Semantics of Add and Remove

The S2S spec says:

Upon receipt of an Add activity into the inbox, the server SHOULD add the object to the collection specified in the target property, unless:

  • the target is not owned by the receiving server, and thus they can’t update it.
  • the object is not allowed to be added to the target collection for some other reason, at the receiver’s discretion.

OK, this is straightforward.

But what are the semantics of that: The vocabulary states:

Indicates that the actor has added the object to the target.

So, the actor in control here is at the sending server, and they want to add something to a collection (the target). The ActivityPub now says that they can do that for collections under the control of the receiving server, so an actor on server A controls addition of an object to a collection owned by server B here.

To me, that makes no sense – server A should only inform me of additions of objects to collections owned by server A itself., or not?

Of course, that qualifies as “not allowed for some other reason”, but I still wonder what the intention of the spec with the first bullet point is.

there’s no reason an object/collection on one server can’t be owned by a user on a different server.

say owns or is allowed to manage a collection social.example/collections/friends-of-alice. this is happening across servers. can send an Add activity to the appropriate inbox on social.example and then social.example will validate that this is an allowed action. hence the “at the receiver’s discretion” bit in the 2nd bullet point.

But the vocabulary does not have any means to link owners with collections, or am I missing something?

Yes, I can locally extend that. My question is: Is there anything in the core spec where this would apply?

in practice, ownership is currently determined by attributedTo; there is no real “rich permission system” beyond a simple check for that property/array.

OK, I missed nothing, then. Thanks!