#aaronpkI just replaced the login mechanism of webmention.rocks with indielogin.com. If you have your own authorization endpoint, you won't notice anything different. but now it will also work with twitter/github relmeauth.
#LoqiThe Leaders Summit is a half-day of activities and sessions before IndieWeb Summit 2017, for everyone who has co-organized an IndieWebCamp in the past two years or at least two Homebrew Website Club meetups with at least one meetup photo https://indieweb.org/leaders_summit
#tantekalso we don't do prescheduled sessions for Leaders Summit
#ZegnatHmm, maybe it should be “topics” rather than “sessions” then?
#LoqiThe Leaders Summit is a half-day of activities and sessions before IndieWeb Summit 2018, for everyone who has co-organized an IndieWebCamp in the past two years or at least two Homebrew Website Club meetups with at least one meetup photo https://indieweb.org/leaders_summit
#tantek.comedited /2018/Leaders () "(-4580) delete hollow copy/pastes from 2017, note a couple of likely proposers, rename "centralisation" to "IndieWeb Community Infrastructure" to more accurately reflect the topic" (view diff)
#ZegnatLooks good tantek. Interesting that GWG’s note about the GitHub repos was apparently a copy? Now my note of “also discuss” looks a little weird.
#ZegnatYep. But the “also” in that first sentence refered specifically to GWGs point. Which was removed, and which I also thought to be about orgs. I have a small internal debate whether it is worth going in and removing the word “also”, hehe
#jgmac1106may want to consider adding off-record. Please do not quote without permssion to description in the indieweb-chat Slack channel. New communitied members may not catch the nuance that it is only channel not archived
[jgmac1106], jgmac1106_ and [matthilt] joined the channel
#[matthilt]I use Microsoft's Azure cloud platform to host my site and some other services. I have a fixed cost I can spend each month there. I was goofing around and spent all the money early so MS has kindly turned all of my services off. Its my fault really. I just should have planned better.
#[jgmac1106]No, they should give you usage warnings. AWS does. Does Azure hand out credits like candy similar to AWS?
#[matthilt]Kinda. If I'd set up alerts I probably would have been warned. I'll fix it on the 6th
#[jgmac1106]Share your plight with @ mentions on Twitter. I betcha you get a bone thrown your way
#[matthilt]I may do that. I still feel like I goofed off and got caught. Creating 11 VMs in two days will go through your spend pretty quickly
#[jgmac1106]I will keep a look out and try and share it with folks I know in Redmond, but I find asking for things nicely in Twitter gets you free stuff.
#[jgmac1106]It's like writing letters in Summer School to get new sunglasses
#[jgmac1106]Plus you can always find extra free credits some where. I think my last free year of credit came from a code ai found in a reddit thread for Brazilian start ups
#[matthilt]I may do some looking later. My actual job has me busy today.
#[jgmac1106]Once West Coast wakes up if you ask nicely on Twitter I bet someone helps
#schmartyaaronpk: just tried logging into webmention.rocks for receiving tests. worked just like before! used relmeauth with my GPG key.
#aaronpkyou must have indieauth.com listed as your authorization endpoint then
#Zegnatjeremycherfas: “martijn will now explain *exactly* what it is” ...
[snarfed] joined the channel
#ZegnatGood to be doing vHWC again. I am going to put it in my calendar again, so it should be on (on schedule) in 2 weeks
#ZegnatFor people who do not feel like jumping in now ;)
#jeremycherfasI would be up and down every two minutes, which is easier here where I can scan back at the logs.
#jeremycherfasOne thing I didn't ask you to clarify was the difference between authorization and authenticatioon. It seems to me that a lot of what indieauth and selfauth and indielogin are doing is authetication. I am authentically who I say I am.
#jeremycherfasFrom which it follows that "auth" is a really confusing prefix.
