geoffo, KartikPrabhu, [chrisaldrich], gxt, jeremycherfas, moppy, [pfefferle], [James_Gallaghe], swentel, justache, [Murray], MylesBraithwaite and shoesNsocks1 joined the channel
#Zegnatnekr0z: the way OpenID does what I would consider aliasing of one identity to another seems interesting. And seems slightly different from what my PR is suggesting. I tried to add some clearer examples of the difference to the PR.
#nekr0zZegnat: yes, you're right, and I'm reading openID spec same way as you (in that it's kinda doing the opposite to what you're trying to do). But I've seen examples of openID clients in the wild that actually do the opposint of what openID spec expects and result in the behavior you're shooting for.
#ZegnatOpenID will probably never stop to confuse me with their mix of implementations
#nekr0zWhat openID spec implies is that if I have e.com that has evgenykuznetsov.org for openid.delegate, and I try to auth as e.com at a client, the client should use evgenykuznetsov.org to auth me, but record that I'm e.com. If I also have e.me (using evgenykuznetsov.org for openid.delegate, too) and try to auth at the same client, it should record that I'm e.me now, and not the same user as e.com - that's the idea, it seems.
#nekr0zwhat many clients actually do in that scenario is record me as evgenykuznetsov.org, thus making e.com and e.me the same user. Tottally not what the spec intends, but kinda what you're shooting for :)
#ZegnatAnd indeed, from the spec there is some sort of magic aliasing happening within the clients (which they call consumers)
[jgmac1106] and jeremych_ joined the channel
#Zegnatnekr0z: do you think what I am proposing would be able to fulfil your usecase as you have it today?
#ZegnatI would much rather work for usecases, than try to reach some sort of OpenID parity
KartikPrabhu joined the channel
#nekr0zZegnat: oh, totally! What you're trying to do is actually what I'm looking for, and not only I, as recent discussions in my local language indieweb chat seem to indicate :)
#ZegnatAwesome! :D We just need to have a good conversation with IndieAuth implementers and see what their thoughts are too. Did not want to push this through just on a whim.
dckc, geoffo, KartikPrabhu, sp1ff, nickodd, leg and [KevinMarks] joined the channel
#jamietanna[m]Ah woops, looks like it was my bad earlier when I had an invalid `u-photo`, all good 🙃
[tantek], [chrisaldrich], [James_Gallaghe], [Murray], jeremycherfas, [pfefferle], swentel, sp1ff, geoffo and [michael_lewis] joined the channel; nickodd left the channel
#[michael_lewis]Big question - can independent personal websites (IndieWeb sites) be on subdomains of a non-owned domain, e.g. would a site at username.github.io count? The way I've implemented it, the owner needs to control the entire domain, e.g. in this case github.io, ruling out submissions from username.github.io. However, there are quite a few personal websites on e.g. username.github.io which have some good content, plus I've seen a couple of
#[michael_lewis]familydomain.com sites with person1.familydomain.com and person2.familydomain.com.
#[michael_lewis]I think you could get IndieAuth working on username.github.io, and some but not all of the Domain Control Validation should work too (e.g. file in root, but not the TXT record). I'm tempted to stick with the entire domain approach, but allow a few exceptions for specific subdomains (e.g. github.io, gitlab.io), but any other thoughts?
#ZegnatI think both subdomains and even subpaths are valid homepage URLs. So I definitely think they "count" (whatever that means).
#ZegnatIf you are interested in only treating subdomains for things like github.io, you may be interested in looking into the Public Suffix List.
#ZegnatThat is a project that lists domains with subdomains that should be individually handled by browsers when it comes to cookies etc. Basically sandboxing them from eachother. Includes github.io, gitlab.io, and many more.
#LoqiIt looks like we don't have a page for "public suffix list" yet. Would you like to create it? (Or just say "public suffix list is ____", a sentence describing the term)
#[snarfed]Zegnat++ . we strongly push owning your own domain, but we do regularly have people participate from subdomains like that. helps provide easier gradual onboarding from services like micro.blog etc
#LoqiZegnat has 32 karma in this channel over the last year (83 in all channels)
#[michael_lewis][Zegnat] Thanks. I'm using Python's tldextract which supports the Public Suffix List. Anyway just rolled out support for subdomains but only in the special exceptions of github.io and gitlab.io because I do get the impression that owning your own domain is kind of one of the main points.
#[snarfed]consider also adding wordpress.com, blogger, tumblr, maybe medium domains too
#[snarfed]we generally err on the side of welcoming people and gently nudging them over gatekeeping
[tw2113], jjuran, [tantek] and [schmarty] joined the channel
#[schmarty]The cloud-is-the-default thinking is also strong in browsers and web developer thinking and it was making me cranky the other day
#[schmarty]This video from google is like "wow look at all this storage for your apps!!!" while still saying with a straight face that it's impossible to know how much you can store and that it can be evicted at any time with no notice
#[schmarty]wonders what happened to the RemoteStorage project