why does the fediverse not serve the authentication problem?

Display Name@lemmy.ml to Fediverse@lemmy.ml – 38 points –

I still have many different accounts on matrix, lemmy, mastodon, etc. and although you may communicate somehow, it doesn't work properly.

15

Why would I trust a random Lemmy server admin with authentication for anything other than Lemmy?

You can use federated SSO. The remote site never sees your credentials but only a token that you’ve been authenticated against your home instance.

That being said, that’s probably the problem, in order to do federation a small degree of trust is required between the two instances. I guess that is already done with activityPub since you’re getting content from remote instances.

a token that you’ve been authenticated against your home instance.

I assume you are talking about OpenId Connect (or OAuth 2.0 but that is basically what OpenId Connect is based on) here. The crucial bit that didn't really work out with this is the part where users just specify their OpenId Connect provider at login time. All uses I have seen in at least 10 years have a fixed list of providers to choose from because of these trust issues.

Federated ID seems interesting but impractical. Take your home instance ID and use it to auth to another server, nice to have if the home base is down but if the home is down then how does the remote host validate the user in a realtime sense? Storing tokens or creating a local version of the account would be possible but if the user was banned from the home base then you have to trust replication to clear it from the remotes or have a short enough token expiration to know they need to revalidate against the home base after X time.

A ways out of my expertise, I work more on the lower layers of connectivity so maybe I'm overthinking it. What could be helpful would some sort of local app setup that would create an instance with an easy executable. Creating spontaneous servers has playing with fire potential and doesn't address domain creation or port allocations, but with the certbot/acme systems out there it seems like it wouldn't be too far out of the realm of reality. Musings of a mad scientist...