[ta8645]

As far as I can tell, you're relying on Google, or Microsoft, etc to verify your identity. Lose your relationship with them, and you lose control of everything. You have to remain in their good graces, or lose your identity for a diverse set of transactions where those big players would otherwise have no sway.

Would much rather have a truly decentralized identity where you can change providers without losing continuity of your identity. Where your identity provider has to keep you happy, or you transparently move your identity to a new provider.

[adevopsguy]

> Would much rather have a truly decentralized identity where you can change providers without losing continuity of your identity. Where your identity provider has to keep you happy, or you transparently move your identity to a new provider.

This sounds like my dreams. Is there anything that exist now that does this?

For Azure, could you use a 1:1 mapping of Managed Identities and use Federated Credentials? (OIDC).

[apitman]

We need a few popular OIDC providers that will allow you to bring your own email address. That way you can use a custom domain if desired, and achieve the portability you're talking about.

[bloopernova]

I really wanted KeyBase to be an open identity source.

I had a daydream about bob@bobhome being hired at alicecorp. Instead of a new ID bob@alicecorp being created, bob@bobhome is invited to the project-devs@alicecorp. Once a member, that user ID is automatically granted access to jira/git/artifactory/AWS/etc etc

Your ID becomes part of your resume, with a record of who bob@bobhome has worked for, with crypto signed endorsements from team leads etc

[rapnie]

Keyoxide may be worth checking out as a FOSS alternative: https://keyoxide.org/

[SahAssar]

Wouldn't that just put KeyBase in control of being able to validate your identity? What would happen if they banned you?

The parent talks about decentralized (or perhaps federated) solutions which I can understand but I don't get why everyone would want to put all their eggs in the KeyBase basket?

[djbusby]

I wanted things like that from Keybase too. What happened to them?

[sofixa]

They got acquired by Zoom in 2020 for the cryptography and since then have been gutted to the extent that there have been zero announcements or movement.

[bloopernova]

Their leadership didn't seem to know what to do and chased a few passing fads for new features, and didn't address the tech debt they had to improve the UX of their tool.

They added a wallet with Stellar Lumens when that should have been entirely separate. Git repo hosting that should have been left to Github/Gitlab. etc etc.

My opinion is that they should have focused on integration with 3rd parties like github. Plus working on tech debt and UX issues. Created lots of docs on integrating KeyBase with your internal tooling, stuff like that.

[woodruffw]

I don't think is the reason Keybase faded (although I agree that they shouldn't have chased blockchain fads). I'm pretty sure it's because they were bought by Zoom and had all of their engineering talent repurposed.

[bloopernova]

It's my personal opinion that they had lost their way before getting bought by Zoom. Mostly gut feeling from the actions and words from senior leadership.

But you're correct, Zoom's purchase was the death knell.

[taeric]

I struggling to understand the concept of a decentralized identity. You are basically exposing the concept of identity to partitioning problems, at that point. Right?

That is, I don't disagree with the idea that the system we have now ties you to a company. But indirection and decentralization only works to a point. As an example, how do you manage disputes of your identity? Assume whatever system you have can be spoofed successfully somehow. What is the procedure to clarify the factually intended identity of someone?

[dv_dt]

Another layer of indirection often solves things in software engineering. You need a key store that allows use control via multiple identity sources so a backup path can add remove or update allowed sources. If google locks a particular account, drop it as an allowed source, add a different one.

This of course expands the attack surface - indirection comes at a cost.