I am sure it was discussed here before, but I can’t find a good way to search this community.

Are there any arguments against having a user’s identity federate, and be compatible across platforms?

For example, let us say I sign up with my instance, [email protected]

But what if I go on mastodon, and I want to have my own micro blog. Or maybe go to write freely and post some blog posts. I’d have to make a different account on each one.

What if mastodon or write freely could just let me log in with my lemmy account (or lets call it federated account). This has several benefits:

  • users don’t have to scratch their head on if I am the same person or not across these platforms
  • theoretically, someone following my feed can get updates on what I do on multiple platforms

Now I understand this would be difficult to implement and iron out all the edge cases, but am I missing anything on why it wouldn’t be a desirable feature, given it is implemented?

  • intensely_human@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    3 months ago

    My potential argument against it starts with asking where the credentials are stored for authenticating this identity.

    Currently the home instance stores the hashed password and performs authentication.

    In a way, the identity “belongs to” the place that does authentication, which now happens to be the instance.

    If identity is decoupled from an instance, that means authentication decouples from an instance.

    If the identity “belongs to” the fediverse as a whole, then that means the fediverse as a whole has an authentication mechanism.

    Unless we can come up with a distributed authentication mechanism, that means the fediverse as a whole has some authentication service, as in one, which means centralized.

    This therefore breaks decentralization, unless the authentication is somehow handled in a distributed way. Maybe consensus or something on a hashed password? But if those hashed passwords are stored in a distributed manner, then you’d need a super long password to prevent rainbow table attacks on the passwords, given the hashed values would essentially be public information.

    Maybe public keys are stored in a blockchain? I don’t know this is beyond me in the details.

    But to summarize the problem at a data model level, an identity belongs to an instance, because the instance can authenticate them. If the identity now belongs to the whole fediverse, then the whole fediverse needs to be able to authenticate them, which if not handled correctly could lead to centralized authentication, centralized banning, censorship, reddit, etc.

    • Maestro@fedia.io
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      That’s a solved problem from a technical perspective. Use OAuth. Just look at “sign in with google/facebook/github/etc”

      • hark@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Who is the OAuth provider in this case? The instance you sign up on? That’s already the case.

          • intensely_human@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            2 months ago

            Then the identity still has a home.

            I’ve implemented Oauth and you still have an identity provider.