Follow

I know we all use password managers now, but what happened to open and authentication methods like ? Why does every website still have a Facebook and Google auth method but no or equivalent?

says OpenID was too complex to be worth it, but are there really no alternatives?

meta.stackexchange.com/questio

@Gina there's a promising area called "self-sovereign identity" but fair warning it's blockchain-adjacent. Still worth keeping an eye on?

@dznz Sounds interesting. If loads of people are able to manage their own @nextcloud, then a self-hosted federated identity system isn't far-fetched either (if I understand your toot correctly, the whole decentralized vs federated still confuses me sometimes 😅 )

@Gina it's definitely doable, but years away from day to day use. The key to value with identity is what it lets you do, and so you need to get uptake in both providers of claims and accepters of claims, which is... not easy in the general sense.

@dznz I'm just dreaming of a future where I walk around with a yubikey with a code and fingerprint sensor that allows me to log into any website I want.

This toot was brought to you by someone too lazy to use a password manager

I don't use password manager. But I think the future is something like zot with the nomadic identity. You don't need to say : It is me with email / password or telnumber / password you just log in once and you can navigate from site to site without authentificate. I am lazy too
@Gina @dznz Fido is way better than anything else
Just have a basic password in addition to be sure that no one can log as you if your token is stoled

@Gina In Drupal they *removed* the implementation from core a while ago.

drupal.org/node/556380

@Gina with keycloak few minutes for install and config this on debian
Openid, samlv2

@dada @nschont @Gina I loved the idea of OpenID, but the situation is even going backward because almost all platforms which used to support it dropped the support of OpenID.

@clement maybe they feel some kind of interests promoting a centralized system?

Huge proprietary silos want to be the centre of everything.

Most of websites don't see benefits of doing anything else than what Facebook propose because « they can have billion of customers ». The good old trap.

(cc @dada @nschont @Gina)

@Gina
This is also something I'd like to see in more websites ☹️

@Gina
Check out #ReclaimID, which seems to be the best option still being maintained. They bill themselves as "The decentralized, self-sovereign identity system"

reclaimid.gitlab.io

One way or another we need to sort out this crazy "every Fediverse server has different users and never shall another accept your login" situation.

@Blort @Gina I agree, can't wait till it's sorted out as well ... once a significant project, hint Mastodon, adopts it others will follow. Look what happened to actiivitypub.

@Gina not OAUTH based but there's an experimental concept from the guy that does the Security Now podcast called Sqrl. It's really early still but it seems interesting.
grc.com/sqrl/sqrl.htm

@Gina Or just, why there is no fedi alternativ thing to stackoverflow ?

@Gina At @fsfe we once planned to integrate OpenID into our account management system, usable for all FSFE supporters, but dropped this idea eventually because it was too complex at this time

@Gina for-profit companies are making for-profit moves. Supporting open standards of authentication should be mandated by a government. They did impose GDPR private data consent walls, also not a trivial thing to implement I believe. I think the same can be done here.

@Gina I really want this too.

It wouldn't even have to be complicated.
I tried to write a small poc server and application integration but I got distracted as usual.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.