#meta 2017-07-19

2017-07-19 UTC
[miklb] and ben_thatmustbeme joined the channel
ben_thatmustbeme joined the channel
#
kongaloosh.com
created /events/2017-07-25-homebrew-website-club (+1575) "Created page with "== Details == === What === * <span class="u-url url u-uid uid">https://indieweb.org/events/2017-07-25-homebrew-website-club</span> <div class="p-description description"> '''[ht...""
(view diff)
[chrisaldrich], [miklb] and tantek joined the channel
[chrisaldrich], tantek, jjuran_, [asteres], [jeremycherfas], j12t, sl007, [pfefferle], eli_oat, [kevinmarks] and [eddie] joined the channel
#
[kevinmarks]
The more of the back scroll I read, the more I think calling anything "Auth" is a bad idea. It means nothing to non specialists, and the specialists don't know if we mean authN or authZ
sl007, j12t and [chrisaldrich] joined the channel
#
[chrisaldrich]
What is authN?
#
Loqi
It looks like we don't have a page for "authN" yet. Would you like to create it?
#
[chrisaldrich]
wonders if _we_ know what they are?
#
aaronpk
what is authN?
#
Loqi
It looks like we don't have a page for "authN" yet. Would you like to create it?
#
aaronpk
what is authZ?
#
Loqi
It looks like we don't have a page for "authZ" yet. Would you like to create it?
#
aaronpk
authN is authentication
#
aaronpk
authN is authorization
#
aaronpk
authZ is authorization
#
aaronpk
thanks Loqi
#
Loqi
you're welcome
#
aaronpk
good enough for now
j12t and tantek joined the channel
#
aaronpk
oh and re: authz vs authn, I hate that the two words are so similar so I've started saying "login" and "authorization" and just not using "authentication" at all
#
tantek
who came up with those names? sounds very plumbingy
#
aaronpk
i don't actually know where those terms originated
#
aaronpk
but i imagine with spec people
#
tantek
"spec people" ?
#
tantek
points out aaronpk is now one of "those people" ;)
#
aaronpk
i am totally a spec person
[kevinmarks] joined the channel
#
[kevinmarks]
buys web-it.me and canihaz.me
#
[kevinmarks]
it's why oauth was a bad name
#
tantek
kevinmarks, domain collector (or is it speculator?) :)
#
Loqi
[@libertymadison] @thiojoe Between @iayori @kevinmarks and myself.... we account for 1000 domains. We are 3 people.... ?
#
tantek
oh dear that's a steep annual outlay
#
aaronpk
alright, i'm thinking "indielogin" is actually a pretty good name for the service that the wiki uses to log people in
#
[kevinmarks]
I have been letting some lapse, but it is addictive
#
tantek
oh yeah!
#
aaronpk
even though it's the "developer service" version of this, it's what most people will see
#
tantek
[kevinmarks]: I make myself say a domain name outloud like 10x these days before buying to see if it "sounds good enough" when spoken
#
aaronpk
and "log in" is a user facing term since that's what people put on their website for people to find the link to log in
#
tantek
I try to avoid extra punctuation too because it's too easy to get wrong
#
tantek
aaronpk: true!
#
aaronpk
note that websites never have an "authentication" button
#
aaronpk
you "log in" to your bank website, you don't "authenticate" to your bank website.
#
aaronpk
from the bank's point of view, they authenticate your login, but that's backend/implementation stuff, not what the user sees
#
tantek
agreed, "authenticate" or "authorize" are both plumbing-speak
#
Zegnat
so what’s “authorize” in non plumbing-speak? “allow”?
#
aaronpk
"allow" is pretty good, here's why:
#
Loqi
[sebsel] In Dutch they are actually called 'authenticatie' and 'autorisatie' (with and without the extra H), probably for reason :P
#
aaronpk
or "access"
#
aaronpk
"allow this app to ____" is commonly used in the oauth authorization screens
#
[kevinmarks]
empower this app
#
aaronpk
alright i'm calling it: indielogin.com is now registered
#
Zegnat
Now please define - very carefully - what the exact scope of indielogin.com is, aaronpk ;)
#
jjuran
Everybody’s a spec. person. You’re a spec. person in your own way, just by being you. ;-)
#
jjuran
Zegnat: “privileges”?
#
jjuran
verb would be “grant”
#
aaronpk
indielogin.com is a service that developers use to log users in to a website. you create a web sign-in form that asks for their domain, and it directs people to indielogin.com to authenticate. users can authenticate by linking to Twitter/GitHub/email address/PGP key, and then they are asked to authenticate at one of those when signing iin.
#
jjuran
or maybe “permissions”.
#
Zegnat
jjuran, I like “allow” over “grant” for non-tech speech. Permissions I think is also something silos have been using, but not sure.
#
jjuran
Android has been using “permissions” since forever
#
Zegnat
Sounds clear enough aaronpk :)
#
Zegnat
Would you still be offering an IndieAuth authorization-endpoint through it? Or will that (like tokens) move to somewhere else?
#
aaronpk
nope, it won't have an authorization endpoint anymore
#
aaronpk
that will be part of the other service
#
Zegnat
Good. Keep those far apart.
