why can't we have federated identity ?
why can't we have federated identity ?
Why can’t we have federated identity to login into fediverse instead of creating login for each instance?
There's a difference between a federated identify and single-sign on. Your identity /u/mango_master@lemmy.world IS federated. You don't need to have a separate login for each instance. You can use that identity to interact with any instance much the same way I am using my federated identity to currently respond to you.
You don't create a login for each server, you create a single account on a single server and then interact with people and posts on various servers. You don't login to other servers because it wasn't designed to work that way, and it isn't necessary.
Email is a good parallel. I make an email account on ProtonMail, and so that's where I log in to read and write emails (to other users, potentially on other servers). I can't use that same username and password to log into GMail, because that's a different email service provider altogether. You certainly don't need to make multiple email accounts if you don't want/need to.
So after twenty-something years on social media, along with mailing lists, messageboards, usenet, this is a topic I think about literally every time I have to add, change, migrate, delete my account as I migrated from platform to platform like some virtual vagabond between text-driven city-states. A virtual vagabond with no worldly goods, no name, no history, and completely invisible to all. To exist, I must apply to the City Leader, and if accepted, I get a name, a nice studio apartment, and visibility as well as contact with other humans after watching a short commercial every five or so humans. If I leave, am thrown out, or the city is burned down, I can't take anything the city gave me with me. By 'gave', I mean 'loaned' btw; none of those things were actually mine.
All the discussion of whether or not to federate with Threads were interesting in that in general, it's kind of pointless. A server instance isn't a democracy; the owner's opinion is the only one that matters. If you don't like it, leave. And I don't argue their right to do so; they're paying the bills, doing the upgrades, eating grapes with robot butlers, I don't know their lives. Federated means anyone can run their own not-twitter or not-reddit; go for it. All you need is money, free time, and the knowledge of how to register a domain name, get, run, secure, and maintain servers, and install and configure the program, lure people in, and avoid breaking any national or international laws. Like I said: I really seriously do not argue the owner's right to decide anything for their server. i know how to do all those things and I ran several websites and archives: I wanted a nap before installation step.
Fediverse is a massive step in loosening the stranglehold megacorporations had on our ability to shitpost in peace and talk about our cats without feeling stalked by people wanting to sell us shit or sell our browsing habits, blood pressure, and underwear size to those who will the try to sell us deeply individualized shit; it's the circle of life, man.
Wow this got long but feelings.
So at this point--two decades and change of social media, the rise and fall of social empires, so much virtual vagabonding across the virtual desert to find a new city-state....I don't think it's too early to consider getting around to a productive discussion of how we go about separating the individual identity from the community and define what is theirs to keep no matter where they are. If there was ever a place and time to start building a model, it's where all the city states are allies and the individuals can interact with each other no matter what city they're in. The account transferability in Mastodon is a really good start, but it's not a solution, much less the solution. It's a beginning.
I don't expect to have a working, finished, flawless product in six to eight weeks or six to eight months; I expect it to slide in three weeks and two days after the announcement that it's ready for alpha testing and immediately break the first time a tester opens it; it'll be another month before it goes into testing again. I expect it will be a weird buggy mess of wtf after months of virtual warfare and everyone will hate it before the rough draft of the design documents are even released. I expect there will be one weird guy who really thinks everything should be written in Rust because he's insane and never sleeps. Five to eight devs will dramatically quit; one will quietly move to Utah and farm emus. None of them will be the Rust guy; you're stuck with him. I expect the working version after testing is done will be hated by everyone and probably kind of crappy. But it will also be amazing, because as of it's release--no matter how shitty, buggy, or how many inexplicable design choices are made--the individual exists outside of being community property and that no matter where we go or how much we pissed off that admin or if our city-state was nuked from orbit, there are things that are ours and we get to keep them.
The technical challenges are vast, is the long and short of it. But it's high time there's a good discussion over how it should (or might) work, at least the kinds of properties such a system should have.
- Self hosting of federated credentials should be possible, but not required
- 'Backwards tracking' of federated credentials should only be possible with limited requests (e.g. 'verify author of post') and approval of the credential owner
- All data on the credentials instance should be properly encrypted
- All data on credentials instance should be fully and easily portable to other instances via common protocols
There are several issues involved here, beyond just 'mere' technology, that need addressing. Personally I think a good start might be to engage with public libraries here. They already keep simple identity records (library cards) and have public service purpose well-aligned with the concepts of the federation and public distribution of information and knowledge.
So, anyone can spin up a Lemmy website. They're all independent sites, with independent and unaffiliated admins.
In order to sign in to a website with a given set of credentials, that website needs to know something about those credentials. Importantly, they need to know something about your password.
And that's a security nightmare that no user should be ok with.
Now, there are single sign-on (SSO) possibilities, but for them to be universally accessible across the Fediverse, you either need to impose them on 20,000 admins across two dozen software implementations, or you need them all to a) agree to support SSO, and b) agree to support the same SSO options.
Despite the fact that most of these websites look the same, they're all completely different websites, and while they can be treated, on first glance, as having the same content, they're very different places run by very different people. They can't be treated like a singular entity.
This would require either a central authority for registering and managing the identities, or the path of distributed ledger, where identity is confirmed with digital signatures when transacting - the second option is what crypto is. Some type of Blockchain tech could service it but all crypto related technology is buried in bad optics right now due to the current state of it being a big mouse trap setup by venture capital to squeeze money out of people without the protections of regulation afforded by their centralized identity management (which is run by the native government that the users are a citizen of.)
The whole point is to be decentralized. You can still interact with communities on other instances, so what's the point?
I think this will ultimately be solved by 3rd party clients.
There are tons of mobile apps in the pipeline and some already released. I just got set up with Memmy a couple days ago and it already makes things a bit easier; a step in the right direction.
On desktop I imagine browser plugins helping to tie the experience a bit more together. Hopefully the vanilla UI can also deal with cross-instance behaviour down the road.
Let's adopt the irc model: any user id for anyone :P
I think you should more clearly define how it would work and what features you want. Then, all the technical problems will soon surface and you will see that it is not as appealing anymore.
How do you log in? How do you reconcile people with the same name? Which instance are you representing? There are tons of difficult questions that make the idea impractical.
This explains the fediverse with some examples of different instances
https://socialhub.activitypub.rocks/t/introduction-to-activitypub/508
Cause it's decentralised. Which is good.
Permanently Deleted