Authentication is not specified by the ActivityPub standard. In practice, the fediverse mostly uses HTTP Message Signatures provided in headers to check whether those actors are authorized to send those activities and request those objects.
Solid servers do not currently use this form of auth, though see https://solid.github.io/httpsig/
Validating HTTP signatures is therefore necessary to validate activities received from many existing fediverse servers, affecting:
Note also that this is different from signatures provided in data, e.g. https://www.w3.org/wiki/ActivityPub/Primer/Authentication_Authorization#Data_integrity_proofs_/_Linked_Data_Signatures which can be processed without access to headers.
Authentication is not specified by the ActivityPub standard. In practice, the fediverse mostly uses HTTP Message Signatures provided in headers to check whether those actors are authorized to send those activities and request those objects.
Solid servers do not currently use this form of auth, though see https://solid.github.io/httpsig/
Validating HTTP signatures is therefore necessary to validate activities received from many existing fediverse servers, affecting:
Note also that this is different from signatures provided in data, e.g. https://www.w3.org/wiki/ActivityPub/Primer/Authentication_Authorization#Data_integrity_proofs_/_Linked_Data_Signatures which can be processed without access to headers.