@fedify/fedify 0.10.0-dev.194 → 0.10.0-dev.195

package/CHANGES.md

@@ -18,7 +18,7 @@ To be released.
      -  The `importSpki()` function now accepts Ed25519 keys.
      -  The `exportJwk()` function now exports Ed25519 keys.
 
- -  Now multiple key pairs can be registered for an actor.
+ -  Now multiple key pairs can be registered for an actor.  [[FEP-521a], [#55]]
 
      -  Added `Context.getActorKeyPairs()` method.
      -  Deprecated `Context.getActorKey()` method.
@@ -31,6 +31,45 @@ To be released.
      -  Deprecated the third parameter of the `ActorDispatcher` callback type.
         Use `Context.getActorKeyPairs()` method instead.
 
+ -  Added `Multikey` class to Activity Vocabulary API.  [[FEP-521a], [#55]]
+
+     -  Added `importMultibaseKey()` function.
+     -  Added `exportMultibaseKey()` function.
+
+ -  Added `assertionMethod` property to the `Actor` types in the Activity
+    Vocabulary API.  [[FEP-521a], [#55]]
+
+     -  Added `Application.getAssertionMethod()` method.
+     -  Added `Application.getAssertionMethods()` method.
+     -  `new Application()` constructor now accepts `assertionMethod` option.
+     -  `new Application()` constructor now accepts `assertionMethods` option.
+     -  `Application.clone()` method now accepts `assertionMethod` option.
+     -  `Application.clone()` method now accepts `assertionMethods` option.
+     -  Added `Group.getAssertionMethod()` method.
+     -  Added `Group.getAssertionMethods()` method.
+     -  `new Group()` constructor now accepts `assertionMethod` option.
+     -  `new Group()` constructor now accepts `assertionMethods` option.
+     -  `Group.clone()` method now accepts `assertionMethod` option.
+     -  `Group.clone()` method now accepts `assertionMethods` option.
+     -  Added `Organization.getAssertionMethod()` method.
+     -  Added `Organization.getAssertionMethods()` method.
+     -  `new Organization()` constructor now accepts `assertionMethod` option.
+     -  `new Organization()` constructor now accepts `assertionMethods` option.
+     -  `Organization.clone()` method now accepts `assertionMethod` option.
+     -  `Organization.clone()` method now accepts `assertionMethods` option.
+     -  Added `Person.getAssertionMethod()` method.
+     -  Added `Person.getAssertionMethods()` method.
+     -  `new Person()` constructor now accepts `assertionMethod` option.
+     -  `new Person()` constructor now accepts `assertionMethods` option.
+     -  `Person.clone()` method now accepts `assertionMethod` option.
+     -  `Person.clone()` method now accepts `assertionMethods` option.
+     -  Added `Service.getAssertionMethod()` method.
+     -  Added `Service.getAssertionMethods()` method.
+     -  `new Service()` constructor now accepts `assertionMethod` option.
+     -  `new Service()` constructor now accepts `assertionMethods` option.
+     -  `Service.clone()` method now accepts `assertionMethod` option.
+     -  `Service.clone()` method now accepts `assertionMethods` option.
+
  -  Deprecated `treatHttps` option in `FederationParameters` interface.
     Instead, use the [x-forwarded-fetch] library to recognize the
     `X-Forwarded-Host` and `X-Forwarded-Proto` headers.
@@ -43,6 +82,7 @@ To be released.
         `url`.
 
 [#55]: https://github.com/dahlia/fedify/issues/55
+[FEP-521a]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
 [x-forwarded-fetch]: https://github.com/dahlia/x-forwarded-fetch
 
