This is a rather interesting read: https://bengo.is/blogging/2024-10-03-the-challenge-of-activitypub-data-portability/
-
Emelia πΈπ»replied to jonny (good kind) last edited by
@jonny yeah, was on my list for a while, but finally got to it today because it was nice and small and isolated in scope.
-
@raucao yeah, and that's the fundamental problem. To do E2EE, the hard part isn't encrypting the messages, the hard part is key management.
-
Emelia πΈπ»replied to jonny (good kind) last edited by
@jonny we're in a group chat & know each other from other W3C communities
-
jonny (good kind)replied to Emelia πΈπ» last edited by
@thisismissem
Jealous, I wanna come play in standards world. Also I love it when people i like like other people I like -
Emelia πΈπ»replied to jonny (good kind) last edited by
-
>There's no reason an ActivityPub server should demand to control the end-user's private keys.
But it sure can offer to if that's what you want
> I think a lot of people want 'Account Portability' because what they really want is Single Sign On.
Yes please.
-
chihuamaranianreplied to Emelia πΈπ» last edited by
I really like these ideas and ive thought about them a lot in the past year or two ive been on fedi.
I want an SSO provider for an account, then I want to seamlessly subscribe to communities sharing a certain type of content.
I'm not too worried about the user complexity; in theory its not much harder than, say, discord.
I create an account with identity provider A, then subscribe to peertube, pixelfed, mastadon, and Lemmy communities.
Behind the scenes, its all using the same identity keys.
I know activity pub is complex and forgive me if I'm oversimplifying the hard stuff, but I dont see why we can't have this.
-
Emelia πΈπ»replied to chihuamaranian last edited by
@chihuamaranian @bengo so you can already follow & interact with users of different software, generally, but something like "posting a new link on Lemmy from your Mastodon actor" isn't possible in today's implementations of ActivityPub.
So content consumption is more-or-less fine, but content creation across software from a single identity is not possible today
-
@thisismissem hey I didn't miss that. FWIW I actually don't think new users should have an 'identity server' at all (until they want one). but we do agree new users shouldn't have to make the choice as you present it. longer discussion I'll write up later.
-
@thisismissem this is what I was getting at with:
> Something that shakes out of unbundling Authentication from Social Servers and even Actor Servers (e.g. using cryptographic authentication and not a actor-server-dependent authentication scheme) is the ability to fully author signed social content without an internet connection -
@bengo aah, okay. The article was pretty technical, and for a lot of users they just want to get setup and start posting.. and then stuff happens later and their like "ughβ
-
@thisismissem my goal is to get it so users can get setup and start creating posts without talking to a server (identity or social) *at all* and only replicate to one or more servers when they are ready/able/connected to share those posts with others. i.e. https://www.inkandswitch.com/local-first/
-
@bengo that could be cool.
-
chihuamaranianreplied to Emelia πΈπ» last edited by
You are right, much of the experience I want is already possible on a media consumer level.
I think the one major friction point I see as a poster is that audio and video content is not something micro blogging services like mastodon are equipped to handle, and text content is not something peertube is built for.
So I need to fragment my identity and if people want to follow me they need to do so in multiple places.
Another thought is that much of this is a client side UI/UX issue.
I use fedilab because it has options to filter images into a instagram-like view, free of text. It also supports hot swapping accounts, and has some minor support for viewing the local timeline of different servers.
Its good, but still doesnt quite fit the grand unified vision I have.
-
Emelia πΈπ»replied to chihuamaranian last edited by
@chihuamaranian @bengo yeah, and that fragmenting shouldn't be necessary, and it's not really the way ActivityPub was designed.
-
> So I need to fragment my identity and if people want to follow me they need to do so in multiple places.
exactly! well said. imho this is why we need to decouple identity from social, and might as well go to local first identity while we're at it (esp if it also helps with data portability).
-
Removing identity from the content servers does pose some interesting challenges.
If I'm hosting "peertube minus identity" as a service, where accounts are created an managed via a long list of external oauth2-like providers, I suddenly have a lot of moderation concerns.
I would want to make sure I have, at minimum, the same control over which people can upload arbitrary content to my server as I currently do.
-
Emelia πΈπ»replied to chihuamaranian last edited by
@chihuamaranian @bengo yeah, you'd still have account-based moderation, it's just the Actor document that is the identity wouldn't be hosted by your server.
-
@chihuamaranian @thisismissem Good point. Even if people can 'create their account' and start signing local posts without talking to a server. Before they get to use a server, that local-first account still needs to get authorization to use a server. And needs to prove authorization in requests to the server.
-
@bengo @chihuamaranian then there's the matter of: currently every ActivityPub Server needs to be an OAuth 2 authorization server, because the spec mandates OAuth 2 for authentication/authorization.
So for instance, you couldn't present an OAuth Access Token from your Identity Provider with DPoP bound to the activities server, afaik.