Okay, sure, let's do this. "nomadic identity" 1. No one has ever even come close to explaining how using a did: uri is supposed to work2. Even assuming it works, no one can explain how it's different than oidc3. Even assuming it was different, what hap...
-
Jenniferplusplusreplied to Jenniferplusplus on last edited by
@ariadne fwiw, these are also concerns that I share. I think there's also an easy intermediate step, which is to allow for user provided private keys. That gives a lot of extra weight to the aka relation, and it allows people to manage a credible exit from their home server that doesn't depend on the home server's cooperation.
-
Hrefna (DHC)replied to Jenniferplusplus on last edited by
-
Hrefna (DHC)replied to Jenniferplusplus on last edited by
@jenniferplusplus Every time I read anything on DID it seems to quickly devolve into ranting about ICANN and I just give up. If it's not in the spec it is in every doc that connects to the spec in any meaningful way. -.-
-
Jenniferplusplusreplied to Jenniferplusplus on last edited by [email protected]
P.S. any identity solution that requires everyone to maintain their own individual domain name and dns records is a terrible idea that cannot work in practice. Not strictly the same thing as DID, I know. But it's always the very next thing that comes up.
-
@jenniferplusplus any solution that doesn't require being part of a community is only going to appeal to the most paranoid and/or antisocial people.
"Oh no what if my admin blocks a domain I have followers on?"
Perhaps you should have read the about page of your server and realized it wasn't going to be friendly to the kinds of people who follow you?
Sometimes you do have a shit admin or shit governance. If you're paying attention, you'll usually notice it long before it's actually a problem.
-
@tess I mean, sort of. The whole nomadic identity concept is connected to a real problem. In the fediverse, we call it admin drama. All these servers are someone's little hill, of which they are the little king. The only real choice most people have is to choose their king, and there's basically no information to go on when making that choice.
But nomadic id is not an actual solution to that problem
-
Jenniferplusplusreplied to Jenniferplusplus on last edited by
@tess but it feels like a solution. And it's easier than the actual solution, which is to do the real work of governance. Although it would help a lot if we could build told that make governance easier instead of harder. Or more approachable instead of more elite. But that's a somewhat different topic.
-
@jenniferplusplus I have a lot of ideas on this that solve a good portion of the problems.
-
@dalias ideas to make dns a workable identity registry?
-
@jenniferplusplus One choice among others, and in a way that doesn't require perpetual maintenance of it.
-
Yeah, but users are absofuckinglutely TERRIBLE at keeping track of their own keys. The number of my users who have lost/broken their phones/hardware tokens, or wiped and sold them without migrating their keys first is Way too damn high, even among some very smart R&D engineers who really REALLY ought to know better...
@hrefna
@jenniferplusplus @ariadne -
That's why I mentioned controlled (or managed) keys rather than provided keys, specifically.
You can have a third party or system with key access (CMEK/KMS-style), you can allow revocation and blind replacement so long as you don't require key possession for login, you can use a third party to verify it (VC-style or keybase style), etc.
It just depends on what you are aiming for and what the consequences are of it going sideways.
-
smallcircles (Humanity Now 🕊)replied to Hrefna (DHC) on last edited by
Great thread. Your mention of Keybase made me forward this discussion to the @keyoxide matrix chatroom.
(Note: Years ago I mused a bit about use cases for Keyoxide on the fedi and created this issue https://codeberg.org/keyoxide/keyoxide-web/issues/105 )
@JessTheUnstill @jenniferplusplus @ariadne -
smallcircles (Humanity Now 🕊)replied to smallcircles (Humanity Now 🕊) on last edited by
@hrefna @keyoxide @JessTheUnstill @jenniferplusplus @ariadne
I cross-referenced this discussion on SocialHub in Nomadic Identity topic:
https://socialhub.activitypub.rocks/t/nomadic-identity-for-the-fediverse/2101/63
-
smallcircles (Humanity Now 🕊)replied to Irenes (many) on last edited by
Yeah, it's sad. Couple years ago I found this early draft spec about did:orb by a - unknown to me - club called Trustbloc. Focused on fedi, and not crypto-shenanigan-related afaics. I added the spec to delightful-activitypub-development curated list.
But I am not following this club and looking in the GH repo just now, I think we have a PoWaste going on. The spec is also related to a "Sidetree protocol" now (Not gonna check out more atm).
-
Mike Macgirvin 🖥️replied to Jenniferplusplus on last edited bya did:uri is a string that represents you. It is not tied to DNS, so it can represent you at any server. Now the truth is the web is DNS based so we have to resolve it to a location to find you. This requires a DNS operation of some kind. But the location is not actually you. It's just where you're hanging out today. You can move. Your id is the same.
OIDC is an authentication and authorisation framework. DID is just an identity. Proving it's your identity requires you to sign something.
Finding the responsible adult you mention is just a slightly different algorithm. You can forget about the location. It is only relevant for knowing somewhere to look for the identity. But you're looking for the identity. In practice this means you won't have just 'user' storage. You'll have user (identity) storage and location storage, and it isn't necessarily a 1:1 mapping. You can have several locations for a given identity. For traditional fediverse accounts, there will be a 1:1 mapping.
If you want to block a person, blocking locations isn't going to cut it. You will need to block the identity.
That's the short and sweet. -
Mike Macgirvin 🖥️replied to Mike Macgirvin 🖥️ on last edited byOh, and the did resolver algorithm we're going to be using with ActivityPub does not rely on proof of waste technology. It uses ed25519 keys and a lookup on participating servers at a .well-known endpoint. That's it.
-
Ariadne Conill 🐰:therian:replied to Jess👾 on last edited by
@JessTheUnstill @hrefna @jenniferplusplus this is why i’ve always proposed a form of encrypted key escrow instead. you store the key(s) on the server as an encrypted blob and then decrypt it on the device when you need it.
problem is, we can talk about steps to mitigate shitty admins who want to do performative power plays, but those same admins like the status quo because they benefit from the power imbalance and user lock-in. you won’t sell the empire builders on tools which make keeping the empire going more difficult.
this is why every time i get interested in this space again i conclude that we would basically have to start over from scratch to build a more fair social networking system.
-
Jenniferplusplusreplied to Mike Macgirvin 🖥️ on last edited by
@mikedev A very quick scan of the dashboard says that Fedidb is aware of at least 23,000 fediverse servers. The current location for a DID could be any of those. You're going to poll the entire fediverse to find where to send messages?
-
Jess👾replied to Ariadne Conill 🐰:therian: on last edited by
For a lot of admins/mods, the sense of power and control over others is the currency they require to do the work of maintaining their instances. A whole part of the draw for building and maintaining a community is to have the power over your little fiefdom.