this post was submitted on 04 Sep 2024
70 points (94.9% liked)

Fediverse

28712 readers
35 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 

I am sure it was discussed here before, but I can't find a good way to search this community.

Are there any arguments against having a user's identity federate, and be compatible across platforms?

For example, let us say I sign up with my instance, [email protected]

But what if I go on mastodon, and I want to have my own micro blog. Or maybe go to write freely and post some blog posts. I'd have to make a different account on each one.

What if mastodon or write freely could just let me log in with my lemmy account (or lets call it federated account). This has several benefits:

  • users don't have to scratch their head on if I am the same person or not across these platforms
  • theoretically, someone following my feed can get updates on what I do on multiple platforms

Now I understand this would be difficult to implement and iron out all the edge cases, but am I missing anything on why it wouldn't be a desirable feature, given it is implemented?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -1 points 3 months ago (1 children)

My potential argument against it starts with asking where the credentials are stored for authenticating this identity.

Currently the home instance stores the hashed password and performs authentication.

In a way, the identity “belongs to” the place that does authentication, which now happens to be the instance.

If identity is decoupled from an instance, that means authentication decouples from an instance.

If the identity “belongs to” the fediverse as a whole, then that means the fediverse as a whole has an authentication mechanism.

Unless we can come up with a distributed authentication mechanism, that means the fediverse as a whole has some authentication service, as in one, which means centralized.

This therefore breaks decentralization, unless the authentication is somehow handled in a distributed way. Maybe consensus or something on a hashed password? But if those hashed passwords are stored in a distributed manner, then you’d need a super long password to prevent rainbow table attacks on the passwords, given the hashed values would essentially be public information.

Maybe public keys are stored in a blockchain? I don’t know this is beyond me in the details.

But to summarize the problem at a data model level, an identity belongs to an instance, because the instance can authenticate them. If the identity now belongs to the whole fediverse, then the whole fediverse needs to be able to authenticate them, which if not handled correctly could lead to centralized authentication, centralized banning, censorship, reddit, etc.

[–] [email protected] 2 points 3 months ago (1 children)

That's a solved problem from a technical perspective. Use OAuth. Just look at "sign in with google/facebook/github/etc"

[–] [email protected] 2 points 3 months ago (1 children)

Who is the OAuth provider in this case? The instance you sign up on? That's already the case.

[–] [email protected] 2 points 3 months ago (1 children)

Yes, the instance you signed up on would be the identity provider

[–] [email protected] -1 points 3 months ago

Then the identity still has a home.

I’ve implemented Oauth and you still have an identity provider.