I think you are off the mark and reposted an article explaining how the spec should be interpreted [0].
If the spec had added auth, authz, e2ee and such, then it had been overengineered. They were left out intentionally because of the complexity involved in decentralized environments. Something a bunch of other specs-in-the-making are struggling with for years. And things that may be adopted in vNext versions of AP.
There is nothing as far as I know that precludes AP from being used in pure p2p applications, other than that p2p software in general knows more challenges than federated ones.
And the spec is written such that any dev can treat the message format as plain JSON. They only need to add a fixed @context property, so it can be processed as JSON-LD by those who want to use the additional power that offers.
If the spec had added auth, authz, e2ee and such, then it had been overengineered. They were left out intentionally because of the complexity involved in decentralized environments. Something a bunch of other specs-in-the-making are struggling with for years. And things that may be adopted in vNext versions of AP.
There is nothing as far as I know that precludes AP from being used in pure p2p applications, other than that p2p software in general knows more challenges than federated ones.
And the spec is written such that any dev can treat the message format as plain JSON. They only need to add a fixed @context property, so it can be processed as JSON-LD by those who want to use the additional power that offers.
[0] https://news.ycombinator.com/item?id=23857644