I like the aspect of ActivityPub that you can own your identity to the same degree to which you can own a domain.
It would be cool if it would be possible to log in to third parties as @you@yourdomain.com via the ActivityPub protocol.
Thinking about how to implement it technically .. one simple way would be to just send a magic link to @you@yourdomain.com via DM.
Hmm... that could actually work. Your username on - say - Hacker News would then simply be your Fediverse handle: @you@yourdomain.com
The same would work with emails of course. Most people don't want their email publicly visible though. But they would probably not mind using their Fediverse handle as their username.
But the interest thing is that I'd like to do the opposite: I'd like to be able to use my own id (openID, public key, DNS record, whatever) and use it as my identity on any activitypub server. Then the servers would be truly a simple hosting provider.
I for example will probably use something much simpler than Mastodon. As I will actively look for an ActivityPub software that is lean and does one thing well: ActivitiyPub.
Microblogpub looks promising:
Here is the spec: https://www.w3.org/TR/activitypub/
It explicitly defers auth to be implementation-specific: https://www.w3.org/TR/activitypub/#authorization
Sending a magic link to @user@domain results in a 3 actions login:
1: User types "@user@domain" into the login form and hits enter.
2: User switches to their fediverse inbox
3: User clicks on the link in the DM
I have the vague feeling that this is the shortes possible path. Or does your solution make it shorter?
But to be honest I don't fully understand your proposal, maybe I'm just missing how it's simpler. :)
But after some contemplation, I changed my mind. It's not so easy to say if there is a better alternative.
We need way to say "This is a Fediverse users. Their instance is xyz.com and their username is abc". A way that easy to grok visually and also by software.
abc@xyz.com - is alread taken for emails.
xyz.com/abc - would be a link
xyz.com@abc - is the wrong way round.
abc*xyz.com - would work. But is it good? Hmm... ~abc@xyz.comwhat would be a better format?
Although users get to choose which instance to join depending on their tastes, they have to sign up for a new account each time on each instance and potentially lose their followers if their account get’s banned in any of these instances.
So I’ve decided to build Soul, which is an external OAuth-based identity provider built specifically for social media in mind. It comes with several user management and user connections management features that can allow one’s “digital soul” to exist in various platforms as long as they integrate with Soul.
Soul is still in a really early stage of development but it is open source and constantly looking for new opportunities to improve. Please give it a shot and try building a social media platform on top of Soul to tap on it’s existing users (though not a lot at the moment, but I hope it’ll grow)."
Check out our site here: https://www.soul-network.com/ and main Github repo here: https://github.com/soul-project/soul
Then you get spambots attacking your service, so you set up checks on your end to alleviate the burden your individual community moderators have to undertake.
Then people sending illegal/shocking content. More changes on your end.
Then your government sends you notice that copyrighted content is being shared on your platform. Oops, gotta moderate that, too.
Death threats, alternate accounts, you name it, these are the things that will either make your community moderators & users leave (thus no service), or things you have to crack down on yourself.
Before long, you have a full-time team dedicated to moderating content.
Not saying this to just discourage you or belittle you, but, if you tell communities that you will be "impartial" 100% of the time, then that might come back to bite you later when you have to take action.
Either I don't need this single point of failure and create an account on each and every service independently. Each and every service then stands for its own. If someone is able to infiltrate a service, it is impossible to infiltrate my whole personalty.
That is different with a single third-party OAuth provide. First it needs a lot of trust, especially in terms of (cyber) security. Second: Kus why?
- https://solidproject.org/TR/protocol#identity
- https://solidproject.org/faqs#webid
- https://solidproject.org/faqs#fewer_passwords
> Does Solid mean we won’t need so many passwords?
> Yes. When you use Solid, you only need to login to your Identity Provider. You can then use applications that interact with your Pod without logging in each of them individually, which is (in our opinion) simpler than having to create accounts on each and every service. However, you will still have to manage what data you would like to share with each application.
Maybe I'm not understanding your direction here, but I'm specifically looking for an Identity Provider service to auth ActivityPub service users.
Seems like the centralization of relationships and credentials ought to be client-side, or a portable protocol all its own, so we don't repeat the mistake of centralizing the most-important data.
haha you're not wrong, but imo this is a critical part to centralize though. I haven't seen an easy to use (wallet not required) and trusted solution yet for decentralizing auth. Maybe it's underway and I'd be happy to adopt that once it's good.
Does Soul abstract away the platforms entirely, and make it feel like you're only on one?
You don't really have to deal with multiple platforms if you don't want to, but if you have to, it'll be as seamless as something like a "login with Google".
It might also be good for content creators cause you'll be able to follow them across different platforms (e.g. instagram, tiktok, twitter, youtube) without actually having to sign up on every single one of them. And content creators won't have to lose their subscribers / followers on new platforms.
Statements like this make me feel like I'm living on another planet. I socialize with my friends almost entirely over IM (iMessages, SMS, Signal, etc.). Social media is just the huge content pile that we sometimes discuss and link. In that sense there are already few barriers to switching platforms because "engaging" with any content on social media seems like a foreign concept.