- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 22 Apr 2025 18:04:01 +0200
- To: Virginia Balseiro <info@virginiabalseiro.com>
- Cc: public-solid@w3.org
- Message-ID: <CAKaEYhKzFbwpo-osMXunKrgTYqEaM6x6K5C6anRNeRn7u7c7ng@mail.gmail.com>
út 22. 4. 2025 v 17:38 odesílatel Melvin Carvalho <melvincarvalho@gmail.com> napsal: > > > út 22. 4. 2025 v 17:32 odesílatel Virginia Balseiro < > info@virginiabalseiro.com> napsal: > >> Hi all, I want to ask a potentially silly question about Solid-OIDC :) >> >> AFAICT, with static registration, clients need to be very aware of IDPs, >> registering themselves statically (read: manually) on a particular >> "broker" service. This means it is not particularly scalable for a >> decentralized ecosystem. >> >> Dynamic client registration is perhaps more suitable for a decentralized >> ecosystem, but the benefits in terms of security seem marginal since any >> client can register themselves dynamically. >> >> In addition, there have been conversations (and there might have been >> implementations) about potential restrictions of certain operations >> and/or certain resources to particular clients means that users will >> need to contact / request their RP / service providers to allow a >> certain application that they prefer / trust. >> >> These approaches sound for sure very secure, but doesn't seem to align >> to the promise of individuals having the "autonomy" that Solid is >> supposed to offer. >> >> I may have misunderstood some of the technical details but it seems to >> me (Solid-)OIDC's model isn't particularly fitting for Solid. My >> question is, how would this be reasonably usable and scalable in a >> decentralized / open ecosystem? >> > > Hi Virginia, > > Not a silly question at all — it’s a really thoughtful one! > > Just to add a note: Solid-OIDC is only one option for authentication in > Solid. Before it came along, we had WebID-TLS, which leaned more toward > decentralization (albeit with its own quirks). > > Over in the Nostr CG, we’ve also been exploring a different approach to > decentralized auth that I believe could scale beautifully. It’s called HTTP > Schnorr Authentication — simple, elegant, and grounded in cryptographic > identity: > > https://nostrcg.github.io/http-schnorr-auth/ > > Still early days, but exciting directions ahead! > I forgot to mention — it’s already working for Nostr’s several million users. And I made a little video showing how it can integrate with Solid for decentralized one-click login, without any trusted third party involved: https://www.youtube.com/watch?v=5ji9BLE5BYU > Best, > Melvin > > >> >> Cheers, >> >> Virginia >> https://virginiabalseiro.com/#me >> >> >>
Received on Tuesday, 22 April 2025 16:04:17 UTC