 Alright, so I had an idea to improve onboarding further by creating a "Pixelfed Passport" service. Basically, users would be able to link Pixelfed accounts to a central passport.pixelfed.net account, and use that one account to easily log in to others. This is primarily geared towards new fediverse users who can't remember their server, allowing them to use a single email/password to access their accounts easily. Will be opt-in, open source, and auditable. Thoughts? #feedbackWanted 15 comments
 @dansup Wouldn't that then be a single point of failure? Unless, I guess, you're using something like SOLID data pods. @pieceofthepie It would be a supplementary service, users could still login the "manual" way by selecting the instance first. That way if this goes down, users still can login.  @dansup @pieceofthepie the back end AAA system this creates could have built-in resiliency and redundancy, as per DNS root nodes and the tiered system beneath it. The root nodes would need to be managed and controlled by stable, trusted orgs in the open source world. I’m thinking how public key cryptography could be useful in this… 🤔 @dansup Would be a good idea, but the feature should be toggleable for admins if they don't want that for some reason and the user should be encouraged to remember his/her login details.  @dansup I think it sounds awesome! If I were doing it, I would build it as a FedCM service. It unfortunately isn't broadly supported yet, but I would still build with it in mind so that I can easily transition later :)  @dansup imho this would be helpful across the fediverse, not just on a per service basis: one central account that can be used to login to many services. That, of course, means placing a huge amount of trust in whoever runs that federated AAA service. Is there a pre-existing open source equivalent to “login with google/apple/Facebook/etc.”?   @dansup  @dansup This is almost what I was hoping for. I'd suggest though making the auth hub it's own identity/service so that it could more easily be stood up by site builders who are looking for SSO to multiple services on the same domain, ie: I'd like to sso pixelfed.domain.tld/firefish.domain.tld/friendica.domain.tld and have something like passport.domain.tld Ideally the account itself should be portable to another auth instance as well, say someone is going offline.  |
Gregory's Server
@dansup more of a follow up question…
Are such semi-centralising hubs inevitable as tools for smoothing over the UX issues of decentralisation?
I’m personally betting yes.