Post 9vE1Z3JRu4FKSGXpse by helby@www.librepunk.club
(DIR) More posts by helby@www.librepunk.club
(DIR) Post #9v20rKEPqwoFa5L1w8 by Gina@fosstodon.org
2020-05-14T08:20:06Z
0 likes, 3 repeats
I know we all use password managers now, but what happened to open and #decentralized authentication methods like #OpenID? Why does every website still have a Facebook and Google auth method but no #FOSS or #opensource equivalent? #stackoverflow says OpenID was too complex to be worth it, but are there really no alternatives?https://meta.stackexchange.com/questions/307647/support-for-openid-ended-on-july-25-2018
(DIR) Post #9v21MYL5S2U0JPLh7Q by dznz@cloudisland.nz
2020-05-14T08:26:22Z
0 likes, 0 repeats
@Gina there's a promising area called "self-sovereign identity" but fair warning it's blockchain-adjacent. Still worth keeping an eye on?
(DIR) Post #9v21YiQTm2oH4TfeCm by Gina@fosstodon.org
2020-05-14T08:29:02Z
0 likes, 0 repeats
@dznz Sounds interesting. If loads of people are able to manage their own @nextcloud, then a self-hosted federated identity isn't far-fetched either (if I understand your toot correctly, the whole decentralized vs federated still confuses me sometimes 😅 )
(DIR) Post #9v21dsKWNYBNEfLPLU by Gina@fosstodon.org
2020-05-14T08:29:48Z
0 likes, 0 repeats
@dznz Sounds interesting. If loads of people are able to manage their own @nextcloud, then a self-hosted federated identity system isn't far-fetched either (if I understand your toot correctly, the whole decentralized vs federated still confuses me sometimes 😅 )
(DIR) Post #9v21x0N0i4sFfpd8sq by mig5@aus.social
2020-05-14T08:33:22Z
0 likes, 0 repeats
@Gina Mozilla experimented with ‘Persona’ but gave up. However, OpenIDConnect/oAuth is making a comeback. There’s a very cool tool called Vouch which can integrate with Nginx to do auth for pretty much any backend app (I’ve used it for Redmine, Nagios, and others): https://github.com/vouch/vouch-proxy In smaller institutions that run some sort of Identity Provider like LDAP etc, SAML is very popular.
(DIR) Post #9v220ijIEtMO7XpBY0 by dznz@cloudisland.nz
2020-05-14T08:33:48Z
0 likes, 0 repeats
@Gina it's definitely doable, but years away from day to day use. The key to value with identity is what it lets you do, and so you need to get uptake in both providers of claims and accepters of claims, which is... not easy in the general sense.
(DIR) Post #9v22UeB5j6nwgw64um by Gina@fosstodon.org
2020-05-14T08:39:31Z
0 likes, 0 repeats
@mig5 Exactly, Persona! At my organisation we use Apache Ipsilon for SAML (integrated with FreeIPA) and it's nice. Although I would definitely go with Keycloak or Gluu next time. But that's for internal services. For external services I'm just sick of seeing FB and Google auth methods everywhere. The #fediverse especially seems like a place for open and decentralized auth methods.I'm gonna check out Vouch, thanks!
(DIR) Post #9v22lWMG3PFfMTMlXc by Gina@fosstodon.org
2020-05-14T08:42:30Z
0 likes, 0 repeats
@dznz I'm just dreaming of a future where I walk around with a yubikey with a code and fingerprint sensor that allows me to log into any website I want. This toot was brought to you by someone too lazy to use a password manager
(DIR) Post #9v238BMAIr0It381xY by mig5@aus.social
2020-05-14T08:46:35Z
0 likes, 0 repeats
@Gina I have to look at Gluu too for a project. It looks so complicated though to hook into an existing identity store. But seems to have heaps of cool features too...
(DIR) Post #9v23aOQDJuT3W5TSam by Gina@fosstodon.org
2020-05-14T08:51:46Z
0 likes, 0 repeats
@mig5 I'd love to learn more about it too. It's on my very very long list of stuff to play around with. 😅
(DIR) Post #9v23cr9VTJ0tCZpmIC by e0ipso@fosstodon.org
2020-05-14T08:52:00Z
0 likes, 0 repeats
@Gina In Drupal they *removed* the implementation from core a while ago.https://www.drupal.org/node/556380
(DIR) Post #9v2NNqjmsl0N4onRNg by Blort@social.tchncs.de
2020-05-14T11:46:52Z
0 likes, 0 repeats
@GinaCheck out #ReclaimID, which seems to be the best option still being maintained. They bill themselves as "The decentralized, self-sovereign identity system"https://reclaimid.gitlab.ioOne way or another we need to sort out this crazy "every Fediverse server has different users and never shall another accept your login" situation.
