this post was submitted on 21 Jun 2023
7 points (100.0% liked)

Fediverse

30277 readers
662 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
ruud
Xylinna
MrCenny
TragicNotCute
automodbeta
woelkchen
7
Federated identity and integration thoughts (kbin.social)
submitted 2 years ago by [email protected] to c/fediverse
8 comments fedilink hide all child comments
 

So an earlier post got me musing idly on the topic of integration between multiple federated services. Wouldn't it be nice to be able to integrate video hosting, discussions, microblogs, image sharing, and so on in beautiful seamless glory! Post a pic in Lemmy, it's automatically added to your Pixelfed album; upload a song to your NextCloud and people can see it in your funkwhale profile. That kind of thing.

One of the things that I figure will be useful reach that goal, I figure, is a form of federated identity management. Linking accounts can be done, but there would be a lot of advantages to having one account that knows where the different services you subscribe to are located, allowing the integration to happen seamlessly in the background.

And looking around, I see that it already exists as a concept, but I can't seem to find anyone discussing or implementing it in the Fediverse. For something that would solve a lot of problems, including decentralized (and self-controlled) identification, SSO, and account migration, it seems like something that everyone would be jumping on.

Am I missing something?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 2 years ago (2 children)

It can be done with cryptographic signatures, like MetaMask login. But currently only crypto universe is doing that.

That way you wouldn't store login details on any server and the posts could be signed with your key, so editing them by instance admin would be practically impossible.

I think there already is such a social media website, but it's probably less popular than Mastodon/Lemmy.

[–] pca006132 2 points 2 years ago

I guess it is probably hard to expect users to be able to maintain their own keys. Idk, maybe there can be external identity services that helps users to store their keys, but mature users can just maintain their keys on their own? To avoid single point of failure, the key can be split into multiple parts so single compromised authority will not lead to account compromise... idk, just daydreaming.

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago) (1 children)

Data signing is something I hadn't thought of. I was envisioning something simpler, like individual authentication servers. It would then be up to each content server to appropriately tag each entry. Each organization (or individual if they want) would have an authentication server that verifies identity. Throw in some OAuth so each organization can control how the user is identified, and I think it could work.

I can see the advantages of signing, though. Instance admins could pull a Spez, nor create posts in your name, and you can verify content ownership. There's nothing that says a public key can't be part of the authentication package. Drop in a LetsEncrypt integration and we have a solution.

That just seems like another reason to adopt it, to me.

[–] [email protected] 1 points 2 years ago

MetaMask crypto signatures are actually easier to implement than federated OAuth. Only downside I see is necessity of installing crypto wallet.

I think OpenID is what you want. But at the moment it's yet more difficult than the previous solution.