Email or username:

Password:

Forgot your password?
Johannes's posts Post Back to profile
Johannes Ernst

If we were to have single-sign-on across several instances/apps in the #fediverse, what does this do to Fediverse handles?

Let's say I want #sso across a Mastodon account on masto.example and an OwnCast account on own.example. Do I pick one of those and use it at the other, so I log into OwnCast as @j12t@masto.example? Or is this simply treated as a synonym for, say, @johannes@own.example, and I could also use @johannes@own.example to log into my account at masto.example?

Obviously these are hypotheticals, no such code exists.

14 Apr 2023 at 20:40 | Open on social.coop
6 comments
Kingsley Uyi Idehen

@J12t ,

Sets up stage for understanding and appreciating the semantics associated with entity identifiers.

For instance, you ultimately end up with an entity relationship graph comprising a variety of handles that denote the same entity.

In a #SemanticWeb this is ground-zero, since relationship type semantics exist for this kind of identity reconciliation 😀

#Fediverse #LinkedData

14 Apr 2023 at 20:50 | Open on mastodon.social
ShadSterling

@J12t it may not be the right solution for the fediverse, but I think the natural way to have a portable identity is to have the definitive identifier be the public key. Then any account at a particular host amounts to an alias to that key, and signing on consists of proving that you have the corresponding private key. It would lose the convenience of having an ID that you can directly use for communication, but until communication isn’t host-specific that’s built in to portability

14 Apr 2023 at 21:02 | Open on mastodon.social
Johannes Ernst

@ShadSterling Yes, it would be nice to use a public key as the "real" identifier used by the machinery, and to use the fediverse handle(s) as essentially pet names for that key, so the user never has to "see" that key in normal usage.

The usual problem with private key management applies, of course.

14 Apr 2023 at 21:06 | Open on social.coop
Kevin Davidson

@J12t @ShadSterling I think that’s what Nostr does. Except people have no experience with or easy way to store their private key locally and securely. If your private key gets compromised there’s no support for rolling over to an alternate key or revoking keys. You’ve lost that account. The only fix is create a new one and try to tell people your new identity.

14 Apr 2023 at 21:52 | Open on mas.to
Kevin Davidson

@J12t The only way it can work now would be for you to create other accounts on eg Pixelfed, Lemmy and tell those instances to use OAuth and your Mastodon account to authenticate (perhaps using rel=me to nominate where to get authentication from). You’d need some way to regain access of your Mastodon instance disappears.
None of these services support OAuth like this. Yet.

14 Apr 2023 at 21:43 | Open on mas.to
Johannes Ernst

@MetalSamurai OAuth isn't the right protocol for this, or at least not the only thing that's needed. More like OpenID Connect. That may not be entirely right either, though.

I realize this is not "as-is" discussion, but potential "to-be"'s.

14 Apr 2023 at 21:53 | Open on social.coop
Go Up