Skip to content

Federation policy

Status: placeholder. This guide will be written before launch.

The hardest social judgment in this section. Federation is by default open — your instance will accept activity from any other Pavillion or other ActivityPub event platform that asks. Most admins want some control over that. The shape of the control is a choice, and the consequences of getting it wrong cut both ways.

Planned scope

  • The two postures: blocklist (open-by-default, refuse specific instances by name) and allowlist (closed-by-default, accept only specific instances by name). Hybrid postures and when they make sense
  • When a blocklist is the right call: most community instances, most regional instances, anywhere "we federate with the network and handle bad actors by exception"
  • When an allowlist is the right call: org-internal instances that federate only with sister instances, high-risk or sensitive communities, instances that want a curated network experience
  • The mechanics: where the lists live, what blocking actually does (refuses inbound activities, doesn't send outbound, displays accordingly), how to add and remove entries
  • Inbound and outbound asymmetry — you can refuse to accept from somewhere and they can still receive from you, unless you also stop publishing federated copies of public events
  • The conversation that comes up sooner than you expect: another admin asks you to defederate from a third instance. How to handle it without becoming a clearinghouse. What to ask them, what counts as evidence, what isn't your job to evaluate
  • Documenting your policy publicly. A "who we federate with and why" page does more for trust than a long CoC does