For "regular people" who take little interest in tech and aternatives, that would make a huge difference.
You can convince them to register for one new thing, but not 10 new things, if you try to promote switching from FB groups to Mattermost/matrix, MS/Google forms to Cryptpad, Loops in addition to TikTok, FB Marketplace to Flohmarkt, Events to Mobilizon...
I do not belief this narrative.
People have absolutely NO problem to register at hotmail, google, whatsapp, instagram, facebook, tiktok, snapchat, gmx, paytv, or whatever...
And the same people tell me, that it's too complicated to register on free service like fediverse, signal or so. The login is definitly NOT the point.
In Austria we have #IDAustria it's a kind of #eID it should be possible, to configure this as #IdP to #keycloak and keycloac is configureable in many fediverse-services.
I think, i will register as serviceprovider for idaustria to try this for my services. But the process to get this work is between a few weeks and one year.
The you have such a thing you want. Including age-verification. For "tante erna" is it too complicated. For techies as i am, it's too centralized.
But did you read, what i've written?
There are some serviceproviders out there, which serve a bunch of fediverse-services with such a single-sign-on solution.
Thrn you login to tchncs.de or adminforge and can use all the funny services there with one login.
But try to understand, what it really is, what you want. It's just another solution of centralized surveillance, if you want to do ALL your daily business with just one account. It's that, why i left facebook, google &co as much as possible. Because i don't like this possibiluty of surveillance
Wow. I still think it would be good if the option was there to use your Fediverse (Mastodon) account to authenticate that you are the user you say you are with Avatar and Name. Nothing more nothing less.
Others are suggesting using Open Id Connect. But then you'd use oidc to authenticate, not Fediverse/Mastodon. So the Fediverse account wouldn't play a role as an enabler to make this easy for those who wish to use their account across services.
@leanderlindahl
Just saw you comment im my timeline. Don't know why.
What do you think ist OIDC?
It is a protocoll, where a service goes to an accountig-service, asking, "is this user, which tries to login here the user he want's to tell me?"
And if the identity-provider says "yes", the user is allowed to use this service.
It does not belong, if it is a mastodon or a peertube or a friendica or a nextcloud or a keycloak or a github or a google or a whatelsepossible-idp account.
You have - in the scenario you are talking about - a service and separated from the service an identity-provider.
This two parts have to talk to each other.
They have to trust each other.
They need a protocoll (a language both services speak and understand).
One of those protocols is #oidc
My peertube-server talks to my keycloak-server. On every login on peertube im led to keycloak. There i authenticate myself (different Methods possible). The keycloak says "Ok. This is he. This is his email, if you need, his name and this are some roles, if you need"
Then my browser redirects to peertube and peertube says "Thank you. I'll let you in, because keycloak said, you are you"
When i open my nextcloud in the same browser, i'm led to my keycloak-server. Nextcloud asks if I'm I.
Keycloak finds a cookie in the browser, which says "On this browser you have authenticated this user, nextcloud is asking for"
Keylcloak says "Ok. alright. Go back to nextcloud".
Nextcloud says "Alright, the user is authenticated. I'll let him in"
And im logged in in nextcloud.
When i go to my mobilizon-account, my mobilizon-server sends me in browser to keycloak and asks, if the user exists and is authenticated. keycloak says "Yes it is" and leads me back to mobilizon.
Mobilizon says "Alright, i'll let you in"
The main point in this point is: "Do the two parties trust each other?"
And what means "Trust"?
There was once upon a time an admin, who asked another admin, "can i use your identity-service to authenticate my users based on your identity?"
And then they configured the other service in thier own with certificate, username/password, json-webtoken other whatever authentication-method for services are used.
But the point is: sometimes in the past the admin of a service has to manually trust the service of admin b and back.
Imagine I'm a very bad admin, paid from trum AND putin at the same time to destroy the fediverse. and every instance in the fediverse asks just each identity-provider possible, where users come from, "exists this user in your databse? Yes? Ok. Send me name and Avatar" and lets this user in.
I can create hundrets of thousand identites and destroy the fediverse in short time.
So please go to some documentation about oidc or other sso-protocols and read at the first time, or talk to people who know about sso-processes... and beliefe them, what they are talking about.
I'm not the one, who had finally understood all the protocols and drawbacks... and i do not finally know all of them. Maybe i'm totally wrong... then bring some sources and show me, why I'm wrong.
And again:
I don't think the login is the most disturbing step for users... because:
Users have absolutely NO problem to register an account separately for
- whatsapp
- google
- instagram
- facebook
- snapchat
- tiktok
- gmx
- microsoft
- paytv
- other paytv
- amazon
- some chinastor
- some other chinastore
- an importer to save taxes for china-imports
- another importer to save also china-imports
- another amazon-account, because they've forgotten the first login
- an ebay-account
- another ebay-account
and so on...
The login is definitely NOT the problem.
And the people use for each account the same username/Email and password... no problem for them.
Tell them "Use a fucking passwordmanager" they tell you "uoh... this is SO difficult"
Tell them "Use signal instead or additionally to whatsapp" they tell you "uoh this is so fucking complicated"
Tell them "Let's use bigbluebutton instead of teams", they tell you "uoh... this is so fucking complicated. Let's use zoom. I've just created an account for"
No, Login is definitely NOT the problem with free software and free services.
Btw... my examples are not born in my brain... i had this discussion over and over. And people tell me always how complicated free services are... even if the usage is much easier than proprietary software.
People have NO problem to accept googles two-factor-authentication, setup a phone-number to recover, setup one-time-passwords in case of being locked out, tell google the name and sexual orientation of their mother, grandpa and children... but they have a problem to register a matrix-account and store the recovery-password.
