Witcraft (Hubzilla)@hubzilla.fediversum.detoFediverse@lemmy.ml•Identity in the FediverseEnglish
1·
1 year agoWhat we definitely should add is some sort of instance single-sign-on, so you can log into another instance by having your original instance authorize the login attempt.
In Hubzilla / (streams), that existing functionality is called “remote login” (or technically “OpenWebAuth = OWA”) - and it’s the prerequisite to share access-controlled local content with connections - Unfortunately, this work only with Hubzilla/(streams) identities, because AP does not support this…
It would be a blast if this mechanism could be transferred to the AP world (after all, it’s freely available open source…) and let us share the local content functions with our AP connections…
It seems my first message was not delivered, so here it is again (Sorry if it gets double-posted, I will delete the second one if the first one shows up, eventually):
I’m not sure whether AP has such a mechanism as an instance independent identity (to my knowledge: It does not).
The Fediverse, however, has: In the Zot (in Hubzilla) or Nomad (in (streams) ) protocol, identity can be moved or cloned between instances. Both (Hubzilla and (streams) ) are compatible with AP, so you can use this ID with most AP platforms - as long as they do not implement a non-standard AP version: Some people call what Mastodon implemented “Mastopub”. But even then, this is more a problem for the other platform’s side like Mastodon, usually the Hubhzilla devs make it work on their platform). Both also have a wide range of functions, so there is hardly and function you cannot participate in using Hubzilla ( (streams) is a bit more limitied for ease of useability, but still offers most relevant functions).
On these Zot/Nomad platforms, the login for the instance is not your identity. In fact, you can have multiple identities tied to your login. Also, the identity is not your webbie - The webbie is rather an attribute to your ID, like a primary key ID in a database. In fact, it’s rather a link to your ID, so you change have multiple multiple webbies with your ID in parallel. This effectively means, I can login into multiple instances with various accounts, and still access the synchronized content for the independent ID (which is secured against fraud with a personal and foreign key/hash).
This has been named “nomadic identity” (I prefer portable identity, but I wording is not the key here). All connections / following / subscription within the Zot and Nomad protocol are handled via the ID, not via the webbie. Even non-capable platforms can connect to your primary webbie (which can be freely chosen and shifted…), and the protocoll implementation will deal with all requests to any of the webbies - as long as they exist. When you delete an account or instance, all AP connections are lost (as they, on their side, only know the webbie). All Zot/Nomad connections maintain the connection (as they address the ID which exists independent from / across all instances).
As I understand it, the Nomad protocol is a transitional step from Zot closer to AP, to demonstrate how AP would be capable to do the same, using the most recent protocol definition. So Mike (the main dev) tries to inspire the AP world to implement this on other platforms.
This was sent from my Hubzilla ID to Lemmy. I do maintain a Lemmy instance out of curiosity, but I prefer to use Hubzilla for everything. I could register a Mastodon, Pleroma, Funkywhale, or whatever ID on another instance. But what for…?
BTW: Hubzilla is even compatible with the diaspora* and GNU social protocol, even though at least diaspora seem to not support any compatibility efforts on their side. Hubzilla has been programmed around most of their quirks to make it work, although the do not care. (streams) ditched this burden and focussed on compatibility to Nomad, Zot, and AP.