#tantekaaronpk would you consider "just" a password to be authn or authz then? I thought it was authz (since knowing *just* a password says nothing about identity)
#aaronpkthat's a not-practical way to frame the question
#tantekoh? plenty of "just password" access in practice
[Vanessa] joined the channel
#aaronpkat least not practical in the context of indieweb tools
#aaronpkby that logic, passwords would never be able to be used to log in to anything
#tantekhence I think you're overly narrowly using "login"
#aaronpkalso this train of thought is a fun brain teaser but is not helpful for people who want to understand how things like quill or micropub clients work
#aaronpka password itself doesn't tell you who the user is, but a password is commonly used to verify that the user is who they say they are
#tantekaaronpk, yes it is ambiguous. "just" a pw could be either authn or authz
#aaronpkin the indieweb context, when you log in to an app or website that is not your own site, you are both providing it your identity and proving that
#tantekaaronpk, hence I prefer *sign-in* as a more specific verb, to mean authn which implies authz
#aaronpkwell the point of the distinction is to have a term that *does not* mean authz
#tantekit's hard to exclude authz from authn so I'm not sure what your (practical) goal/point is
#aaronpkwe don't generally deal with the case of someone being unauthorized to log in to an app
#aaronpkmy practical goal is to have an easy to understand distinction between the two indieauth flows
#aaronpkthat avoids sending people down a rabbit hole of all the subtleties of authz vs authn
#tantekwrong reasoning - anything about safety / blocking / banning needs to be treated *differently*, more urgently, than it's apparent (especially self-experienced) experience would imply
#aaronpki'm not saying we shouldn't support that use case
#aaronpkjust that there is a very real confusion by people and having a clear explanation is useful
#tantekI'm saying don't dismiss it with "how often"
#aaronpkand the simplest version of that is authz is used to give apps access to do stuff with your website, and authn is saying who you are which is most commonly used when logging in to sites
#Zegnatauthn = establishing that I control a URL/profile; authz = giving someone else some control over the URL/profile.
#aaronpki don't really feel like that term has that connotation but okay
#ZegnatLogin/signin to me: whenever there is a form I have to put something into, and a button to press to then get (or not get) access based on what I put in the form
#tantekThis was a very deliberate decision I made when I came up with the "Web sign-in" naming / microcopy back in the day
#ZegnatWhether that is my URL on the indieweb wiki, or a username and password on Facebook, all the same to me
#tantekZegnat because you're ignoring the distinguishing aspect of such UIs which I explicitly mentioned
#ZegnatI am just saying that the visual of a form that gives access is what I call a login. And that no matter what word you put above it, that’s my instinct. Wondered if aaronpk might have the same idea, as he doesn’t see a meaningful difference either
#tantekZegnat I am just saying you are ignoring key aspects of the visual of a form in making your argument
#tantekkey aspects which are what I'm talking about
#aaronpkI do actually prefer the term sign-in, but not for that reason
#tantekyes if you ignore those key aspects, you won't see a meaningful difference
#ZegnatHmm. Don’t think I follow. Which aspect am I not seeing? I am probably blind to it in this conversation as much as I am blind to it on the web then :/
#tantekagree with sign-in being more user-friendly aaronpk
#ZegnatInteresting. Whether I have to create an account or can use an existing count (from silo / OpenID / IndieAuth) is all the same to me, I guess. Which is why that never registers for me, probably.
#tanteklogout of your favorite sites and take screenshots of their complete login/sign-in UI
#jeremycherfasAll I know is that when I get to create an account and I'm offered login/signup with Facebook or Twitter, I look extra hard for the one that allows me to use my email.
#Loqi[superfeedr] "I documented the WordPress plugins I adopted in January when I started shooting for IndieWeb adoption and started my microblogging journey. It seems to work pretty well but give this post a read if you want to see what I did or are willing to educate me on what to change." by Ron on 2018-05-02 https://ron.theguests.us/2018/05/02/1401/
calumryan and jgmac1106_ joined the channel
#calumryanconsidering adding an RSVP interested-in option for future HWC London events
#ZegnatIndie RSVPs already support interested, right?
#LoqiAn RSVP is a reply to an event post that says whether the sender is or is not attending, might attend, or is just interested in the event https://indieweb.org/rsvp
[jgmac1106] joined the channel
#Zegnat“Possible RSVP values: yes, no, maybe, interested” :)
#Loqi[superfeedr] "The registration page for the upcoming IndieWebSummit from June 26-27, 2018 in Portland is now up. Whether you’re just starting your first website or building bleeding edge web applications, this is the place to be. RSVP now! #Indieweb #BarCamp If you’re game for an extended trip, I’ll note that it’s right after Open Source Bridge (@OSBridge) … Continue reading """ by Chris Aldrich on 2018-05-02 http://boffosocko.com/2018/05/02/registration-for-indiewebsummit-2018/
#LoqiThe phrase Federated Social Web is an early 2010s phrase that historically referred to several things, including federation with social standards, the Federated Social Web Summit event(s), and 2010-era social web efforts https://indieweb.org/FSW