 

package/esm/deps/jsr.io/@std/encoding/0.224.3/base64url.js

@@ -0,0 +1,83 @@
+// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+/**
+ * Utilities for
+ * {@link https://www.rfc-editor.org/rfc/rfc4648.html#section-5 | base64url}
+ * encoding and decoding.
+ *
+ * This module is browser compatible.
+ *
+ * @module
+ */
+import * as base64 from "./base64.js";
+/**
+ * Some variants allow or require omitting the padding '=' signs:
+ * https://en.wikipedia.org/wiki/Base64#The_URL_applications
+ *
+ * @param base64url
+ */
+function addPaddingToBase64url(base64url) {
+    if (base64url.length % 4 === 2)
+        return base64url + "==";
+    if (base64url.length % 4 === 3)
+        return base64url + "=";
+    if (base64url.length % 4 === 1) {
+        throw new TypeError("Illegal base64url string!");
+    }
+    return base64url;
+}
+function convertBase64urlToBase64(b64url) {
+    if (!/^[-_A-Z0-9]*?={0,2}$/i.test(b64url)) {
+        // Contains characters not part of base64url spec.
+        throw new TypeError("Failed to decode base64url: invalid character");
+    }
+    return addPaddingToBase64url(b64url).replace(/\-/g, "+").replace(/_/g, "/");
+}
+function convertBase64ToBase64url(b64) {
+    return b64.endsWith("=")
+        ? b64.endsWith("==")
+            ? b64.replace(/\+/g, "-").replace(/\//g, "_").slice(0, -2)
+            : b64.replace(/\+/g, "-").replace(/\//g, "_").slice(0, -1)
+        : b64.replace(/\+/g, "-").replace(/\//g, "_");
+}
+/**
+ * Convert data into a base64url-encoded string.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc4648.html#section-5}
+ *
+ * @param data The data to encode.
+ * @returns The base64url-encoded string.
+ *
+ * @example Usage
+ * ```ts
+ * import { encodeBase64Url } from "@std/encoding/base64url";
+ * import { assertEquals } from "@std/assert/assert-equals";
+ *
+ * assertEquals(encodeBase64Url("foobar"), "Zm9vYmFy");
+ * ```
+ */
+export function encodeBase64Url(data) {
+    return convertBase64ToBase64url(base64.encodeBase64(data));
+}
+/**
+ * Decodes a given base64url-encoded string.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc4648.html#section-5}
+ *
+ * @param b64url The base64url-encoded string to decode.
+ * @returns The decoded data.
+ *
+ * @example Usage
+ * ```ts
+ * import { decodeBase64Url } from "@std/encoding/base64url";
+ * import { assertEquals } from "@std/assert/assert-equals";
+ *
+ * assertEquals(
+ *   decodeBase64Url("Zm9vYmFy"),
+ *   new TextEncoder().encode("foobar")
+ * );
+ * ```
+ */
+export function decodeBase64Url(b64url) {
+    return base64.decodeBase64(convertBase64urlToBase64(b64url));
+}

package/esm/deps/jsr.io/@std/semver/{0.224.2 → 0.224.3}/mod.js

@@ -269,7 +269,7 @@
  * If you want to know if a version satisfies or does not satisfy a range, use the
  * {@linkcode satisfies} function.
  *
- * This module is browser compatible.
+ *
  *
 
  *

package/esm/federation/handler.js

@@ -1,6 +1,6 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
-import { accepts } from "../deps/jsr.io/@std/http/0.224.3/negotiation.js";
+import { accepts } from "../deps/jsr.io/@std/http/0.224.4/negotiation.js";
 import { verifyRequest } from "../sig/http.js";
 import { doesActorOwnKey } from "../sig/owner.js";
 import { Activity, Link, Object, OrderedCollection, OrderedCollectionPage, } from "../vocab/vocab.js";

