Right now, instances use various systems to decide how to assign permissions to users. It’s hard to standardize permissions, as it’s not clear (1) what permissions should exist and (2) how to make other instances aware of those permissions.
I’m especially curious about how you might implement a role-based access control system in a fediverse instance. I know that Mastodon has a concept of roles and permissions, but none of the permissions have anything to do with any federated content, so a Mastodon instance does not need to worry about making other instances aware of its roles or permissions. It is essentially local-only roles/permissions.
Lemmy uses a very coarse system where roles are pre-defined with pre-defined permissions - there are site-wide administrators, who are essentially moderators in all communities, and then there are moderators that only have powers within a single community.
Lemmy uses the attributedTo
field on Group
s to indicate the mods to other instances. For example, https://feddit.dk/c/fedditdk
’s attributedTo
field points to https://feddit.dk/c/fedditdk/moderators
which is an ordered collection of actors (users). This is actually part of the Group Federation FEP.
There is also an example of making permissions available to other instances. In Lemmy, moderators may “lock” a community to make it so that only moderators can post in that community. This is communicated to other instances via a postingRestrictedToMods
field on the community actor. Other Lemmy instances detect this field and prevent their local users from posting in the community. This field does not seem to be standardized in any FEPs though, AFAIK.
However, this system feels brittle and “hardcoded”. For example, Mastodon seems to not know anything about the attributedTo
field containing the community moderators (AFAICT), nor does it seem to check the postingRestrictedToMods
field (to be clear I don’t blame or expect Mastodon for this).
I assume that if a Mastodon user tried to post to a community where postingRestrictedToMods == true
, that the toot would appear locally and might even be federated to the poster’s followers, but the remote instance where the group lives would reject the toot and would not federate it to the group followers. This results in inconsistent states between various services. This seems undesirable.
How could we resolve this situation, if at all? It doesn’t seem viable to continue using very coarse, pre-defined roles and permissions, like Lemmy currently does. Then again, it seems impossible for instances to communicate permissions if we do not agree on a standard of what permissions exist and how permissions are assigned to users (i.e. via roles for example).
In the ideal world that I am imagining, it would be possible for a fediverse group (like a Lemmy community) to define its own roles, assign each role permissions (where the permissions are a set of pre-determined agreed-upon standard permissions across the fediverse) and assign each user with roles, and these roles, permissions and role assignments would be communicated somehow to other instances, so there is a shared understanding of the permissions for a user and group.
However, the devil is in the details. I would love to hear your thoughts, potential problems, pitfalls or whether you think this is possible at all.