this post was submitted on 08 Jul 2023
250 points (93.4% liked)

Fediverse

28496 readers
545 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 

Why can’t we have federated identity to login into fediverse instead of creating login for each instance?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 1 year ago (1 children)

So, anyone can spin up a Lemmy website. They're all independent sites, with independent and unaffiliated admins.

In order to sign in to a website with a given set of credentials, that website needs to know something about those credentials. Importantly, they need to know something about your password.

And that's a security nightmare that no user should be ok with.

Now, there are single sign-on (SSO) possibilities, but for them to be universally accessible across the Fediverse, you either need to impose them on 20,000 admins across two dozen software implementations, or you need them all to a) agree to support SSO, and b) agree to support the same SSO options.

Despite the fact that most of these websites look the same, they're all completely different websites, and while they can be treated, on first glance, as having the same content, they're very different places run by very different people. They can't be treated like a singular entity.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (2 children)

Now, there are single sign-on (SSO) possibilities, but for them to be universally accessible across the Fediverse, you either need to impose them on 20,000 admins across two dozen software implementations, or you need them all to a) agree to support SSO, and b) agree to support the same SSO options.

Yeah, this is the real crux of the issue and is a large unsolved problem. We simply have no standardized system for decentralized identity verification.

SSO works as a way of maintaining identity across the fediverse, but that's not really federating identity so much as it's getting all instance to offload identity verification to various central services.

I believe I heard Microsoft had a research project in the area of decentralized identity verification but I don't know if it went anywhere or how suitable it would be.

[–] [email protected] 3 points 1 year ago (1 children)

@masterspace @mango_master @Kichae

The matter of fact is , just in simple terms for SSO to work, every fediverse implementation has to agree on a standard for federated authentication.
Maybe, I’m just not seeing the issues or don’t really grasp fediverse and it’s implementations yet.

My idea, every fediverse instance is unique (no matter the implementation, i.e. mastodon, lemmy, pixelfed,…).

[–] [email protected] 2 points 1 year ago

@masterspace @mango_master @Kichae

If that’s given, every entity (@‘person, @‘community, …) on each instance is unique.
Therefore, there can never be a duplicate identity = <entity>@<instance.domain>
Which allows the general assumption (all implementations adhere to the standard) each instance (homing instance, where the user is based) can verify the every identity within it’s domain.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

But do we need some kind of SSO layer with DID verification? All I need to prove my identity anywhere, technically, is my private+public keypair. As long as I hold on to this keypair, distribute it between apps/computers, back it up, I could log in anywhere on a federated platform and use it.

I hope we're going to see key-based decentralized identity on ActivityPub at some point... Having accounts tied to instances is just not very robust or scalable.