package/esm/federation/middleware.js

@@ -5,7 +5,7 @@ import { exportJwk, importJwk, validateCryptoKey } from "../sig/key.js";
 import { getKeyOwner } from "../sig/owner.js";
 import { handleNodeInfo, handleNodeInfoJrd } from "../nodeinfo/handler.js";
 import { fetchDocumentLoader, getAuthenticatedDocumentLoader, kvCache, } from "../runtime/docloader.js";
-import { Activity, CryptographicKey } from "../vocab/mod.js";
+import { Activity, CryptographicKey, Multikey, } from "../vocab/mod.js";
 import { handleWebFinger } from "../webfinger/handler.js";
 import { buildCollectionSynchronizationHeader } from "./collection.js";
 import { handleActor, handleCollection, handleInbox, handleObject, } from "./handler.js";
@@ -307,6 +307,18 @@ export class Federation {
                             "URI.  Set the property with Context.getInboxUri().");
                     }
                 }
+                if (callbacks.keyPairsDispatcher != null) {
+                    if (actor.publicKeyId == null) {
+                        logger.warn("You configured a key pairs dispatcher, but the actor does " +
+                            "not have a publicKey property.  Set the property with " +
+                            "Context.getActorKeyPairs(handle).");
+                    }
+                    if (actor.assertionMethodId == null) {
+                        logger.warn("You configured a key pairs dispatcher, but the actor does " +
+                            "not have an assertionMethod property.  Set the property " +
+                            "with Context.getActorKeyPairs(handle).");
+                    }
+                }
                 return actor;
             },
         };
@@ -961,6 +973,11 @@ class ContextImpl {
                     owner,
                     publicKey: keyPair.publicKey,
                 }),
+                multikey: new Multikey({
+                    id: keyPair.keyId,
+                    controller: owner,
+                    publicKey: keyPair.publicKey,
+                }),
             };
             result.push(newPair);
         }

package/esm/nodeinfo/types.js

@@ -1,4 +1,4 @@
-import { format } from "../deps/jsr.io/@std/semver/0.224.2/mod.js";
+import { format } from "../deps/jsr.io/@std/semver/0.224.3/mod.js";
 /**
  * Converts a {@link NodeInfo} object to a JSON value.
  * @param nodeInfo The {@link NodeInfo} object to convert.

package/esm/runtime/key.js

@@ -1,5 +1,12 @@
 import * as dntShim from "../_dnt.shims.js";
+import { createPublicKey } from "node:crypto";
+import { concat } from "../deps/jsr.io/@std/bytes/0.224.0/concat.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/0.224.3/base64.js";
+import { decodeBase64Url } from "../deps/jsr.io/@std/encoding/0.224.3/base64url.js";
+import { decodeHex } from "../deps/jsr.io/@std/encoding/0.224.3/hex.js";
+import { Integer, Sequence } from "asn1js";
+import { decode, encode } from "multibase";
+import { addPrefix, getCodeFromData, rmPrefix } from "multicodec";
 import { PublicKeyInfo } from "pkijs";
 import { validateCryptoKey } from "../sig/key.js";
 const algorithms = {
@@ -44,3 +51,78 @@ export async function exportSpki(key) {
     pem = (pem.match(/.{1,64}/g) || []).join("\n");
     return `-----BEGIN PUBLIC KEY-----\n${pem}\n-----END PUBLIC KEY-----\n`;
 }
+/**
+ * Imports a [Multibase]-encoded public key.
+ *
+ * [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+ * @param key The Multibase-encoded public key.
+ * @returns The imported public key.
+ * @throws {TypeError} If the key is invalid or unsupported.
+ * @since 0.10.0
+ */
+export async function importMultibaseKey(key) {
+    const decoded = decode(key);
+    const code = getCodeFromData(decoded);
+    const content = rmPrefix(decoded);
+    if (code === 0x1205) { // rsa-pub
+        const keyObject = createPublicKey({
+            // deno-lint-ignore no-explicit-any
+            key: content,
+            format: "der",
+            type: "pkcs1",
+        });
+        const spki = keyObject.export({ type: "spki", format: "der" }).buffer;
+        return await dntShim.crypto.subtle.importKey("spki", spki, { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, true, ["verify"]);
+    }
+    else if (code === 0xed) { // ed25519-pub
+        return await dntShim.crypto.subtle.importKey("raw", content, "Ed25519", true, ["verify"]);
+    }
+    else {
+        throw new TypeError("Unsupported key type: " + code);
+    }
+}
+/**
+ * Exports a public key in [Multibase] format.
+ *
+ * [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+ * @param key The public key to export.
+ * @returns The exported public key in Multibase format.
+ * @throws {TypeError} If the key is invalid or unsupported.
+ * @since 0.10.0
+ */
+export async function exportMultibaseKey(key) {
+    let content;
+    let code;
+    if (key.algorithm.name === "Ed25519") {
+        content = await dntShim.crypto.subtle.exportKey("raw", key);
+        code = 0xed; // ed25519-pub
+    }
+    else if (key.algorithm.name === "RSASSA-PKCS1-v1_5" &&
+        key.algorithm.hash.name ===
+            "SHA-256") {
+        const jwk = await dntShim.crypto.subtle.exportKey("jwk", key);
+        const n = concat([new Uint8Array([0]), decodeBase64Url(jwk.n)]);
+        const sequence = new Sequence({
+            value: [
+                new Integer({
+                    isHexOnly: true,
+                    valueHex: n,
+                }),
+                new Integer({
+                    isHexOnly: true,
+                    valueHex: decodeBase64Url(jwk.e),
+                }),
+            ],
+        });
+        content = sequence.toBER(false);
+        code = 0x1205; // rsa-pub
+    }
+    else {
+        throw new TypeError("Unsupported key type: " + JSON.stringify(key.algorithm));
+    }
+    const codeHex = code.toString(16);
+    const codeBytes = decodeHex(codeHex.length % 2 < 1 ? codeHex : "0" + codeHex);
+    const prefixed = addPrefix(codeBytes, new Uint8Array(content));
+    const encoded = encode("base58btc", prefixed);
+    return new TextDecoder().decode(encoded);
+}

