Back in June I wrote about an exciting confluence of digital auth tech:

(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream

#opensource #indieweb #identity

https://writing.exchange/@erlend/113091679196090320

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    That’s a load-bearing “could” if I’ve ever seen one.

    I don’t really see the point of these new authentication methods. OpenID had federated authentication years ago that was actually used by a bunch of sites like stackoverflow. Native browser support is nice (as long as browser addons can be used to manage credentials) but I don’t really see that big an advantage to good ol’ OpenID.

    OpenID died in the federated space because developers couldn’t be bothered to trust anyone but Google, Facebook, and Twitter, so I’m not sure why things would change now, unless the big auth providers shut down their OAuth APIs in favour of fedcm.

  • demesisx@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Are the people who invented this aware of NOSTR?
    If so, what makes this different? And if not, perhaps we could use NOSTR to bridge the gap in the fediverse at the moment between NOSTR users and Mastodon/Pixelfed/Lemmy/KBIN/MBIN users

    I started forking Lemmy for an inventory system but then realized that NOSTR was far more suited to that and other applications that require security and encryption.

    https://nostr.org

    • originalucifer@moist.catsweat.com
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      i thought nostr was just where all the trolls are going because they can truly be anonymous shitheads.

      am i wrong in thinking nostr has massive moderation issues that far exceed even what lemmy is going through?

      • RobotToaster@mander.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I think they’re working on some kind of opt-in moderation, basically blacklists you subscribe to.

      • demesisx@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Perhaps. I tend to listen to Snowden when it comes to tech. But I haven’t used it yet because all of the implementations I could use involved a bitcoin wallet. I’m a fan of crypto but that felt weird.

        Someone else reassured me that NOSTR is a very open platform and that requirement wasn’t true.

        From my research, I have found it to be far more decentralized than Lemmy’s (and the pub/sub) federated model, which would also, obviously have the same drawbacks that we see in other truly decentralized tech like crypto, torrents, and tor where you are on your own in the world, forced to literally keep the ocean of shit from infecting you! 😉

        So, I think of those things as necessary evils. For example, if I used NOSTR, I could have an address that follows me no matter what. That cryptographic hash is my NOSTR identity for better or worse. That’s pretty powerful and far more secure than a two step verification process in the long run.

        I don’t know enough about it yet. But I’d say it is a raw technology that I wouldn’t allow the criminals and trolls of the world define for me.

        • originalucifer@moist.catsweat.com
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          yeah, ive read from some other corners nostr is really being abused by bad actors due to the same anonymity you seem to require of it.

          nostr is basically not moderate-able, which is a non-starter for the rest of us who dont really give a shit about 5 9s of anonymity and are attempting to maintain communities of decent humans.

          • demesisx@infosec.pub
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            “I” seem to require? No. I’m deferring to the cypherpunk manifesto which rings true over and over again.

            IMO, anonymity should be able to be switched on and off at will by the user. Selective disclosure using homomorphic encryption coupled with digital identity can achieve both, IMO.

            In particular, businesses require anonymity in much of their chain of custody…and I think that’s fair.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        i thought nostr was just where all the trolls are going because they can truly be anonymous shitheads.

        Also because blockchain, I believe? It’s basically a cryptobro grapevine.

  • kbal@fedia.io
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    sign in to websites using your personal web address, without having to use your e-mail address.

    What is the point of that? For convenience, email addresses are much easier to come by than is web hosting. For being securely anonymous it’s also much easier to do through email — but not by so much that requiring a website rules it out, if that’s the intention.

  • Handles@leminal.space
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I’m not going to pretend I grasp the technological details of either Weird or the Leaf protocol, but the basic concept of superpowering the personal website as identity provider is very attractive — and the passion of your writing is infectious 🙂 I hope to someday reach a lightbulb moment with your work and just implement it on my own site.