Aaron Parecki

Blaine Cook https://twitter.com/blaine • Nov 19
I don't agree that it's completely glossed over - there is a registration protocol, it's just not widely implemented. The intent could be better stated, for sure, but I think IA's emphasis is too far the other way. My ideal is something in-between IndieAuth and OIDC, I think! 😊

take a look at my activitypub conference talk, starting at 11:50, I address the UX aspect of it here: https://aaronparecki.com/2020/09/22/25/activitypub-oauth-2-1#t=710

also happy to set up a time to chat about this instead! I think we have a lot of similar goals!

Portland, Oregon • 47°F

2 likes

Wed, Nov 18, 2020 10:26pm -08:00
Blaine Cook https://twitter.com/blaine • Nov 19
My goal is to enable secure, simple federated identity. Authentication is a core bit of functionality in that regard. Obviously supporting non-corporate identities is critical, but forcing everyone to be 'indie' is a mistake, I think.

nobody said "force". my goal is to *enable* indie identities, something that is pretty much completely glossed over by the current OIDC ecosystem.

Portland, Oregon • 47°F

1 like 1 reply

Wed, Nov 18, 2020 10:17pm -08:00
Mugwump https://twitter.com/ozaed • Nov 19
I use DNSSEC since 6+ years, while I have seen many auth protocols come and go. And 'IndieAuth' I first heard today.

ah yes, the "this is the first I've heard about it" argument sure is a solid one

Portland, Oregon • 47°F

Wed, Nov 18, 2020 10:15pm -08:00
Neven Mrgan https://twitter.com/mrgan

Should we put Stories on Playdate? I don't think this question really means anything, but it was fun drawing 1-bit avatars. Stories, Stories, Stories!!

Portland, Oregon • 47°F

Thu, Nov 19, 2020 12:39am +00:00 (liked on Wed, Nov 18, 2020 10:02pm -08:00)
Vittorio https://twitter.com/vibronet

Here’s my take on @twitter Fleets. Buckle up, kids.
[Thread- 1/n]

Portland, Oregon • 46°F

Thu, Nov 19, 2020 5:27am +00:00 (liked on Wed, Nov 18, 2020 9:34pm -08:00)
bradfitz https://twitter.com/bradfitz • Nov 18
I literally just sprayed coffee all over my monitor at your comment. Took the wrong moment to have a sip.

I appreciate the commitment to prove this with a photo and am also very curious about what's in your bookmark toolbar and open tabs

Portland, Oregon • 46°F

1 like

Wed, Nov 18, 2020 9:33pm -08:00
Blaine Cook https://twitter.com/blaine

Yeah, client registration is a hold-over, and unnecessary for domain validation (same as letsencrypt). It's unfortunate OIDC didn't do a better job here. To be clear, I'm totally pro-IndieAuth, because the _protocol_ doesn't matter as long as it's secure. It's the UX / messaging.

Portland, Oregon • 46°F

Thu, Nov 19, 2020 5:19am +00:00 (liked on Wed, Nov 18, 2020 9:30pm -08:00)
Queen’s Gambit Garry Kasparov interview: The former world chess champion on what the Netflix series gets right. (slate.com)

Wed, Nov 18, 2020 8:57pm -08:00 #chess #tv
patrick. https://twitter.com/imPatrickT • Nov 18
yup and loading from Lock Screen is a deal breaker for me.

*deal maker. agreed.

Portland, Oregon • 46°F

1 like

Wed, Nov 18, 2020 8:34pm -08:00
Deity Microphones 🎙️ https://twitter.com/deitymicrophone • Nov 18
Seems like YouTube is changing their service terms AGAIN.... It's that second bullet point that should be interesting...

What are your thoughts on the new changes to the YouTube platform?

I always assumed that was already the case. Is it not?

Portland, Oregon • 46°F

2 likes

Wed, Nov 18, 2020 8:33pm -08:00
Blaine Cook https://twitter.com/blaine • Nov 19
😢 @aaronpk knows my stance on this well - domain-based auth is exclusionary and confusing to users. IndieAuth should just use email addresses, even if it's not doesn't use webfinger and just does s/@([^.*]\..*$/\1/ with the address.

Email addresses *are* domain-based auth. I think you’re conflating two different parts of the system. In IndieAuth, the canonical user identifier doesn’t have to be the thing the user enters in a login prompt. This is also true for almost every other authentication system.

