|
|
|
|
|
|
by illvm
2572 days ago
|
|
|
Why do users need to have a 3rd party managing their identity? It seems like it would be _safer_ if users could setup their own OAuth infra which would then be certified for use with other systems. For people who lack the expertise or will to roll their own infra then they can use something like Apple ID. |
|
|
>For people who lack the expertise or will to roll their own infra then they can use something like Apple ID.
SO 99.9% of the population. It's a nice sentiment, but for what apple is doing to work (random username generation, and identity obfuscation) the only way for it to work is strength in numbers, that the Apple userbase of people who will only use frictionless sign in, becomes too big to ignore, and to tempting too left uncourted.
>It seems like it would be _safer_
Im not sure I would say safer. Depending on millions of people to keep their software up to date hasnt historically worked super well for Windows and Wordpress. One central authority patching all its services and 24/7 devops sounds a lot safer than trusting millions of self hosted OAuth servers to be up to date and not compromised. What percent of people who have non-self-updating home routers, do you think go in regularly and press the update firmware button?