package/esm/testing/fixtures/w3id.org/security/multikey/v1

@@ -0,0 +1,35 @@
+{
+  "@context": {
+    "id": "@id",
+    "type": "@type",
+    "@protected": true,
+    "Multikey": {
+      "@id": "https://w3id.org/security#Multikey",
+      "@context": {
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+        "controller": {
+          "@id": "https://w3id.org/security#controller",
+          "@type": "@id"
+        },
+        "revoked": {
+          "@id": "https://w3id.org/security#revoked",
+          "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+        },
+        "expires": {
+          "@id": "https://w3id.org/security#expiration",
+          "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+        },
+        "publicKeyMultibase": {
+          "@id": "https://w3id.org/security#publicKeyMultibase",
+          "@type": "https://w3id.org/security#multibase"
+        },
+        "secretKeyMultibase": {
+          "@id": "https://w3id.org/security#secretKeyMultibase",
+          "@type": "https://w3id.org/security#multibase"
+        }
+      }
+    }
+  }
+}

package/esm/testing/fixtures/www.w3.org/ns/did/v1

@@ -0,0 +1,58 @@
+{
+  "@context": {
+    "@protected": true,
+    "id": "@id",
+    "type": "@type",
+
+    "alsoKnownAs": {
+      "@id": "https://www.w3.org/ns/activitystreams#alsoKnownAs",
+      "@type": "@id"
+    },
+    "assertionMethod": {
+      "@id": "https://w3id.org/security#assertionMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "authentication": {
+      "@id": "https://w3id.org/security#authenticationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityDelegation": {
+      "@id": "https://w3id.org/security#capabilityDelegationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityInvocation": {
+      "@id": "https://w3id.org/security#capabilityInvocationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "controller": {
+      "@id": "https://w3id.org/security#controller",
+      "@type": "@id"
+    },
+    "keyAgreement": {
+      "@id": "https://w3id.org/security#keyAgreementMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "service": {
+      "@id": "https://www.w3.org/ns/did#service",
+      "@type": "@id",
+      "@context": {
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+        "serviceEndpoint": {
+          "@id": "https://www.w3.org/ns/did#serviceEndpoint",
+          "@type": "@id"
+        }
+      }
+    },
+    "verificationMethod": {
+      "@id": "https://w3id.org/security#verificationMethod",
+      "@type": "@id"
+    }
+  }
+}

package/esm/vocab/application.yaml

@@ -7,6 +7,8 @@ description: Describes a software application.
 defaultContext:
 - "https://www.w3.org/ns/activitystreams"
 - "https://w3id.org/security/v1"
+- "https://www.w3.org/ns/did/v1"
+- "https://w3id.org/security/multikey/v1"
 - manuallyApprovesFollowers: "as:manuallyApprovesFollowers"
   toot: "http://joinmastodon.org/ns#"
   discoverable: "toot:discoverable"
@@ -38,6 +40,18 @@ properties:
   range:
   - "https://w3id.org/security#Key"
 
