Conversation
Notices
-
pump.io doesn't solve some of the problems that need to be solved by a next-gen social network.
-
-
@maiyannah it would be cool if the URI for your user was a GUID, and even if the server disappeared one day, there would be a way to "import" your identity into another server.
-
@moonman This is probably doable, actually. But would require a mechanism to resolve old existing databases that could get messy, and also would be very difficult to keep unique. uid@instance could be used easily though.
-
@moonman One thing I am working on is a unified login system, where you can claim the remote version of a local account, so for instance if both my instance were on postactiv and had this feature enabled, I could log in to my "remote" version of maiyannah@blahblah on SPC. The remotes store copies of the accounts after all. I wouldn't want to store login creds remotely though, though perhaps we can use client-side keys for this?
-
@maiyannah gnusocial already allows openid, if someone links openid to their account you could use it for both.
-
@moonman This is true but openID is kind of ehhh and isn't particularly reliable.
I like the idea of PKI if we can find a way to propogandate the server side key to check against. Could toss it in the user federation but that might break the protocol.-
@maiyannah could make a new verb that attests a public key. it gets federated, and the servers store it. Then if you want to sign in to another server, it can do a challenge.
-
@moonman That sounds promising but I'm not sure how kosher it is to just make new verbs on the fly in the activitystreams ecosystem?
-
-
@moonman Will read into this tonight and sketch out on paper how I imagine it happening and go from there.
-
@maiyannah
{
"@context": "https://www.w3.org/ns/activitystreams",
"name": "Joe liked a note",
"type": ["Like", "http://schema.org/LikeAction"],
"id": "http://www.test.example/activity/1",
"actor": "http://example.org/profiles/joe",
"object": "http://example.com/notes/1",
"published": "2014-09-30T12:34:56Z"
}
this is an activitystream activity, and the type attribute includes a uri to uniquely identify the activity so it can be semantically differentiated from a different "Like" activity, if it came up.-
@maiyannah I should clarify that the first "Like" is a native activitystream like, and the second one is a differently-namespaced like, the activity here is defined as both.
-
-
@maiyannah another possibility is just that you could have an account on another server, and verify a two-way rel="me" relationship between the accounts, and every server just honors that relationship and treats the two accounts like one. This would actually be really easy to implement.
-
-
-
@moonman It feels like API authentication endpoints could make this an easy method of account ousting unless the underlying "verification" method is stronger.
-
@moonman The API is a big glaring weak spot in GS/PA that I can't do too much about without breaking compatability with everything and I hate it with the dying fury of a thousand stars.
-
@moonman But lets just say that it wouldn't surprise me if Peggle or some other group could utterly destroy GS/PA as they presently stand if they were clever with API exploits.
-
-
-
-
-
-
-
-
-
@maiyannah I don't understand your criticism against #OpenID and would like to hear a valid argument.
-
@mmn There's a variety of technical flaws that make openID unreliable that are well-documented. The long turnaround of fixes for things like the Covert Redirect bug does not instill confidence.
-
-
-
-
-
-
-