The have a problem so download signal and fucking use it... but they have no problem to use whatsapp... did you ever tried to move your whatsapp-app to another smartphone?
And signal?
Without google? (WITHOUT Google... also even without playstore!!!)
Signal: No problem
Whatsapp: Hello psychiatrist, here i am!
The login is NOT the problem. And btw... it's solved. What you wrote minutes ago, what should be possible... i told you hours ago, it exists and it's in use.
So. This was my really last comment in this thread.
@jakob It's pretty unpleasant the way you use language filled with bile and venom. Sometimes one can accept that one has different points of view on an issue. That shouldn't have to be the end of the world.
I have an idea from the user's perspective. You look at this from a server admin perspective.
I will not tell any user to "get a f*ing password manager" or "Hello psychiatrist". I would consider that inappropriate. Maybe time for me to leave Mastodon if this is anything to go by.
@leanderlindahl
Please...
It's not my best day today. Sorry.
And what you want, exits and is in use. You are really in the ability to click an account on tchncs.de or adminforge.de
There you can try, what i told you, on a bunch of servers and services.
Fediverse-Service, Matrix-Chat, i think, they also have a xmpp-chat, and many other services. Just with one account.
Before you spend so much effort from a "user sight", how it can be done, how it should be done... try what people offer you...
Click an account on adminforge.de/
Or click an account on tchncs.de/
play around... see if this solution will fit your needs.
The solution you are searching for already exists.
And the login is NOT the problem, why people do not use the fediverse...
And if you are injured by facts, what i will give you for your ideas... yes, not in the most friendly way... but i give you the solutions, you are looking for... and you try a bit to threaten me "bรคh, i will leave mastodon, if you are tat rude"... hmmm... be surprised... i do not use mastodon. :)
Because i do not like mastodon either.
Please... do not refer on the bad passages from my text and ignore all the other information i gave you... i repeated the information. and you just refert to 2, 3 sentences, which are NOT on the topic you are tinking about...
@leanderlindahl
But to be kind...
I will mute your account, then i'm not triggered any more on your repeated questions, where you still got answers for.
Then you can stay on "Mastodon"...
@jakob I suggested the idea that it would be good if you can use your Fediverse account to login elsewhere.
You keep telling me that one can login to fediverse services using third party authentication services which is true and you demonstrated how.
But those are different things even if you keep repeating the suggestion you were kind enough to make originally.
I never asked any repeated questions. I expressed an idea of what could be.
But it's of course an option to look into oidc for "bespoke" projects. It wouldn't have the multiplier effect I was envisioning though. Again maybe I've got this all wrong as some would imply.
Pocket I'd looks sweet
https://pocket-id.org/
This is called "#OpenIdConnect or #oidc or other #SingleSignOn #SSO Method
But... this is a thing, worth to think about.
How do you think does this work?
You register an account on a sso-provider and then you can login to mastodon.fuckheads.org and pixelfed.letmeall.one and next.cloud and friendica.noidiots.here and wordpress.stupid.things and vaultwarden.my.secrets
Each service run by another admin or organization...
Then you have a cental fediverse login. And the central login provider knows wo is who in the fediverse. And each service-admin has to configure his service to use the central login.
And each admin has no planning-capacity how many users will come and resources are needed. No control about his users.
Or you have multiple sso-providers. So each admin has to configure his service for each other serviceprovider too... the you have to choose on the login-page out of 27 or 150 login-providers... not so "handy"
Or... and this is still realized:
You've a service provider, which serves mastodon, pixelfed, peertube, nextcloud and so on, and has configured a sso-service for all services he provides. The you login at your serviceproviders first service snd you are logged in on all other services he provides.
Adminforge.de is such a service-provider and tchncs.de another one.
Then your fediverse accounts ALL stand and fall with that one person or organization.
What you want is "google without google, not realizing what this means in real live"
@jakob "Then your fediverse accounts ALL stand and fall with that one person or organization"
You'd still be able to register 10 different accounts if you want.
But for auntie Bertha and your local association it would be a real game changer with one authentication. I could convince people of that. But not for them to register to 10 different services and log in separately on each of them.
It wouldn't be mandatory to use one account/identity, but an option.
@jakob i'm thinking about authentication. You still have "sign up" and have a separate account created on the service. The server admin can still approve/deny. But the check whether the user is who they say they are could be done via a Fedi account.
It would be
"Here's a user who says they are @[email protected] โ hey village.mastodon.community, is that true?"
"Hi pixelfed.schwerin.coop. Yes the authentication was true. This is that user."
End.
Congratualtions. You've invented authentication-methos which are known as oidc, webauthn, saml
I told you before, how this works. One step later.
Snd there are Serviceproviders out there, which actually DO today, what you are dreaming about.
@jakob you seem quite combatitive. I don't see why its called for to be sarcastic. Lecturing and belittling. I didn't claim it was a new invention.
I think it would be good to have your Fediverse account as a base for using different community apps (if you wish to). Then it would be easier to move some people from FB and Google docs to alternatives.
Other people can continue registering all kinds of accounts. Its a free world.
I told you, it's all invented, it' all implemented (or implementable) and what the problems are, doing this.
I told you three times, that there are service-providers out there, they are doing exactly, what you describe. And you never responded to one of my arguments directing to this. But you tell again and again, it would be grwat, to have this. We allready have this. I run it, for example on my fediservices, nextcloud and other ones. I know, what i'm and you're talking about. Because i do it at this moment.
I tuned to sarcasm, when i realised, you do not respond on this.
And why i don't think, "the login" is the problem, i wrote another comment. You also did not respond on this.
So. I told, what's to say. Please do not mention me in this thread any more. We are not in sync today.
Leander Lindahl
jakob ๐ฆ๐น โ
Ilka ๐