Ok, I did look into this more carefully and I remember running into this earlier.
How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?
2
There are definitely some similarities since they are both adding an identity layer on top of OAuth. IndieAuth is a much smaller surface area tho and does less stuff. Some more details here: indieweb.org/How_is_IndieAut…
1
1
"Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique." -- ugh, is this a feature or a bug? I feel like this isn't going to age well :(
1
Do you mean when there's a viable replacement for DNS? We can cross that bridge when we come to it.
1
No, in the sense are these designed such that two different RPs get the same global identifier for the same user?
1
1
Oh yeah, that's intentional. It'd be interesting to explore what it could look like otherwise tho.
2
2
I'm actually really interested in this particular problem right now since Sign In with Apple is probably the biggest example of differing IDs per RP yet the first thing the RPs want to do is resolve that back to an identifiable user.
2
1
I actually thought I had already joined, but I haven't yet actually joined a meeting. It's a lot to keep up on with all the other spec work I'm in the middle of 😅
Oct 8, 2021 · 4:42 AM UTC
1