Why can’t we have federated identity to login into fediverse instead of creating login for each instance?

  • tobier@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The whole point is to be decentralized. You can still interact with communities on other instances, so what’s the point?

  • ScaNtuRd@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Because then there would need to be a centralized entity to host all user accounts, and we don’t want centralization 'round here

    • jhulten@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      And all of the “decentralized” options are wrapped in crypto schemes and tax considerations.

    • CoderKat@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      You could do what Oauth does, allowing many providers to create credentials. That’s what some sites already use to let you login with google/Facebook/etc on their site. Except you theoretically could use any arbitrary sites you trust.

      • SQL_InjectMe@partizle.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        and then when your main instance shuts down you can’t log into any again. So what’s the benefit asides from bypassing defederation? (And this wouldn’t even be a benefit, because instances defederate because they don’t like the users, so if you let people log in with oauth from a hated instance then you’d also get defederated

        • brain_pan@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          exactly what I was thinking

          and on top of that what happens with a proven bad actor

          would they be allowed to just jump to a new instance to harrass people?

  • BJHanssen@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    The technical challenges are vast, is the long and short of it. But it’s high time there’s a good discussion over how it should (or might) work, at least the kinds of properties such a system should have.

    • Self hosting of federated credentials should be possible, but not required
    • ‘Backwards tracking’ of federated credentials should only be possible with limited requests (e.g. ‘verify author of post’) and approval of the credential owner
    • All data on the credentials instance should be properly encrypted
    • All data on credentials instance should be fully and easily portable to other instances via common protocols

    There are several issues involved here, beyond just ‘mere’ technology, that need addressing. Personally I think a good start might be to engage with public libraries here. They already keep simple identity records (library cards) and have public service purpose well-aligned with the concepts of the federation and public distribution of information and knowledge.

  • DreadTowel@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    It’d be great to support identity based on a key hash, so that it’s completely decoupled from any instances. Maybe some time in the future.

  • Muddybulldog@mylemmy.win
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    There’s a difference between a federated identify and single-sign on. Your identity /u/mango_master@lemmy.world IS federated. You don’t need to have a separate login for each instance. You can use that identity to interact with any instance much the same way I am using my federated identity to currently respond to you.

    • mtdyson_01@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I do not have the same experience. If I want to interact with a different instance then I have to login to that instance. Granted I’m very new to Lemmy but so far the apps are not quite there yet and exploring the fediverse is difficult. Searches are useless unless you know exactly what instance you need to find what you’re looking for.

  • TriStar@lemmyfly.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Please tell me you haven’t been creating accounts on every instace. You can register on one instance then use that account to interact with content and communities on all other instances.

    • mango_master@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      No, but some people are discussing about creating new logins, so I want to clarify. Thanks for the clarification.

    • Candelestine@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Some people do make this mistake, I’ve seen a thread or two asking about it after they already started. We’ll need a proper solution eventually, likely education/tutorial-based.

      • Zarxrax@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Literally every single explanation of Lemmy or fediverse that I have seen makes this really clear. I don’t understand where people would get the idea that you have to sign up to every site.

        • cerevant@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          It is really clear until a newb tries to use it:

          • Someone gives you a link, or you find it in search
          • You click on the link, because that’s what you do with links
          • It takes you to what you are looking for, but it says you have to log in to comment or vote
          • You log in so you can comment or vote

          The UX for interacting with off-instance subs is abysmal. What is even worse is that as far as I can tell, there is no way to link a post or comment that is instance relative / instance independent.

          • Zagorath@aussie.zone
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            there is no way to link a post or comment that is instance relative / instance independent

            I’m commenting mainly as a reminder to myself to check back later if someone comes in with a correction.

            That said, the answer to this in the long term should be for the front ends (Lemmy UI, Jerboa, Sync for Lemmy, etc.) to be smart about this. My Mastodon app, Megalodon, does it. If you click a link to a post in another instance, it automatically looks up the same post from your instance and takes you there. It’s a little slower (and Megalodon shows you a button to short-circuit it and just go to that URL if you don’t care to be on your instance), but it lets you interact with the post as normal.

            • cerevant@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Even at the most basic level it is broken - at the bottom of your comment is a “context” button with the fediverse symbol. If I click on it, it won’t take me to the comment on my instance (lemmy.world) but instead is an absolute link to the comment on your instance (Aussie.world) even though the community lives on lemmy.world.

