normalization ONLY wrt scheme, host and percent-encoding, not the username.

There is a UsernameCaseMapped profile for IdentifierClass [RFC 8265], but no ActivityPub related spec refers to it. Thanks to @aslakr for the references!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • meta
  • Macbeth
  • All magazines
    •