Comment

Comment on Implementing Portable User Identities with DIDs

muntedcrocodile@lemmy.world ⁨3⁩ ⁨days⁩ ago

So Activpub needs an actor with an I box and outbox to send a receive content. A did is a virtual actor that reroutes to a real actor a collates across real actors. Ideally can send an activity to a did which is resolved to the current home instance. And the did stores ur profile picture a public key display names bio etc etc. U could use pgp as the key in the did if the devs want to support it as a cryptography protocol.

source

Sort:hotnew top

danhab99@programming.dev ⁨3⁩ ⁨days⁩ ago

So Activpub needs an actor with an inbox and outbox to send and receive content. A did is a virtual actor that reroutes to a real actor and collects content across real actors.

Gpg public keys have a dedicated email address field. And if you don’t want to share your “real” email address then just make a new one.

And the did stores ur profile picture a public key display names bio etc etc.

Yeah that’s a pain point I experienced with Gpg armored packets, I couldn’t figure out a way to pack in a PFP. Even shrinking it to 64x64 made the public key file feel too heavy. So I just decided profile pics are out of scope and you should just use gravatar.

U could use pgp as the key in the did if the devs want to support it as a cryptography protocol. The did is also used to sign each message similar to pgp. U simply need more functionality than what pgp provides.

I 80% agree. I do wish PGP armored packets had extra fields and if that’s an RFC that could be sent to the Gnupg maintainers then gpg would be absolutely perfect but I haven’t gotten around to figuring that out. All things considered since GnuPG already exists and it’s already installable everywhere and it already works I figured I could just roll with it for userless atleast. I want to use GPG for all user authentication related concerns.

source
zalgotext@sh.itjust.works ⁨3⁩ ⁨days⁩ ago

A did is a virtual actor that reroutes to a real actor and collects content across real actors

Where is that virtual actor hosted? If it’s centralized, I feel like it defeats the purpose of user-centric identity control. If it’s user-hosted, that sounds like GPG with extra, even more inconvenient steps.

source
- muntedcrocodile@lemmy.world ⁨3⁩ ⁨days⁩ ago
  Its both. It can we a json file served from some webserver. It can be a peer hosted thing where a bunch of instances host it on your behalf. It can be something that exists on your designated identity server. It can be a transaction on a blockchain. And as long as the software knows how to resolve it they all work.
  
  source
  - zalgotext@sh.itjust.works ⁨1⁩ ⁨day⁩ ago
    Having to figure out hosting, no matter if it’s self, peer, or whatever else hosting, kinda makes this proposal DOA I think. It’s kinda using a jackhammer for a problem that’s already been solved by a screwdriver.
    
    source