Hacker News new | ask | show | jobs
by ThePhysicist 2167 days ago
There's the "European" ID4Me project (https://id4me.org/), which tries to add federation on top of OpenID Connect / OAuth2. The idea is to give users globally valid IDs that contain a domain name. Using a TXT record on that domain you then specify which OpenID auth provider a service should use to authenticate the user. If you have your own domain this enables you to switch ID providers without having to update your accounts.

In general I like the idea but since it's a EU-style project I don't expect it to go anywhere to be honest. And personally I don't think the benefit over e-mail based authentication is marginal. That said there are some extensions in OpenID Connect that can achieve something similar, and that (IMHO) are more likely to actually get widely adopted.
2 comments
djsumdog 2167 days ago
New Zealand had a program called Real Me. It's based on a completely and totally broken SAML2 implementation, that only gives you back a single token, and then you have to query another web service to get more information. Oh and years ago when we had to implement a product using it, their Identity Providers would give us different responses randomly ... and it once went down for two weeks straight.
link
rendaw 2167 days ago
What does federation bring here? Aren't OpenID identities already collision free?

I'd love to have SSO under my own control, and while it was theoretically possible with OpenID 2 things have gone backwards with OIDC with everyone supporting it but restricting login to just the big names (Google, Facebook, Apple).

I put together a simple stateless OID2/OIDC identity provider: https://gitlab.com/rendaw/oidle but I have yet to find a website I can actually use it on. I still have hope though.

link
djsumdog 2167 days ago
I had a classic OpenID server and every website I use to authentication against using it has gotten rid of OpenID support. Stackoverflow was the big one. I haven't tried OpenID Connect yet.

https://battlepenguin.com/tech/the-decline-of-openid/

link
rendaw 2167 days ago
By the way I wanted to say I read that blog post a bunch of times while trying to put together that software! OpenStreetMap and GnuSocial may really be everything on the internet now.

I'd almost sign up for a website at this point just to get a chance to use my OID provider...

link