Portland, Oregon • 45°F

1 reply

Wed, Nov 18, 2020 8:28pm -08:00
Simon Willison https://twitter.com/simonw • Nov 19
Thanks, filed an issue https://github.com/simonw/datasette-indieauth/issues/21

To be clear, I’m not sure this is a *good* idea, and it also requires a bit of code running at the web server of the root domain, but it does work.

Portland, Oregon • 45°F

3 replies

Wed, Nov 18, 2020 8:25pm -08:00
Lee Zavitz https://twitter.com/ZavitzLee

Petition for Apple to bring back the SD card reader in all devices. That would be much appreciated by every single human being.

Portland, Oregon • 45°F

Thu, Nov 19, 2020 2:19am +00:00 (liked on Wed, Nov 18, 2020 8:22pm -08:00)
Aaron Parecki https://aaronparecki.com/ • Nov 18
I’ll admit it’s a bit of a “hack”. The trick is “aaron@parecki.com” is a URL because if you assume the http scheme then you get http://aaron@parecki.com which is a username but no password with HTTP basic auth. The server can switch what it returns based on that username.

As a client developer you have to: 1) follow the spec by assuming “http” if no scheme is entered, and 2) allow the user-entered URL to contain a username component.

Portland, Oregon • 45°F

5 replies

Wed, Nov 18, 2020 8:21pm -08:00
Simon Willison https://twitter.com/simonw • Nov 19
I thought that was valid with RelMeAuth but not IndieAuth - how can I get that working as an IndieAuth client?

I’ll admit it’s a bit of a “hack”. The trick is “aaron@parecki.com” is a URL because if you assume the http scheme then you get http://aaron@parecki.com which is a username but no password with HTTP basic auth. The server can switch what it returns based on that username.

Portland, Oregon • 45°F

1 reply

Wed, Nov 18, 2020 8:20pm -08:00
Blaine Cook https://twitter.com/blaine • Nov 19
In the meantime, IndieAuth is, imho, a step backwards. OAuth/OIDC sign-in with login_hint works *great*; the lack of auto-/no-registration / a public key version is a real bummer, though.

This one I’m really confused on, and we should probably chat about it to clear things up. IMO OIDC is more of a barrier here because the default is that clients need to register. With IndieAuth there is no expectation of client registration at all.

Portland, Oregon • 45°F

1 reply

Wed, Nov 18, 2020 8:18pm -08:00
Blaine Cook https://twitter.com/blaine • Nov 19
😢 @aaronpk knows my stance on this well - domain-based auth is exclusionary and confusing to users. IndieAuth should just use email addresses, even if it's not doesn't use webfinger and just does s/@([^.*]\..*$/\1/ with the address.

There is no obligation that you have to register your own domain for IndieAuth to work. I’ve talked about this at ActivityPub Conference showing how they can use IndieAuth to enable a standards-based app ecosystem for ActivityPub/Mastodon apps. That of course uses shared domains.

Portland, Oregon • 45°F

2 likes 1 repost 1 reply

Wed, Nov 18, 2020 8:16pm -08:00
Simon Willison https://twitter.com/simonw • Nov 19
I'm intrigued by the IndieAuth thing where you can input a domain but your final identifier is a page specific to you on that domain - seems like it could help avoid users having to register their own domain or remember their full URL

so it turns out this works. I can type in “aaron@parecki.com” in an indieauth prompt and it works. because that is a URL.

Portland, Oregon • 45°F

2 replies

Wed, Nov 18, 2020 8:15pm -08:00
Sarah Mirk https://twitter.com/sarahmirk

I’m glad to see this story come out, it’s been a long time coming. I’m sure there are way more stories than are printed here. I hope Xray FM survives this bullying behavior at the top. https://www.wweek.com/news/2020/11/18/staffers-at-xray-fm-allege-unprofessional-behavior-by-the-stations-executive-director-jefferson-smith/

Portland, Oregon • 45°F

Thu, Nov 19, 2020 2:22am +00:00 (liked on Wed, Nov 18, 2020 7:22pm -08:00)
Dennis Crowley 🇺🇸 https://twitter.com/dens • Nov 18
"This is an urgent message for the vehicle owner..."

How do we not have the technology to stop this shit?

a side benefit of not owning a car is being able to completely ignore these without even a second thought 😂

Portland, Oregon • 45°F

1 like

Wed, Nov 18, 2020 6:59pm -08:00

older