@matslats @strypey @bhaugen @organizingInFedi @mike_hales A decentralized identity service for Single SignOn would be very helpful, if Mastodon could use that too.
But one would distinguish between trusted and untrusted users/members/guests. Perhaps something like AWs IAM and also things like S3, all useful in a decentralized orchestra. Perhaps the Masto devs could spend some money on that?
@gert
> A decentralized identity service for Single SignOn would be very helpful
Something like OpenID?
@strypey @matslats @bhaugen @organizingInFedi @mike_hales Perhaps, can it do delegation? Would it have some of the IAM capabilities? Do you have a link?
@gert Have a look at:
https://openid.net/what-is-openid/
Another option is Oauth:
https://oauth.net/
For SSO to multiple services within one organization, there is also LDAP:
https://ldap.com/
@strypey @matslats @bhaugen @organizingInFedi @mike_hales Delegation would mean that the root service (instance) redirects to the most local level where the authority resides.
@gert That sounds like something you could use LDAP for, see:
https://help.okta.com/en-us/Content/Topics/Security/Security_Authentication.htm
... but this is well above my paygrade. @lightweight would be a good person to ask about this stuff.
@strypey @lightweight @matslats @bhaugen @organizingInFedi @mike_hales Indeed, one might build something that connects to LDAP using PKI (and not the way AWS does PKI). There is the big advantage that LDAP is already widely deployed.
@gert @strypey @lightweight @bhaugen @organizingInFedi
Opt me out if this SSO strand? Too tech detailed for me!
But I do hope to find time to respond to @matslats helpful review blog on the challenge of open tools and infrastructures in the commons.
@mike_hales @gert @strypey @lightweight @bhaugen @organizingInFedi @matslats@social.coop https://webxdc.org by the people behind @delta is interesting, in that it is webapps that uses chat as auth. As I understand, a "server" could be a chatbot sending webxdc apps as responses and handling app responses. If Quicksy support "appears", running community-member-friendly services sounds more tractable than otherwise.
