this post was submitted on 08 Jul 2023
153 points (100.0% liked)

Fediverse

26737 readers
25 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
ruud@lemmy.world
TragicNotCute@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
automodbeta@lemmy.world
antik@lemmy.world
153
why can't we have federated identity ? (lemmy.world)
submitted 1 year ago by mango_master@lemmy.world to c/fediverse@lemmy.world
135 comments fedilink hide all child comments
 

Why can’t we have federated identity to login into fediverse instead of creating login for each instance?

you are viewing a single comment's thread
view the rest of the comments
[–] Kichae@kbin.social 3 points 1 year ago (1 children)

So, anyone can spin up a Lemmy website. They're all independent sites, with independent and unaffiliated admins.

In order to sign in to a website with a given set of credentials, that website needs to know something about those credentials. Importantly, they need to know something about your password.

And that's a security nightmare that no user should be ok with.

Now, there are single sign-on (SSO) possibilities, but for them to be universally accessible across the Fediverse, you either need to impose them on 20,000 admins across two dozen software implementations, or you need them all to a) agree to support SSO, and b) agree to support the same SSO options.

Despite the fact that most of these websites look the same, they're all completely different websites, and while they can be treated, on first glance, as having the same content, they're very different places run by very different people. They can't be treated like a singular entity.

[–] masterspace@kbin.social 1 points 1 year ago (1 children)

Now, there are single sign-on (SSO) possibilities, but for them to be universally accessible across the Fediverse, you either need to impose them on 20,000 admins across two dozen software implementations, or you need them all to a) agree to support SSO, and b) agree to support the same SSO options.

Yeah, this is the real crux of the issue and is a large unsolved problem. We simply have no standardized system for decentralized identity verification.

SSO works as a way of maintaining identity across the fediverse, but that's not really federating identity so much as it's getting all instance to offload identity verification to various central services.

I believe I heard Microsoft had a research project in the area of decentralized identity verification but I don't know if it went anywhere or how suitable it would be.

[–] thejoker8814@mastodon.social 2 points 1 year ago (1 children)

@masterspace @mango_master @Kichae

The matter of fact is , just in simple terms for SSO to work, every fediverse implementation has to agree on a standard for federated authentication.
Maybe, I’m just not seeing the issues or don’t really grasp fediverse and it’s implementations yet.

My idea, every fediverse instance is unique (no matter the implementation, i.e. mastodon, lemmy, pixelfed,…).

[–] thejoker8814@mastodon.social 1 points 1 year ago

@masterspace @mango_master @Kichae

If that’s given, every entity (@‘person, @‘community, …) on each instance is unique.
Therefore, there can never be a duplicate identity = <entity>@<instance.domain>
Which allows the general assumption (all implementations adhere to the standard) each instance (homing instance, where the user is based) can verify the every identity within it’s domain.