this post was submitted on 09 Jun 2023
341 points (99.7% liked)

Lemmy

12524 readers
2 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Both were down for me before, they seem to be up right now but just made this account on Lemmy.blahaj.zone (Henry is the name of my actual blahaj lol). It's probably because of the traffic influx from reddit refugees from the absolutely disastrous spez ama (where he doubles down on everything and doesn't apologize at all). Allegedly they're trying to suppress Lemmy mentions but I guess it's not working well enough lol

A good problem to have although long term we're going to have to figure out how to deal with these spikes in traffic.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 1 year ago (2 children)

I like the sound of this, just unsure how this would be able to authenticate an account on behalf of a home instance that's down, in a trustworthy way.

I'm not familiar with the inner workings of Lemmy and the Fediverse, so the following is based on similar implementations I'm familiar with...

SSO implementations usually require the website the user originally registered on (home instance) to confirm the account is real and authenticate it, and in most cases a new user account is automatically created using the SSO authentication details (this would prevent the user from appearing as if they're using their home instance).

To achieve what you want, I think we'd need some kind of way to export the user account and any signing keys used to prove the user is who they claim to be in the fediverse, and then re-import those to another instance. I'm not too sure if SSO would be able to achieve it if the home instance is down.

On the flip side, I'm pretty sure SSO with a Lemmy instance that is active could work. While it would bring a lot of benefit to less tech-savvy users, and a lot of convenience to us when we're given a threadiverse link to another instance, from a technical perspective I think that would be a challenging implementation. Users would need to be careful about having their credentials phished on a malicious instance too

[–] [email protected] 6 points 1 year ago

i'd also be worried that some corp would try to take control of the centralized sso mechanism and thus control the user base. imho we must avoid the instinct to centralize anything.

but potentially maybe there's a federated directory where people could register and be assigned a server to do load balancing to key problems like lemmy.ml are experiencing (?)

[–] [email protected] 3 points 1 year ago

To achieve what you want, I think we’d need some kind of way to export the user account and any signing keys used to prove the user is who they claim to be in the fediverse, and then re-import those to another instance. I’m not too sure if SSO would be able to achieve it if the home instance is down.

Since we're a decentralized federated network, it would stand to reason that the SSO implementation would also be so. Maybe something built on top of DHT shared by every instance, which just stores user key hashes to verify they are who they say they are. That way there would be no issue with central authentication authority and all instances will go by the hash table for user auth.

Quick check and here's what mastodon has been doing on the issue https://github.com/mastodon/mastodon/pull/16221