I don't want to create a new account for every software / server.

aj@social.id1.in

I don't want to create a new account for every software / server. Where is the #OAuth thing for #ActivityPub?

#Mastodon #PixelFed #Lemmy

beaware@social.beaware.live

@aj why would you need to do that...? AFAIK, with some small nuances, you don't need an account for every software, you can follow all ActivityPub accounts from one account, no matter which software they're using.

mariusor@metalhead.club

@aj I'm working on that.

However it won't help with the status quo, mastodon and pixelfed and the other existing applications won't magically use a common ActivityPub backend similar to the one I'm creating.

julian

@[email protected] @[email protected] I'm waiting for convergence on multiple ways to do this.

There's OAuth and there's OpenWebAuth. Not sure what's going to win at this point.

silverpill@mitra.social

@julian @mariusor @BeAware @aj There is also nomadic identity, which is not attached to any server to begin with. I'm sure that OAuth will win (by user count) though - because of Mastodon

mariusor@metalhead.club

@silverpill how does nomadic identity solve the problem of using multiple types of fediverse applications with a single identity?

Is it because multiple individual applications can show the same did:: ?

@BeAware @julian @aj

silverpill@mitra.social

@mariusor Yes, it is like standard AP C2S (another solution for this problem), but with DID as identity root instead of server.
You register with your DID and application starts constructing objects with IDs based on it. Then you sign those objects.

This is similar to Nostr where people can simply copy-paste their secret key into a different client and start sending messages. Except with FEP-ef61 we are not limited to plain cryptographic keys, and may use more advanced identities (any kind of DID).

@BeAware @julian @aj

julian

@[email protected] @[email protected] nomadic identity as I understand it allows you to keep your ID if you switch instances, which is similar but not the same as being able to log into and use Site A using an account from Site B.

fentiger@mastodon.social

@julian @mariusor @aj I'm not sure it's a case of one or the other "winning". The more closely I look, the more I think it'll be possible to evolve OWA to become compatible with OAuth, at which point nobody will have to choose "between" them.

There's more to figure out, though, before we can get there - and I think holding off for now is a perfectly reasonable position.

fentiger@mastodon.social

@mariusor @silverpill @BeAware @julian @aj Well, it won't help you to log in to another application, but once you're logged in, it will give you a way to actually _post_ using an existing identity, which OAuth/OWA alone won't solve.

silverpill@mitra.social

@julian @mariusor @BeAware @aj

> being able to log into and use Site A using an account from Site B.

This should be possible in nomadic identity paradigm if Site B serves a DID document.

mariusor@metalhead.club

@silverpill I feel like thinking about the problem like that ignores one of the main tenets of the ActivityPub protocol: An Actor has An Inbox.

@BeAware @julian @aj

silverpill@mitra.social

@mariusor In FEP-ef61 world, HTTP inboxes still exist, and provided by servers. However, actor can have more than one HTTP inbox.

@BeAware @julian @aj