Comment on Is the Fediverse stalling?
rglullis@communick.news 3 days agoOIDC gives you federated login, but no portable identity…
Comment on Is the Fediverse stalling?
rglullis@communick.news 3 days agoOIDC gives you federated login, but no portable identity…
muntedcrocodile@hilariouschaos.com 3 days ago
Oidc is the protocol by which auth can happen its the evolution of oauth. U need to build some kind of decentralised ledger then u set up a server that checks that ledger against the user provided auth then u simply make this server have an oidc endpoint allowing it to be plug and play with existing fediverse services.
rglullis@communick.news 3 days ago
My point is: if you have a ledger that the user controls and can use to redirect to different auth endpoints, then you don’t need oauth. You just use the record in the ledger as the authentication mechanism directly.
muntedcrocodile@hilariouschaos.com 3 days ago
Yeah exactly. But instead of having to implement that auth process in every different fediverse service in however many different languages u simply write it once with an oidc endpoint and all fediverse services can run it as a container in their stack. It makes implementing such auth system a simple config change and updating a docker compose to add a new service.
rglullis@communick.news 3 days ago
It looks like we are talking past one-another.
What I am trying to say is that “getting the user to complete a login” is not the novel part that is missing. What we are missing is a way for the user to have control over their actor ID, so that they use the same id regardless of what user that id is delegated to.
So, unless I am misunderstanding you, what you are proposing is an OIDC provider which could be used to authenticate on any other service. That’s good, but it doesn’t solve the problem that if we had an unified OIDC provider without a DID, all of the actor ids would end up dependent on the OIDC provider.