Why can’t we have federated identity to login into fediverse instead of creating login for each instance?

  • masterspace
    link
    fedilink
    2
    edit-2
    1 year ago

    Now, there are single sign-on (SSO) possibilities, but for them to be universally accessible across the Fediverse, you either need to impose them on 20,000 admins across two dozen software implementations, or you need them all to a) agree to support SSO, and b) agree to support the same SSO options.

    Yeah, this is the real crux of the issue and is a large unsolved problem. We simply have no standardized system for decentralized identity verification.

    SSO works as a way of maintaining identity across the fediverse, but that’s not really federating identity so much as it’s getting all instance to offload identity verification to various central services.

    I believe I heard Microsoft had a research project in the area of decentralized identity verification but I don’t know if it went anywhere or how suitable it would be.

    • theJoker8814
      link
      fedilink
      31 year ago

      @masterspace @mango_master @Kichae

      The matter of fact is , just in simple terms for SSO to work, every fediverse implementation has to agree on a standard for federated authentication.
      Maybe, I’m just not seeing the issues or don’t really grasp fediverse and it’s implementations yet.

      My idea, every fediverse instance is unique (no matter the implementation, i.e. mastodon, lemmy, pixelfed,…).

      • theJoker8814
        link
        fedilink
        21 year ago

        @masterspace @mango_master @Kichae

        If that’s given, every entity (@‘person, @‘community, …) on each instance is unique.
        Therefore, there can never be a duplicate identity = <entity>@<instance.domain>
        Which allows the general assumption (all implementations adhere to the standard) each instance (homing instance, where the user is based) can verify the every identity within it’s domain.

    • anji
      link
      fedilink
      1
      edit-2
      1 year ago

      But do we need some kind of SSO layer with DID verification? All I need to prove my identity anywhere, technically, is my private+public keypair. As long as I hold on to this keypair, distribute it between apps/computers, back it up, I could log in anywhere on a federated platform and use it.

      I hope we’re going to see key-based decentralized identity on ActivityPub at some point… Having accounts tied to instances is just not very robust or scalable.