#meta 2017-07-19

2017-07-19 UTC
[miklb] and ben_thatmustbeme joined the channel
#
tantek.com edited /events/2017-07-26-homebrew-website-club (+1162) "Wellington!" (view diff)
ben_thatmustbeme joined the channel
#
kongaloosh.com created /events/2017-07-25-homebrew-website-club (+1575) "Created page with "== Details == === What === * <span class="u-url url u-uid uid">https://indieweb.org/events/2017-07-25-homebrew-website-club</span> <div class="p-description description"> '''[ht..."" (view diff)
[chrisaldrich], [miklb] and tantek joined the channel
#
tantek Austin IndieWeb meetup! https://www.facebook.com/events/1774392195912231/
[chrisaldrich], tantek, jjuran_, [asteres], [jeremycherfas], j12t, sl007, [pfefferle], eli_oat, [kevinmarks] and [eddie] joined the channel
#
[kevinmarks] The more of the back scroll I read, the more I think calling anything "Auth" is a bad idea. It means nothing to non specialists, and the specialists don't know if we mean authN or authZ
sl007, j12t and [chrisaldrich] joined the channel
#
[chrisaldrich] What is authN?
#
Loqi It looks like we don't have a page for "authN" yet. Would you like to create it?
#
[chrisaldrich] wonders if _we_ know what they are?
#
aaronpk what is authN?
#
Loqi It looks like we don't have a page for "authN" yet. Would you like to create it?
#
aaronpk what is authZ?
#
Loqi It looks like we don't have a page for "authZ" yet. Would you like to create it?
#
aaronpk authN is authentication
#
Loqi ok
#
aaronpk authN is authorization
#
aaronpk er
#
aaronpk authZ is authorization
#
Loqi ok
#
aaronpk thanks Loqi
#
Loqi you're welcome
#
aaronpk good enough for now
#
[chrisaldrich] ?
j12t and tantek joined the channel
#
aaronpk oh and re: authz vs authn, I hate that the two words are so similar so I've started saying "login" and "authorization" and just not using "authentication" at all
#
tantek who came up with those names? sounds very plumbingy
#
aaronpk i don't actually know where those terms originated
#
aaronpk but i imagine with spec people
#
tantek "spec people" ?
#
aaronpk i mean it's a classic confusion: https://serverfault.com/questions/57077/what-is-the-difference-between-authentication-and-authorization https://oauth.net/articles/authentication/ and search: https://www.google.com/search?q=authorization+vs+authentication
#
tantek points out aaronpk is now one of "those people" ;)
#
aaronpk i am totally a spec person
[kevinmarks] joined the channel
#
[kevinmarks] buys web-it.me and canihaz.me
#
[kevinmarks] it's why oauth was a bad name
#
tantek kevinmarks, domain collector (or is it speculator?) :)
#
[kevinmarks] https://twitter.com/libertymadison/status/887364779085504512
#
Loqi [@libertymadison] @thiojoe Between @iayori @kevinmarks and myself.... we account for 1000 domains. We are 3 people.... ?
#
tantek oh dear that's a steep annual outlay
#
aaronpk alright, i'm thinking "indielogin" is actually a pretty good name for the service that the wiki uses to log people in
#
[kevinmarks] I have been letting some lapse, but it is addictive
#
aaronpk .com
#
tantek oh yeah!
#
tantek +1
#
aaronpk even though it's the "developer service" version of this, it's what most people will see
#
tantek [kevinmarks]: I make myself say a domain name outloud like 10x these days before buying to see if it "sounds good enough" when spoken
#
aaronpk and "log in" is a user facing term since that's what people put on their website for people to find the link to log in
#
tantek I try to avoid extra punctuation too because it's too easy to get wrong
#
tantek aaronpk: true!
#
aaronpk note that websites never have an "authentication" button
#
aaronpk you "log in" to your bank website, you don't "authenticate" to your bank website.
#
aaronpk from the bank's point of view, they authenticate your login, but that's backend/implementation stuff, not what the user sees
#
tantek agreed, "authenticate" or "authorize" are both plumbing-speak
#
Zegnat so what’s “authorize” in non plumbing-speak? “allow”?
#
aaronpk "allow" is pretty good, here's why:
#
Zegnat Also https://chat.indieweb.org/dev/2017-06-15/1497541148839000
#
Loqi [sebsel] In Dutch they are actually called 'authenticatie' and 'autorisatie' (with and without the extra H), probably for reason :P
#
aaronpk or "access"
#
aaronpk "allow this app to ____" is commonly used in the oauth authorization screens
#
[kevinmarks] empower this app
#
aaronpk button text on linkedin is "allow" https://c1.staticflickr.com/5/4092/5166777149_96945ddae3_b.jpg
#
aaronpk alright i'm calling it: indielogin.com is now registered
#
Zegnat Now please define - very carefully - what the exact scope of indielogin.com is, aaronpk ;)
#
jjuran Everybody’s a spec. person. You’re a spec. person in your own way, just by being you. ;-)
#
jjuran Zegnat: “privileges”?
#
jjuran verb would be “grant”
#
aaronpk indielogin.com is a service that developers use to log users in to a website. you create a web sign-in form that asks for their domain, and it directs people to indielogin.com to authenticate. users can authenticate by linking to Twitter/GitHub/email address/PGP key, and then they are asked to authenticate at one of those when signing iin.
#
jjuran or maybe “permissions”.
#
Zegnat jjuran, I like “allow” over “grant” for non-tech speech. Permissions I think is also something silos have been using, but not sure.
#
jjuran Android has been using “permissions” since forever
#
Zegnat Sounds clear enough aaronpk :)
#
Zegnat Would you still be offering an IndieAuth authorization-endpoint through it? Or will that (like tokens) move to somewhere else?
