I am sure it was discussed here before, but I can’t find a good way to search this community.
Are there any arguments against having a user’s identity federate, and be compatible across platforms?
For example, let us say I sign up with my instance, matcha_addict@lemy.lol
But what if I go on mastodon, and I want to have my own micro blog. Or maybe go to write freely and post some blog posts. I’d have to make a different account on each one.
What if mastodon or write freely could just let me log in with my lemmy account (or lets call it federated account). This has several benefits:
- users don’t have to scratch their head on if I am the same person or not across these platforms
- theoretically, someone following my feed can get updates on what I do on multiple platforms
Now I understand this would be difficult to implement and iron out all the edge cases, but am I missing anything on why it wouldn’t be a desirable feature, given it is implemented?
My potential argument against it starts with asking where the credentials are stored for authenticating this identity.
Currently the home instance stores the hashed password and performs authentication.
In a way, the identity “belongs to” the place that does authentication, which now happens to be the instance.
If identity is decoupled from an instance, that means authentication decouples from an instance.
If the identity “belongs to” the fediverse as a whole, then that means the fediverse as a whole has an authentication mechanism.
Unless we can come up with a distributed authentication mechanism, that means the fediverse as a whole has some authentication service, as in one, which means centralized.
This therefore breaks decentralization, unless the authentication is somehow handled in a distributed way. Maybe consensus or something on a hashed password? But if those hashed passwords are stored in a distributed manner, then you’d need a super long password to prevent rainbow table attacks on the passwords, given the hashed values would essentially be public information.
Maybe public keys are stored in a blockchain? I don’t know this is beyond me in the details.
But to summarize the problem at a data model level, an identity belongs to an instance, because the instance can authenticate them. If the identity now belongs to the whole fediverse, then the whole fediverse needs to be able to authenticate them, which if not handled correctly could lead to centralized authentication, centralized banning, censorship, reddit, etc.
That’s a solved problem from a technical perspective. Use OAuth. Just look at “sign in with google/facebook/github/etc”
Who is the OAuth provider in this case? The instance you sign up on? That’s already the case.
Yes, the instance you signed up on would be the identity provider
Then the identity still has a home.
I’ve implemented Oauth and you still have an identity provider.