@timbray@hachyderm.io thoughts on authorized fetch? ( https://docs.joinmastodon.org/admin/config/#authorized_fetch ) It seems like it shares some commonalities with your proposed step one particularly when used in combination with disallow unauthenticated access ( https://docs.joinmastodon.org/admin/config/#disallow_unauthenticated_api_access )

Of course we still have a long way to go with building on top of that for your other suggestions re: federation & data handling contracts but