Comment on Is the Fediverse stalling?
muntedcrocodile@hilariouschaos.com 2 days agoOidc is the protocol by which auth can happen its the evolution of oauth. U need to build some kind of decentralised ledger then u set up a server that checks that ledger against the user provided auth then u simply make this server have an oidc endpoint allowing it to be plug and play with existing fediverse services.
rglullis@communick.news 2 days ago
My point is: if you have a ledger that the user controls and can use to redirect to different auth endpoints, then you don’t need oauth. You just use the record in the ledger as the authentication mechanism directly.
muntedcrocodile@hilariouschaos.com 2 days ago
Yeah exactly. But instead of having to implement that auth process in every different fediverse service in however many different languages u simply write it once with an oidc endpoint and all fediverse services can run it as a container in their stack. It makes implementing such auth system a simple config change and updating a docker compose to add a new service.
rglullis@communick.news 2 days ago
It looks like we are talking past one-another.
What I am trying to say is that “getting the user to complete a login” is not the novel part that is missing. What we are missing is a way for the user to have control over their actor ID, so that they use the same id regardless of what user that id is delegated to.
So, unless I am misunderstanding you, what you are proposing is an OIDC provider which could be used to authenticate on any other service. That’s good, but it doesn’t solve the problem that if we had an unified OIDC provider without a DID, all of the actor ids would end up dependent on the OIDC provider.
muntedcrocodile@hilariouschaos.com 2 days ago
Ahh I see what ur saying now. Yeah the actor id is hard as it needs to be an actual dereferenceable uri as actors need an inbox and outbox of activities.
I don’t think u can maintain cross instance actor ids. The only issue I see with having multiple actor ids for the same user is that they will have their content and profile split across multiple instances.
I guess u could have a meta id that dereferences to all ur actor ids?