Hey, I am currently trying to understand a bit better what the Activity Pub allows and what it doesn't as I am preparing a presentation on that topic.

On Lemmy I can join other servers without having to recreate an account. Does that also work for across Activity Pub supporting software? Could I join a PeerTube page and then post there? Could I upload videos? Could I join Mastodon or Pixelfed and post images?

you are viewing a single comment's thread
view the rest of the comments

[–] psycotica0@lemmy.ca 2 points 22 hours ago (1 children)

Maybe I should create a new post for this but has there ever been discussions regarding SSO? So you have one identity across all fediverse services?

This comes up from time to time, but usually not for what you want. Pixelfed and PeerTube and Lemmy and Mastodon are actually pretty different experiences. They don't really do the same thing, they don't appear to have the same verbs and nouns. So using one to talk to the other is actually a little weird, not because we're trying to make walled gardens, but just because the focus of Lemmy is on the threaded topic, and the focus of PeerTube is comments on videos in my playlist.

The fact that they can cross-talk at all is kind of an accident. Each system wants to federate with itself, and so they have a protocol to do it. And because it's an open protocol, anyone can use it. And it is intentional that any compatible software should be able to use it, so Mastodon and other microblogs can cross-talk, that's on purpose. But with these different "kinds" of services, they all picked the same protocol because it already existed, it already worked, and it met their needs. I don't think the people making Lemmy really intended PeerTube users to use it, even though it's sometimes possible in particular ways. They're compatible because they both used parts of the same protocol, and so when you put them together they happen to have overlap, but that's almost a coincidence.

The reason SSO sometimes comes up is actually to solve a UX problem that's plagued the fediverse since the beginning. If I'm a user of lemmy.ca, and I'm looking at lemmy.ml because I got there from a link it Google out something, and want to comment on what I see there, I can't. Not directly. I can't click the join button or follow a user or any of it, because this site is not my site. I have to first go to my site, where I have an account, and then find this content on my site, and then interact with it there. That sucks and has always sucked. So one of the proposals people have pitched to fix it is if I could login to lemmy.ml directly with my lemmy.ca account, then I could drive it remotely, in context, while maintaining my actual account somewhere else.

The downside of this is that a whole bunch of random sites have tokens for me, every instance has way more "users" than users, and if any one of them has a security incident then it doesn't just affect the users of that instance, because that instance also has keys for a bunch of other random instances. And overall the way I'd login on the remote site is to type my home site's address, to kick off the SSO login, but if I'm doing that anyway I could also type that in and just have it redirect me there natively. So not great.

If we're talking about using SSO just to only have one credential, this is actually better handled with normal, existing, SSO. Like OpenID or whatever. If Lemmy and Mastodon and PeerTube and PixelFed all allowed creating an account with an existing SSO solution, of which there are several, then you can already create an account on each of them using the same identity provider and not make any new accounts. This is likely cleaner than requiring each of them to be, themselves, an identity provider just so they can all login to each other so you can start with any one of them natively, but from there only have one identity for all the rest. That would add a bunch of extra requirements to being a valid implementation, and maybe lead to some bad or insecure identity providers, and not give that much benefit in return.

But I love SSO as a concept, so we should definitely support the much simpler thing, which is that all FOSS websites support SSO standards, not for fediverse reasons, but just because it's nice in general. For me 😛

[–] VoxAliorum@lemmy.ml 1 points 21 hours ago (1 children)

Oh, I agree. I meant SSO in the second sense: that there are external Identity Providers that you can use to create an account at different servers hosting different kind of fediverse experiences - be it Lemmy, PeerTube, Mastodon or ... I understand the issue you are describing first, but I haven't had that problem yet. Sounds like it could be fixed with a simple redirect - but I guess it is not so easy to figure out whether you need a redirect in the first place.

[–] psycotica0@lemmy.ca 2 points 8 hours ago (1 children)

Yeah, the redirect is easy. The hard part is that I'm just some unauthenticated user on whatever.net or something and I clicked the 👍 button. That could pop up a box that's like "hey, what server is your server?" and then I type it in. That could be done, but it's kinda crap, and we don't have anything better 😅

[–] VoxAliorum@lemmy.ml 1 points 4 hours ago

I think for now the easiest solution would be a browser extension "TakeMeHome" that automatically redirects you when you enter a foreign server that is federated with your home server. Should be pretty easy to implement.