              I love lemmy, and I think it has a bright future, but this fundamental problem really needs to be fixed.

      • r00ty@kbin.life
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Yes, and no. You can access lemmy and kbin instances from mastadon. But the format doesn’t work so well I think. I’m not sure how far it goes and how viable it is though. I’m not on mastadon.

        But once you have an account on one of the threadiverse instances, defederation aside the same content should be available.

    • mockingben@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      From my understanding, a current goal is to make any account transferable, in case the instance the account is attached to decides to shut down/defederate?

      If implemented, we can hope that won’t be tied to an instance shutdown.

    • nLuLukna @sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      This was thrown around a couple of weeks before the Reddit migration really kicked off, it appears to be excessively difficult to code. And it also doesn’t really fit with the system that Lemmy runs. It’s a great idea, but Ive been lead to believe that it is too difficult to create Although people do feel that account transfer would be a nice feature

    • sab@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      If your instance shuts down your posts will still be visible on the other servers that your instance was federating with. Which might raise concerns if you want to have them removed, but that’s another issue.

      On Mastodon it’s possible to move from one instance to another, taking your followers and the list of people you follow along with you and having the old account point to the new one. In the threadiverse, the most important feature would probably be to not have to manually re-subscribe to a bunch of communities. I think this moving of accounts from one instance to another will probably become standardized at some point in the future, so that you could for example move an account from Mastodon to Lemmy if you should wish. It’s probably pretty far down on the list of priorities though.

      In my opinion, the idea of a hierarchy of users as enforced on Reddit through karma is a bit obsolete. I think we’re posting and commenting out of interest in the topic or a willingness to help or entertain. If that’s the motivation, I don’t see how starting over on a different server is such a bad thing; you’re not really losing anything. We’re not here hoarding upvotes like a dragon hoards gold.

  • Seperis@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    So after twenty-something years on social media, along with mailing lists, messageboards, usenet, this is a topic I think about literally every time I have to add, change, migrate, delete my account as I migrated from platform to platform like some virtual vagabond between text-driven city-states. A virtual vagabond with no worldly goods, no name, no history, and completely invisible to all. To exist, I must apply to the City Leader, and if accepted, I get a name, a nice studio apartment, and visibility as well as contact with other humans after watching a short commercial every five or so humans. If I leave, am thrown out, or the city is burned down, I can’t take anything the city gave me with me. By ‘gave’, I mean ‘loaned’ btw; none of those things were actually mine.

    All the discussion of whether or not to federate with Threads were interesting in that in general, it’s kind of pointless. A server instance isn’t a democracy; the owner’s opinion is the only one that matters. If you don’t like it, leave. And I don’t argue their right to do so; they’re paying the bills, doing the upgrades, eating grapes with robot butlers, I don’t know their lives. Federated means anyone can run their own not-twitter or not-reddit; go for it. All you need is money, free time, and the knowledge of how to register a domain name, get, run, secure, and maintain servers, and install and configure the program, lure people in, and avoid breaking any national or international laws. Like I said: I really seriously do not argue the owner’s right to decide anything for their server. i know how to do all those things and I ran several websites and archives: I wanted a nap before installation step.

    Fediverse is a massive step in loosening the stranglehold megacorporations had on our ability to shitpost in peace and talk about our cats without feeling stalked by people wanting to sell us shit or sell our browsing habits, blood pressure, and underwear size to those who will the try to sell us deeply individualized shit; it’s the circle of life, man.

    Wow this got long but feelings.

    So at this point–two decades and change of social media, the rise and fall of social empires, so much virtual vagabonding across the virtual desert to find a new city-state…I don’t think it’s too early to consider getting around to a productive discussion of how we go about separating the individual identity from the community and define what is theirs to keep no matter where they are. If there was ever a place and time to start building a model, it’s where all the city states are allies and the individuals can interact with each other no matter what city they’re in. The account transferability in Mastodon is a really good start, but it’s not a solution, much less the solution. It’s a beginning.

