Federation
Federation is how Made Open connects people across independently-operated hubs while preserving data sovereignty. No central server. No corporate intermediary. Your hub speaks to other hubs directly using open standards.
Federation requires the identity foundations (DIDs, Verifiable Credentials) from the Credential Wallet, but the full federation stack — ActivityPub, DIDComm, and cross-hub discovery — is a later capability.
The Four-Layer Stack
| Layer | Technology | Purpose |
|---|---|---|
| Identity | DIDs (Decentralized Identifiers) | Self-sovereign, portable identity — no username/password system owns you |
| Transport | DIDComm | Encrypted, authenticated peer-to-peer messaging between any two DID owners |
| Social | ActivityPub | Federated social graph — follows, posts, reactions, inbox/outbox |
| Application | Custom Vocabularies | Domain-specific extensions: governance proposals, resource offers, marketplace listings |
Self-Sovereign Identity (SSI)
Every user on Made Open has a DID — a cryptographic identifier they own, not one issued by a platform.
did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK
▲ ▲
│ │
│ └─ Public key (ed25519)
└─ DID method (key = self-contained, no registry needed)
DID Methods
| Method | When Used | Notes |
|---|---|---|
did:key | Quick start, no blockchain | Derived from keypair; portable |
did:web | Hub-hosted identity | did:web:alice.made-open.io — resolved from hub's .well-known/did.json |
did:ion (or similar) | Long-term anchoring (aspirational) | Anchored to Bitcoin for tamper-proof resolution. Not yet implemented — DIDService currently supports did:key and did:web only. |
DID Document
Every DID resolves to a DID Document declaring the owner's public keys and service endpoints:
{
"@context": "https://www.w3.org/ns/did/v1",
"id": "did:web:alice.made-open.io",
"verificationMethod": [{
"id": "did:web:alice.made-open.io#key-1",
"type": "Ed25519VerificationKey2020",
"controller": "did:web:alice.made-open.io",
"publicKeyMultibase": "z6MkhaXgBZDv..."
}],
"service": [{
"id": "did:web:alice.made-open.io#hub",
"type": "MadeOpenHub",
"serviceEndpoint": "https://alice.made-open.io/api"
}, {
"id": "did:web:alice.made-open.io#didcomm",
"type": "DIDCommMessaging",
"serviceEndpoint": "https://alice.made-open.io/didcomm"
}]
}
Verifiable Credentials
A Verifiable Credential (VC) is a cryptographically signed statement made by one party about another. It's the W3C standard for portable, tamper-proof claims.
How Made Open Uses VCs
| VC Use Case | Issuer | Subject | Claim |
|---|---|---|---|
| Consent grant | User's hub | Plugin/service | "I authorize this plugin to read my contacts" |
| Credential wallet item | External service | User | "This user has a valid Twilio account" |
| Reputation score | Peer / community | User | "This person completed 12 exchanges successfully" |
| Capability proof | User's hub | User | "This user has an active MS Graph token" |
VC Structure
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"type": ["VerifiableCredential", "ConsentGrant"],
"issuer": "did:web:alice.made-open.io",
"issuanceDate": "2026-01-01T12:00:00Z",
"credentialSubject": {
"id": "did:key:plugin-com-microsoft-graph",
"permission": "data:read:persons",
"grantedFor": "90days"
},
"proof": {
"type": "Ed25519Signature2020",
"verificationMethod": "did:web:alice.made-open.io#key-1",
"proofValue": "..."
}
}
DIDComm Messaging
DIDComm is the transport layer for secure peer-to-peer communication between any two DIDs. It provides:
- End-to-end encryption (X25519 key agreement)
- Mutual authentication (both parties prove ownership of their DID)
- Transport-agnostic — works over HTTPS, WebSockets, Bluetooth, QR codes
- No central server required — messages route directly between hubs
Use Cases
Alice's hub Bob's hub
│ │
│ DIDComm: "I'd like to connect with you" │
│─────────────────────────────────────────────►│
│ │
│ DIDComm: "Connection accepted, here's │
│ my hub endpoint" │
│◄─────────────────────────────────────────────│
│ │
│ ActivityPub: Follow request │
│─────────────────────────────────────────────►│
│ │
│ ActivityPub: Follow accepted │
│◄─────────────────────────────────────────────│
ActivityPub
ActivityPub is the W3C protocol powering the Fediverse (Mastodon, Pixelfed, etc.). Each Made Open hub runs an ActivityPub server, making users first-class citizens of the federated social web.