(DIR) Post #9v2Nz977WRQ2mhUijg by lopeztel@fosstodon.org
2020-05-14T11:09:15Z
0 likes, 0 repeats
@GinaThis is also something I'd like to see in more websites ☹️
(DIR) Post #9v2S9paOrkL5DqXZ0S by splatt9990@fosstodon.org
2020-05-14T13:27:00Z
0 likes, 0 repeats
@Gina not OAUTH based but there's an experimental concept from the guy that does the Security Now podcast called Sqrl. It's really early still but it seems interesting.https://www.grc.com/sqrl/sqrl.htm
(DIR) Post #9v2TjXUVihBZTsNOt6 by stchris@fosstodon.org
2020-05-14T09:07:05Z
0 likes, 0 repeats
@Gina @mig5 It was disheartening to see Mozilla close down Persona. I too am sick of "login with FAANG"
(DIR) Post #9v2UYvcTlocp5CbkdU by nschont@mastodon.etalab.gouv.fr
2020-05-14T09:23:17Z
0 likes, 0 repeats
@Gina with keycloak few minutes for install and config this on debian Openid, samlv2
(DIR) Post #9v2UYvyoQmUQCT3aRk by dada@diaspodon.fr
2020-05-14T09:23:48Z
0 likes, 0 repeats
@nschont +1@Gina
(DIR) Post #9v2UYwIfEyMxC2LROC by clement@toot.forumanalogue.fr
2020-05-14T09:27:22Z
0 likes, 0 repeats
@dada @nschont @Gina I loved the idea of OpenID, but the situation is even going backward because almost all platforms which used to support it dropped the support of OpenID.
(DIR) Post #9v2WmAtMV11q7cwsnQ by changaco@mastodon.host
2020-05-14T09:44:15Z
0 likes, 0 repeats
@Gina This thread may interest you: https://github.com/liberapay/liberapay.com/issues/1687
(DIR) Post #9v2XU02WD1kNCp83ma by kris@zap.dog
2020-05-14T09:51:58Z
0 likes, 0 repeats
I don't use password manager. But I think the future is something like zot with the nomadic identity. You don't need to say : It is me with email / password or telnumber / password you just log in once and you can navigate from site to site without authentificate. I am lazy too
(DIR) Post #9v2YanfIiPxQoB4krY by basil@sarcasm.stream
2020-05-14T14:39:05Z
0 likes, 0 repeats
@Gina love seeing all the replies to this.There's also https://indieweb.org/IndieAuth
(DIR) Post #9v2b1GxGdgSR5QEKYa by duponin@udongein.xyz
2020-05-14T15:06:29.684688Z
0 likes, 0 repeats
@Gina @dznz Fido is way better than anything elseJust have a basic password in addition to be sure that no one can log as you if your token is stoled
(DIR) Post #9v2o0btoa8p39td6ps by nawi@fedi.absturztau.be
2020-05-14T17:32:02.619914Z
0 likes, 0 repeats
@Gina Or just, why there is no fedi alternativ thing to stackoverflow ?
(DIR) Post #9v4jfeUP2zPTtd1h0C by mxmehl@mastodon.social
2020-05-15T15:52:36Z
0 likes, 0 repeats
@Gina At @fsfe we once planned to integrate OpenID into our account management system, usable for all FSFE supporters, but dropped this idea eventually because it was too complex at this time
(DIR) Post #9v66rybeZSM5rnDuFs by pavel@mas.to
2020-05-16T07:41:41Z
0 likes, 0 repeats
@Gina for-profit companies are making for-profit moves. Supporting open standards of authentication should be mandated by a government. They did impose GDPR private data consent walls, also not a trivial thing to implement I believe. I think the same can be done here.
(DIR) Post #9v7Y095eMsLYcQKkro by rune@mastodon.nzoss.nz
2020-05-17T00:26:00Z
0 likes, 0 repeats
@Gina I really want this too.It wouldn't even have to be complicated.I tried to write a small poc server and application integration but I got distracted as usual.
(DIR) Post #9vE1Z3JRu4FKSGXpse by helby@www.librepunk.club
2020-05-20T03:25:36Z
0 likes, 0 repeats
@Gina Just reminder that not everybody need 100+ online accounts which require to use some kind of password manager. There is still hope.
(DIR) Post #9veSCEJPWzojTWfIgq by pmevzek@framapiaf.org
2020-06-01T21:26:37Z
0 likes, 1 repeats
@Gina Look at WebAuthn: https://www.w3.org/TR/webauthn/ With proper hardware this allows to just not having to deal with passwords anymore which is the direction that seems worthwhile to me... In theory people dream about decentralized privacy protecting services but in practice do not want to invest using different login+password per service and hence are perfectly happy with a privacy eating organization managing their login on any website. It is the network effect: "everyone" has a Gmail or FB acct