    I don’t expect to have a working, finished, flawless product in six to eight weeks or six to eight months; I expect it to slide in three weeks and two days after the announcement that it’s ready for alpha testing and immediately break the first time a tester opens it; it’ll be another month before it goes into testing again. I expect it will be a weird buggy mess of wtf after months of virtual warfare and everyone will hate it before the rough draft of the design documents are even released. I expect there will be one weird guy who really thinks everything should be written in Rust because he’s insane and never sleeps. Five to eight devs will dramatically quit; one will quietly move to Utah and farm emus. None of them will be the Rust guy; you’re stuck with him. I expect the working version after testing is done will be hated by everyone and probably kind of crappy. But it will also be amazing, because as of it’s release–no matter how shitty, buggy, or how many inexplicable design choices are made–the individual exists outside of being community property and that no matter where we go or how much we pissed off that admin or if our city-state was nuked from orbit, there are things that are ours and we get to keep them.

    • astral_avocado@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I like this comment but in the end this is something most people won’t want, me included, because a decentralized identity would just mean an even better way to track and get yourself doxed for people who want to remain unknown to rulers of city states

    • Deez@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Your comment was a roller coaster of emotions. I loved it!

      • Seperis@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m a QC analyst and we are fully Agile, so I’m required to attend ever. team. meeting. Discovery, story point estimation, design spikes, any day can be poorly handled emotional regulation day and whoever’s feeling it is making it everyone’s problem when all we want is to finish a few maintenance items and maybe add a comma to some text. Though the testers have nothing to do with this after story point until there actual code migrated to one of the testing environments, we are forced to bear witness to entire dev teams made up of people from three to eight countries, whose only common language is English and as often the only native speaker, I am the only one who can’t mutter not very goddamn quietly in my native tongue that no one else understands; this may have been my motivation at one point to learn Welsh on Duolingo. A Project Manager making three times more than anyone else in the room sometimes swoops in during SCRUM two weeks into our sprint cycle to be perky at us and–on far too many occasions for this to be random–informs us the acceptance criteria had a couple of updates before swooping back out to PM something else’s life. We all hate her quietly until someone who went to check JIRA notes there are double the number of criteria and the user story is not the same in any way;. then everyone but me gets to hate her verbally with no one the wiser. I maintain bitterly grudging silence because everyone in the room speaks English, sometimes better than I do, and they have been in Texas long enough to pickup conversationally hostile Spanish. Our scrum master will either grimly pretend it’s always been this way or very blatantly not care.

        At final demo as the tester, I will perform a dramatic rendition of ‘page with comma’ and ‘title:justfication left’ or run batch scripts in terminal while they watch absolutely nothing happening and nod wisely. Half the people in attendance wears suits for a living and have never used a computer; they have secretaries for that. Two worked with my mom and are quietly judging my performance and find me lacking. One stakeholder will ask a thousand questions, five of which have any relation to what we’re doing and I am expected to answer with no discernible change in my performance. Someone is watching TV and can’t be fucked to turn down the volume. Everyone else sits in eerie silence and I might hear a snore. Every one of these people are considered qualified enough to decide if we’re did a good job and sign off on it so we can finally end the sprint and the code can be added to the next release to production. No one feels a sense of relief or satisfaction; at least one dev hasn’t slept since the PM destroyed our lives and may be clinically insane.

        Our sprints last four weeks with a prep week in between; we will experience some version of this cycle of dev hell roughly eight times a year and sometimes involving the legislature making their lack of time management all of our problem. Only one sprint will go as planned. One.

        The worst part is; despite this, knowing full well what hell is before me, I went back to college for software development of my own free will.

  • lunaticneko@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I think you should more clearly define how it would work and what features you want. Then, all the technical problems will soon surface and you will see that it is not as appealing anymore.

    How do you log in? How do you reconcile people with the same name? Which instance are you representing? There are tons of difficult questions that make the idea impractical.

    • thekinghaslost@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      For identity verification, you can just do a simple key signing, just like how Nostr does it.

      Each user will generate a public-private key pair on their own device and has all their posts (and edit/delete requests) signed using their key.

      If someone wants to delete or edit their post, the site can just verify that the request is signed with the same key.

      There’s still issue of who’s going to store the user’s follows, etc. but I think we can find a way to workaround it.

      • ttmrichter@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Once someone had a technical problem. “I know,” they said. “I’ll put it on the blockchain.” Now they have a million technical problems.