+- pluralName: assertionMethods
+  singularName: assertionMethod
+  singularAccessor: true
+  uri: "https://w3id.org/security#assertionMethod"
+  description: |
+    Represents this actor's public keys.  It serves as equivalent to
+    the `publicKeys` property, but is used for [FEP-521a] compliance.
+
+    [FEP-521a]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
+  range:
+  - "https://w3id.org/security#Multikey"
+
 - singularName: manuallyApprovesFollowers
   functional: true
   uri: "https://www.w3.org/ns/activitystreams#manuallyApprovesFollowers"
@@ -67,7 +81,7 @@ properties:
     followers, and a specific actor who also follows the recipient actor,
     and the server has failed to de-duplicate the recipients list.
     Such deduplication MUST be performed by comparing the `id` of the activities
-    and dropping any activities already seen. 
+    and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
 

package/esm/vocab/group.yaml

@@ -7,6 +7,8 @@ description: Represents a formal or informal collective of Actors.
 defaultContext:
 - "https://www.w3.org/ns/activitystreams"
 - "https://w3id.org/security/v1"
+- "https://www.w3.org/ns/did/v1"
+- "https://w3id.org/security/multikey/v1"
 - manuallyApprovesFollowers: "as:manuallyApprovesFollowers"
   toot: "http://joinmastodon.org/ns#"
   discoverable: "toot:discoverable"
@@ -38,6 +40,18 @@ properties:
   range:
   - "https://w3id.org/security#Key"
 
+- pluralName: assertionMethods
+  singularName: assertionMethod
+  singularAccessor: true
+  uri: "https://w3id.org/security#assertionMethod"
+  description: |
+    Represents this actor's public keys.  It serves as equivalent to
+    the `publicKeys` property, but is used for [FEP-521a] compliance.
+
+    [FEP-521a]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
+  range:
+  - "https://w3id.org/security#Multikey"
+
 - singularName: manuallyApprovesFollowers
   functional: true
   uri: "https://www.w3.org/ns/activitystreams#manuallyApprovesFollowers"
@@ -67,7 +81,7 @@ properties:
     followers, and a specific actor who also follows the recipient actor,
     and the server has failed to de-duplicate the recipients list.
     Such deduplication MUST be performed by comparing the `id` of the activities
-    and dropping any activities already seen. 
+    and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
 

package/esm/vocab/multikey.yaml

@@ -0,0 +1,33 @@
+$schema: ../codegen/schema.yaml
+name: Multikey
+uri: "https://w3id.org/security#Multikey"
+entity: true
+description: |
+  Represents a key owned by an actor according to [FEP-521a: Representing
+  actor's public keys.][1]
+
+  [1]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
+defaultContext: "https://w3id.org/security/multikey/v1"
+
+properties:
+- singularName: controller
+  functional: true
+  uri: "https://w3id.org/security#controller"
+  description: An actor who owns this key.
+  range:
+  - "https://www.w3.org/ns/activitystreams#Application"
+  - "https://www.w3.org/ns/activitystreams#Group"
+  - "https://www.w3.org/ns/activitystreams#Organization"
+  - "https://www.w3.org/ns/activitystreams#Person"
+  - "https://www.w3.org/ns/activitystreams#Service"
+
+- singularName: publicKey
+  functional: true
+  uri: "https://w3id.org/security#publicKeyMultibase"
+  description: |
+    A [Multibase]-encoded value of a [Multicodec] prefix and the key.
+
+    [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+    [Multicodec]: https://github.com/multiformats/multicodec/
+  range:
+  - "fedify:multibaseKey"

package/esm/vocab/organization.yaml

@@ -7,6 +7,8 @@ description: Represents an organization.
 defaultContext:
 - "https://www.w3.org/ns/activitystreams"
 - "https://w3id.org/security/v1"
+- "https://www.w3.org/ns/did/v1"
+- "https://w3id.org/security/multikey/v1"
 - manuallyApprovesFollowers: "as:manuallyApprovesFollowers"
   toot: "http://joinmastodon.org/ns#"
   discoverable: "toot:discoverable"
@@ -38,6 +40,18 @@ properties:
   range:
   - "https://w3id.org/security#Key"
 
