86°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Dmitri Shuralyov https://twitter.com/dmitshur   •   Apr 10
    Have you considered using IndieAuth (https://indieauth.spec.indieweb.org) which does the same now?

    I’ve implemented it on my personal site (https://github.com/shurcooL/home/issues/34) and I’m very happy with it. Especially during GitHub outages.
    Aaron Parecki
    Here's some background on why this solves the particular problem you're talking about in this thread: https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web
    Portland, Oregon • 47°F
    Fri, Apr 10, 2020 6:41am -07:00
    3 likes 16 replies
    • Erik Paulson
    • Jamie Tanna | www.jvt.me
    • Sriram Karra
    • David Crawshaw twitter.com/davidcrawshaw
      I’m a little confused, how do chickens identify me? Do we paint the eggs?
      Fri, Apr 10, 2020 10:02pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      If you are the chicken, or the egg, you can eliminate a chicken and egg problem by building some tech. But in a distributed identity system you’re just a farmer who doesn’t yet have any chickens or eggs or a place to get them.
      Fri, Apr 10, 2020 9:55pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      1. Big provider builds popular service (Facebook, Gmail) 2. Apps want access to data in big provider in exchange for your privacy 3. Big provider offers “Login with big provider!” buttons and API 4. Apps adopt buttons. Demand existed on both sides, and the bigcos invested first.
      Fri, Apr 10, 2020 9:53pm +00:00 (via brid-gy.appspot.com)
    • Alexey Shamrin twitter.com/megaflop
      Do you have an idea on how did oauth2 find "a way around the chicken and egg problem"?
      Fri, Apr 10, 2020 9:22pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      There’s an apt analogy there. Think how many people are capable of deploying “WireGuard” (or IPv6) vs how many can install “tailscale.” Orders of magnitude! It’s not because we have tons of money (we don’t). It’s because we really really hate chicken and egg problems.
      Fri, Apr 10, 2020 8:04pm +00:00 (via brid-gy.appspot.com)
    • Eric Sampson twitter.com/evntdrvn
      on the first part, kinda like what tailscale is doing? : )
      Fri, Apr 10, 2020 7:22pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      I don’t want it to be “possible” though. That’s such a low bar. I want real people to actually be able to use it, internet wide. Oauth2 won because it found a way around the chicken and egg problem. Doesn’t matter that it sucks. That didn’t affect its adoption.
      Fri, Apr 10, 2020 7:18pm +00:00 (via brid-gy.appspot.com)
    • Dmitri Shuralyov twitter.com/dmitshur
      Imagine you want to share the invite list to a party with a new acquaintance. Would you be more comfortable sharing 50 identifiers if they're people's personal email addresses, or their personal URLs?
      Fri, Apr 10, 2020 6:33pm +00:00 (via brid-gy.appspot.com)
    • Dmitri Shuralyov twitter.com/dmitshur
      It's not impossible to use email address as identifier, many sites do that. I think URLs have a property that makes them a better identifier: they don't forcibly bundle a means of contact (or spam) into the identifier itself. People can still volunteer it at the given URL.
      Fri, Apr 10, 2020 6:32pm +00:00 (via brid-gy.appspot.com)
    • Erik Paulson twitter.com/erik_paulson
      That's where Brad's webfistbump comes in handy: onebigfluke.com/2013/06/bootst…
      Fri, Apr 10, 2020 4:23pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      That hasn't been true for years. Browser vendors are pushing new features that they want or think will be helpful. Here are some examples: github.com/WebKit/explain… See also all the Twitter threads of people getting angry that Chrome implements something before it's standardized.
      Fri, Apr 10, 2020 4:16pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      That creates a chicken-and-egg problem: browsers won't adopt it unless it's popular. It won't be popular unless browsers adopt it. Chicken-and-egg problems create usually-insurmountable barriers to adoption.
      Fri, Apr 10, 2020 4:12pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      Why is entering an email address less work than entering a URL? What I'm saying is browsers could have an "account chooser" UI to save a URL and enter it in the login field.
      Fri, Apr 10, 2020 3:39pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      If login were automated like credit card forms, it would fail about 50% of the time and need me to enter a page full of unnecessary personal information by hand. That’s not a good model. Why not let me enter an email address instead? That has a domain in it.
      Fri, Apr 10, 2020 3:38pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      That problem can only be solved by browsers. Right now, most of the time the browser autocompletes my URL because I've entered it enough, so I'm not actually typing it out. With any amount of thought, browsers could automate that just like credit card payment forms.
      Fri, Apr 10, 2020 3:36pm +00:00 (via brid-gy.appspot.com)
    • apenwarr twitter.com/apenwarr
      Neat! Seems to still have the URL pasting problem though. How is that UX different from openid, which users didn’t like?
      Fri, Apr 10, 2020 3:34pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using indigenous.abode.pub/ios

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv