#indieweb 2023-09-29

2023-09-29 UTC
[schmarty], Nuve and nertzy joined the channel
AramZS, gRegorLove_, gerben and [Jo] joined the channel
#
[Jo]
Helloo good morning Virtual
#
[tantek]
would it be accurate to characterize IndieAuth as "bring your own SSO"?
#
[tantek]
from a user perspective
#
[tantek]
or is SSO too jargony?
[jeremycherfas] joined the channel
#
[jeremycherfas]
What is SSO?
#
Loqi
It looks like we don't have a page for "SSO" yet. Would you like to create it? (Or just say "SSO is ____", a sentence describing the term)
AramZS and rocto joined the channel
#
Virtual
I thought using your own website/domain to validate your identity to be a very clever approach
timdream, AramZS, geoffo, tyil and gxt joined the channel
#
c​apjamesg
Virtual thank you!
#
c​apjamesg
Lots of us use that approach!
#
c​apjamesg
A quick reminder that we are hosting a Build a Website in an Hour event this weekend. Join us to create a new web project, or work on an existing one, in an hour!
#
IWDiscord
<c​apjamesg#0>
AramZS and dmowitz joined the channel
#
sebbu
SSO is a vague and broad term though
#
sebbu
i mean, i concerns auth, but also 3rd party services that might be used for it, or keeping sessions accross multiple sites/domains
#
sebbu
Virtual, indieauth, or relmeauth ? :D
#
aaronpk
no I don't think SSO is vague and broad
#
aaronpk
there are multiple ways to accomplish single sign-on, depending on what your goals are
#
aaronpk
i think it's fair to say IndieAuth is a type of "BYO SSO"
#
sebbu
but, would cross domain consent sharing, you could log in on one site, go on another site, and being logged in without doing anything (not even a "sign on through ..." button)
plantroon joined the channel
#
sebbu
s/would/with/
#
sebbu
i know a few sites with multiple domains that do that
#
aaronpk
auto-login like that is only one aspect of SSO, and not a required attribute for it to be considered SSO
#
c​apjamesg
#indieweb-dev?
#
aaronpk
nah, still talking about user features of SSO. no need to get into the weeds of how to implement it to talk about what it is
#
sebbu
also, what's the term for the auth we're asked to do (either login in again, or 2FA or other) when we try to access settings (private info or security) on a site where we're already auth ?
#
aaronpk
step-up authentication
#
sebbu
even if it's just repeat of the same auth ?
#
sebbu
(some site have a 2FA that's used only for thoses, while others just re-ask your password)
#
aaronpk
i think it still falls under "step-up". the OAuth draft for step-up auth has a "max_age" parameter that could result in only re-entering your password. but now we're getting into #indieweb-dev
asarandi, mooff, hedy-, dmowitz, tenkuu, chenghiz_ and bterry joined the channel
#
[KevinMarks]
I turned my Nexus 7 on for the first time in a while and Google not only demanded a password, it sent a challenge to my phone too.
AramZS, mdemo and tenkuu joined the channel
#
[tantek]
wow that's not great. [KevinMarks] were you able to take a photo of the screen / phone challenge? Sounds like a good mini-post to send publish & send to Cory
#
[tantek]
the whole thing of losing control of the devices you "own"
tenkuu, bret, angelo, jarkad, jeremycherfas and kleb joined the channel