#
aaronpk
now the fun part. figuring out what I need to change to launch the new site at indielogin.com
#
aaronpk
separating these two roles of the current indieauth.com also means i can do more fun stuff on the authorization side, like two-factor auth, things that require establishing a pre-shared secret
#
Zegnat
Anyone could write an IndieAuth authorization-endpoint that just redirects to indielogin.com though, right? Establishing how you want the API on indielogin.com to look like fixes most of the split-up, anyone else could then create the authorization-endpoint part.
#
Zegnat
(That’s really -dev talk though :) )
#
aaronpk
haha yeah that's true
#
Loqi
nice
#
aaronpk
an authorization endpoint can use any mechanism it wants to handle authenticating users, including using indielogin.com :)
j12t joined the channel
#
[kevinmarks]
Slight scope creep, but indielogin could do a silo.pub style thing for silos, but encourage people to move from, say, Twitter to their own site. Or is that conflating itme and canihaz?
#
aaronpk
i'm confused
#
aaronpk
you want it to let people use a twitter URL as their identity?
#
[kevinmarks]
If it links to their own website
#
[kevinmarks]
Hm. Maybe
#
aaronpk
i could see adding a shortcut for starting the login process which is just a twitter/github button
#
[kevinmarks]
It's starting the rel-me at a different node
#
aaronpk
the identity returned will still be the indie website
#
aaronpk
i don't really want to have it start returning twitter URLs as an identity tho, cause that kind of defeats the goal
#
[kevinmarks]
Right, so they auth with twitter, but it says "you don't link to your own site"
#
[kevinmarks]
It could return silo.pub ones until they get it right
#
aaronpk
that doesn't really help
#
aaronpk
the point is to use your domain as your identity
#
aaronpk
so that you can swap out the authentication method later
#
aaronpk
and keep your identity
#
aaronpk
otherwise it's just another one of those oauth wrapper sites
#
aaronpk
i could see adding twitter/github buttons to this page https://indieauth.com/sign-in
#
aaronpk
and as long as you've set everything up, and are logged in to the riight account on twitter/github, it would find your site and return your website address
j12t joined the channel
#
www.boffosocko.com
edited /Template:GWG (+199) "fixed template & photo"
(view diff)
#
tantek
what are stats
#
Loqi
It looks like we don't have a page for "stats" yet. Would you like to create it?
#
tantek
what are statistics
#
Loqi
It looks like we don't have a page for "statistics" yet. Would you like to create it?
#
tantek
statistics are numbers that show measurements of various IndieWeb things like sites, posts, usage of protocols like Webmention, deployments of projects and plugins.
#
tantek
what is indiemap
#
Loqi
It looks like we don't have a page for "indiemap" yet. Would you like to create it?
#
tantek
really
#
tantek
stats << [https://brid.gy/ Bridgy homepage] shows stats of number of accounts, responses handled, links analyzed, webmentions sent, posts published, and blog posts processed.
#
Loqi
ok, I added "[https://brid.gy/ Bridgy homepage] shows stats of number of accounts, responses handled, links analyzed, webmentions sent, posts published, and blog posts processed." to the "See Also" section of /statistics
#
tantek
stats << 2016-06-06 [https://snarfed.org/2016-06-06_bridgy-stats-update-2 Bridgy stats update] with charts, methodology, and links to previous stats updates.
#
Loqi
ok, I added "2016-06-06 [https://snarfed.org/2016-06-06_bridgy-stats-update-2 Bridgy stats update] with charts, methodology, and links to previous stats updates." to the "See Also" section of /statistics
#
tantek
stats << [https://the-federation.info/ The Federation dot info] is a site that shows stats for [[diaspora]], [[Friendica]], and [[Hubzilla]].
#
Loqi
ok, I added "[https://the-federation.info/ The Federation dot info] is a site that shows stats for [[diaspora]], [[Friendica]], and [[Hubzilla]]." to the "See Also" section of /statistics
#
tantek
stats << [https://donp.org/graph/dashboard/db/mastodon?orgId=1&from=now-30d&to=now Last 30 days of Mastodon stats] - number of instances, toots per second, users.
#
Loqi
ok, I added "[https://donp.org/graph/dashboard/db/mastodon?orgId=1&from=now-30d&to=now Last 30 days of Mastodon stats] - number of instances, toots per second, users." to the "See Also" section of /statistics
sl007, eli_oat, eli_oat1, tantek and [kevinmarks] joined the channel
#
[kevinmarks]
If it logged you in if you had rel-me from twitter and talked you through adding it if you don't, that sounds like fun.
[kevinmarks] and [chrisaldrich] joined the channel
#
[chrisaldrich]
Random trivia: I helped negotiate the location agreement for /The_Social_Network to shoot at the Johns Hopkins University Homewood campus after Harvard denied them access.
#
[chrisaldrich]
As a result all the exterior on-campus Harvard scenes are actually not Harvard.
#
tantek
[chrisaldrich]: I think you've figured out where IWC LA should be held (near to)
#
tantek
for appropriate scene staging :)
#
[chrisaldrich]
I've been wanting to plan a trip to Baltimore to do a IWC there, in part because I'm pretty sure I could swing some great facilities for it.
#
tantek
yes that. Baltimore. food break
#
tantek
schmarty: what do you think?
#
schmarty
I'm in!