Actor Model
Each user's hub exposes an ActivityPub Actor:
{
"@context": "https://www.w3.org/ns/activitystreams",
"type": "Person",
"id": "https://alice.made-open.io/ap/actors/alice",
"preferredUsername": "alice",
"inbox": "https://alice.made-open.io/ap/inbox",
"outbox": "https://alice.made-open.io/ap/outbox",
"followers": "https://alice.made-open.io/ap/followers",
"following": "https://alice.made-open.io/ap/following",
"publicKey": {
"id": "https://alice.made-open.io/ap/actors/alice#main-key",
"owner": "https://alice.made-open.io/ap/actors/alice",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\n..."
}
}
Activities
The hub publishes and receives standard ActivityPub activities:
| Activity | Direction | Meaning |
|---|---|---|
Follow | Out | Alice wants to follow Bob |
Accept{Follow} | In | Bob accepts Alice's follow |
Create{Note} | Out | Alice posts a status update |
Create{Offer} | Out | Alice offers a resource (see marketplace.md) |
Create{Proposal} | Out | Alice creates a governance proposal (see governance.md) |
Like | Both | Endorsement |
Announce | Both | Reshare/boost |
Interoperability
Because the hub speaks standard ActivityPub, Made Open users can:
- Follow and be followed by Mastodon users
- Read their timeline alongside Mastodon posts
- Post updates visible to Mastodon followers
- Interact with any ActivityPub-compatible platform
Federation Service
The Federation Service manages all cross-hub communication:
interface FederationService {
// DIDComm
sendDIDCommMessage(recipientDid: string, message: DIDCommMessage): Promise<void>;
receiveDIDCommMessage(message: DIDCommMessage): Promise<void>;
// ActivityPub
publishActivity(activity: Activity): Promise<void>;
receiveActivity(activity: Activity): Promise<void>;
resolveActor(actorUrl: string): Promise<APActor>;
// DID resolution
resolveDID(did: string): Promise<DIDDocument>;
// VC operations
issueCredential(subject: string, claims: object): Promise<VerifiableCredential>;
verifyCredential(vc: VerifiableCredential): Promise<boolean>;
presentCredential(vc: VerifiableCredential, challenge: string): Promise<VP>;
}
Resource Coordination
Made Open enables decentralized resource exchange — sharing skills, goods, time, and knowledge between users across hubs without a marketplace platform taking a cut.
Declaration Types
{
"type": "Offer",
"subject": {
"type": "Skill",
"description": "React component development",
"availability": "weekends",
"exchange": "reciprocal_skill or donation"
}
}
{
"type": "Need",
"subject": {
"type": "Service",
"description": "Help moving furniture",
"timeframe": "next_month"
}
}
Matching
The decentralized matching engine compares Offers and Needs published via ActivityPub across the network. Matching is local (each hub runs its own engine); discoveries are surfaced to the user.
Governance Layer
Communities of Made Open users can form self-governing groups with formal decision-making structures:
| Feature | Implementation |
|---|---|
| Voting systems | Simple majority, supermajority, quadratic, consensus |
| Liquid democracy | Delegate your vote to a trusted member |
| Proposal lifecycle | Create → Discuss → Vote → Execute |
| Execution | Accepted proposals trigger workflows on member hubs |
Capability Rollout
| Capability Area | What Ships |
|---|---|
| Identity foundations | did:key generation at account creation; VC framework for credential wallet; Supabase Auth as interim identity |
| Hub-hosted identity | did:web hosted on user's hub; W3C VC-based consent grants |
| Full federation | Federation Service; ActivityPub server; DIDComm transport; cross-hub contact discovery |
| Marketplace federation | Resource Coordination System; Marketplace on ActivityPub; reputation VCs |
| Governance | Community DAOs; smart contract integration for escrow |