#
aaronpk nope, it won't have an authorization endpoint anymore
#
aaronpk that will be part of the other service
#
Zegnat Good. Keep those far apart.
#
aaronpk now the fun part. figuring out what I need to change to launch the new site at indielogin.com
#
aaronpk separating these two roles of the current indieauth.com also means i can do more fun stuff on the authorization side, like two-factor auth, things that require establishing a pre-shared secret
#
Zegnat Anyone could write an IndieAuth authorization-endpoint that just redirects to indielogin.com though, right? Establishing how you want the API on indielogin.com to look like fixes most of the split-up, anyone else could then create the authorization-endpoint part.
#
Zegnat (That’s really -dev talk though :) )
#
aaronpk haha yeah that's true
#
Loqi nice
#
aaronpk an authorization endpoint can use any mechanism it wants to handle authenticating users, including using indielogin.com :)
j12t joined the channel
#
[kevinmarks] Slight scope creep, but indielogin could do a silo.pub style thing for silos, but encourage people to move from, say, Twitter to their own site. Or is that conflating itme and canihaz?
#
aaronpk i'm confused
#
aaronpk you want it to let people use a twitter URL as their identity?
#
[kevinmarks] If it links to their own website
#
[kevinmarks] Hm. Maybe
#
aaronpk i could see adding a shortcut for starting the login process which is just a twitter/github button
#
[kevinmarks] It's starting the rel-me at a different node
#
aaronpk the identity returned will still be the indie website
#
aaronpk i don't really want to have it start returning twitter URLs as an identity tho, cause that kind of defeats the goal
#
[kevinmarks] Right, so they auth with twitter, but it says "you don't link to your own site"
#
[kevinmarks] It could return silo.pub ones until they get it right
#
aaronpk that doesn't really help
#
aaronpk the point is to use your domain as your identity
#
aaronpk so that you can swap out the authentication method later
#
aaronpk and keep your identity
#
aaronpk otherwise it's just another one of those oauth wrapper sites
#
aaronpk i could see adding twitter/github buttons to this page https://indieauth.com/sign-in
#
aaronpk and as long as you've set everything up, and are logged in to the riight account on twitter/github, it would find your site and return your website address
j12t joined the channel
#
www.boffosocko.com edited /Template:GWG (+199) "fixed template & photo" (view diff)
#
tantek what are stats
#
Loqi It looks like we don't have a page for "stats" yet. Would you like to create it?
#
tantek what are statistics
#
Loqi It looks like we don't have a page for "statistics" yet. Would you like to create it?
#
tantek statistics are numbers that show measurements of various IndieWeb things like sites, posts, usage of protocols like Webmention, deployments of projects and plugins.
#
Loqi ok
#
tantek stats are /statistics
#
Loqi ok
#
tantek what is indiemap
#
Loqi It looks like we don't have a page for "indiemap" yet. Would you like to create it?
#
tantek really
#
tantek stats << [https://brid.gy/ Bridgy homepage] shows stats of number of accounts, responses handled, links analyzed, webmentions sent, posts published, and blog posts processed.
#
Loqi ok, I added "[https://brid.gy/ Bridgy homepage] shows stats of number of accounts, responses handled, links analyzed, webmentions sent, posts published, and blog posts processed." to the "See Also" section of /statistics
#
tantek stats << 2016-06-06 [https://snarfed.org/2016-06-06_bridgy-stats-update-2 Bridgy stats update] with charts, methodology, and links to previous stats updates.
#
Loqi ok, I added "2016-06-06 [https://snarfed.org/2016-06-06_bridgy-stats-update-2 Bridgy stats update] with charts, methodology, and links to previous stats updates." to the "See Also" section of /statistics
#
Loqi [Ryan Barrett] Bridgy stats update https://snarfed.org/bridgy_stats/2016/costs_vs_users_thumb.png
#
tantek stats << [https://the-federation.info/ The Federation dot info] is a site that shows stats for [[diaspora]], [[Friendica]], and [[Hubzilla]].
#
Loqi ok, I added "[https://the-federation.info/ The Federation dot info] is a site that shows stats for [[diaspora]], [[Friendica]], and [[Hubzilla]]." to the "See Also" section of /statistics
#
tantek stats << [https://donp.org/graph/dashboard/db/mastodon?orgId=1&from=now-30d&to=now Last 30 days of Mastodon stats] - number of instances, toots per second, users.
#
Loqi ok, I added "[https://donp.org/graph/dashboard/db/mastodon?orgId=1&from=now-30d&to=now Last 30 days of Mastodon stats] - number of instances, toots per second, users." to the "See Also" section of /statistics
sl007, eli_oat, eli_oat1, tantek and [kevinmarks] joined the channel
#
[kevinmarks] If it logged you in if you had rel-me from twitter and talked you through adding it if you don't, that sounds like fun.
[kevinmarks] and [chrisaldrich] joined the channel
#
[chrisaldrich] Random trivia: I helped negotiate the location agreement for /The_Social_Network to shoot at the Johns Hopkins University Homewood campus after Harvard denied them access.
#
[chrisaldrich] As a result all the exterior on-campus Harvard scenes are actually not Harvard.
#
tantek heh
#
tantek [chrisaldrich]: I think you've figured out where IWC LA should be held (near to)
#
tantek for appropriate scene staging :)
#
[chrisaldrich] I've been wanting to plan a trip to Baltimore to do a IWC there, in part because I'm pretty sure I could swing some great facilities for it.
#
tantek yes that. Baltimore. food break
#
tantek schmarty: what do you think?
#
schmarty I'm in!