+- pluralName: assertionMethods
+  singularName: assertionMethod
+  singularAccessor: true
+  uri: "https://w3id.org/security#assertionMethod"
+  description: |
+    Represents this actor's public keys.  It serves as equivalent to
+    the `publicKeys` property, but is used for [FEP-521a] compliance.
+
+    [FEP-521a]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
+  range:
+  - "https://w3id.org/security#Multikey"
+
 - singularName: manuallyApprovesFollowers
   functional: true
   uri: "https://www.w3.org/ns/activitystreams#manuallyApprovesFollowers"
@@ -67,7 +81,7 @@ properties:
     followers, and a specific actor who also follows the recipient actor,
     and the server has failed to de-duplicate the recipients list.
     Such deduplication MUST be performed by comparing the `id` of the activities
-    and dropping any activities already seen. 
+    and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
 

package/esm/vocab/person.yaml

@@ -7,6 +7,8 @@ description: Represents an individual person.
 defaultContext:
 - "https://www.w3.org/ns/activitystreams"
 - "https://w3id.org/security/v1"
+- "https://www.w3.org/ns/did/v1"
+- "https://w3id.org/security/multikey/v1"
 - manuallyApprovesFollowers: "as:manuallyApprovesFollowers"
   toot: "http://joinmastodon.org/ns#"
   discoverable: "toot:discoverable"
@@ -38,6 +40,18 @@ properties:
   range:
   - "https://w3id.org/security#Key"
 
+- pluralName: assertionMethods
+  singularName: assertionMethod
+  singularAccessor: true
+  uri: "https://w3id.org/security#assertionMethod"
+  description: |
+    Represents this actor's public keys.  It serves as equivalent to
+    the `publicKeys` property, but is used for [FEP-521a] compliance.
+
+    [FEP-521a]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
+  range:
+  - "https://w3id.org/security#Multikey"
+
 - singularName: manuallyApprovesFollowers
   functional: true
   uri: "https://www.w3.org/ns/activitystreams#manuallyApprovesFollowers"
@@ -67,7 +81,7 @@ properties:
     followers, and a specific actor who also follows the recipient actor,
     and the server has failed to de-duplicate the recipients list.
     Such deduplication MUST be performed by comparing the `id` of the activities
-    and dropping any activities already seen. 
+    and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
 

package/esm/vocab/service.yaml

@@ -7,6 +7,8 @@ description: Represents a service of any kind.
 defaultContext:
 - "https://www.w3.org/ns/activitystreams"
 - "https://w3id.org/security/v1"
+- "https://www.w3.org/ns/did/v1"
+- "https://w3id.org/security/multikey/v1"
 - manuallyApprovesFollowers: "as:manuallyApprovesFollowers"
   toot: "http://joinmastodon.org/ns#"
   discoverable: "toot:discoverable"
@@ -38,6 +40,18 @@ properties:
   range:
   - "https://w3id.org/security#Key"
 
+- pluralName: assertionMethods
+  singularName: assertionMethod
+  singularAccessor: true
+  uri: "https://w3id.org/security#assertionMethod"
+  description: |
+    Represents this actor's public keys.  It serves as equivalent to
+    the `publicKeys` property, but is used for [FEP-521a] compliance.
+
+    [FEP-521a]: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md
+  range:
+  - "https://w3id.org/security#Multikey"
+
 - singularName: manuallyApprovesFollowers
   functional: true
   uri: "https://www.w3.org/ns/activitystreams#manuallyApprovesFollowers"
@@ -67,7 +81,7 @@ properties:
     followers, and a specific actor who also follows the recipient actor,
     and the server has failed to de-duplicate the recipients list.
     Such deduplication MUST be performed by comparing the `id` of the activities
-    and dropping any activities already seen. 
+    and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"