52
Indie social sign-in could go mainstream (blog.erlend.sh)
submitted 1 week ago by [email protected] to c/[email protected]
11 comments fedilink hide all child comments

Back in June I wrote about an exciting confluence of digital auth tech:

(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream

#opensource #indieweb #identity

https://writing.exchange/@erlend/113091679196090320

top 11 comments
sorted by: hot top controversial new old
[-] [email protected] 9 points 1 week ago

I'm not going to pretend I grasp the technological details of either Weird or the Leaf protocol, but the basic concept of superpowering the personal website as identity provider is very attractive — and the passion of your writing is infectious 🙂 I hope to someday reach a lightbulb moment with your work and just implement it on my own site.

[-] [email protected] 7 points 1 week ago

Are the people who invented this aware of NOSTR?
If so, what makes this different? And if not, perhaps we could use NOSTR to bridge the gap in the fediverse at the moment between NOSTR users and Mastodon/Pixelfed/Lemmy/KBIN/MBIN users

I started forking Lemmy for an inventory system but then realized that NOSTR was far more suited to that and other applications that require security and encryption.

https://nostr.org

[-] [email protected] 7 points 1 week ago

i thought nostr was just where all the trolls are going because they can truly be anonymous shitheads.

am i wrong in thinking nostr has massive moderation issues that far exceed even what lemmy is going through?

[-] [email protected] 7 points 1 week ago

Perhaps. I tend to listen to Snowden when it comes to tech. But I haven’t used it yet because all of the implementations I could use involved a bitcoin wallet. I’m a fan of crypto but that felt weird.

Someone else reassured me that NOSTR is a very open platform and that requirement wasn’t true.

From my research, I have found it to be far more decentralized than Lemmy’s (and the pub/sub) federated model, which would also, obviously have the same drawbacks that we see in other truly decentralized tech like crypto, torrents, and tor where you are on your own in the world, forced to literally keep the ocean of shit from infecting you! 😉

So, I think of those things as necessary evils. For example, if I used NOSTR, I could have an address that follows me no matter what. That cryptographic hash is my NOSTR identity for better or worse. That’s pretty powerful and far more secure than a two step verification process in the long run.

I don’t know enough about it yet. But I’d say it is a raw technology that I wouldn’t allow the criminals and trolls of the world define for me.

[-] [email protected] 4 points 1 week ago

yeah, ive read from some other corners nostr is really being abused by bad actors due to the same anonymity you seem to require of it.

nostr is basically not moderate-able, which is a non-starter for the rest of us who dont really give a shit about 5 9s of anonymity and are attempting to maintain communities of decent humans.

[-] [email protected] 7 points 1 week ago

“I” seem to require? No. I’m deferring to the cypherpunk manifesto which rings true over and over again.

IMO, anonymity should be able to be switched on and off at will by the user. Selective disclosure using homomorphic encryption coupled with digital identity can achieve both, IMO.

In particular, businesses require anonymity in much of their chain of custody…and I think that’s fair.

[-] [email protected] 3 points 1 week ago

I think they're working on some kind of opt-in moderation, basically blacklists you subscribe to.

[-] [email protected] 2 points 1 week ago

i thought nostr was just where all the trolls are going because they can truly be anonymous shitheads.

Also because blockchain, I believe? It's basically a cryptobro grapevine.

[-] [email protected] 1 points 1 week ago

Indieweb predates NOSTR I think.

[-] [email protected] 4 points 1 week ago

sign in to websites using your personal web address, without having to use your e-mail address.

What is the point of that? For convenience, email addresses are much easier to come by than is web hosting. For being securely anonymous it's also much easier to do through email — but not by so much that requiring a website rules it out, if that's the intention.

[-] [email protected] 1 points 1 week ago

That's a load-bearing "could" if I've ever seen one.

I don't really see the point of these new authentication methods. OpenID had federated authentication years ago that was actually used by a bunch of sites like stackoverflow. Native browser support is nice (as long as browser addons can be used to manage credentials) but I don't really see that big an advantage to good ol' OpenID.

OpenID died in the federated space because developers couldn't be bothered to trust anyone but Google, Facebook, and Twitter, so I'm not sure why things would change now, unless the big auth providers shut down their OAuth APIs in favour of fedcm.

this post was submitted on 06 Sep 2024
52 points (91.9% liked)

Fediverse

27805 readers
254 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]