I think having a single sign-on option across application could be the value-add that attracts substantial numbers of new users to the Fediverse.
It’s hard enough for users to dive into the Fediverse, when few (if any) of their friends are there yet. But if we could tell them: there are plenty of great applications, AND you don’t need to make a separate account with each one, you can use just one set of credentials to blog, share photos, microblog, social network - that would be a real compelling proposition.
I think many people would agree that SSO is convenient. The problem, as I see it, is that there are many ways that a SSO system can be implemented, and currently no consensus on the best option. My proposal would be that the group here, or perhaps in the SocialCG meeting, form a consensus on the best SSO approach(es) for the Fediverse. That way, developers can focus on implementing and developing, without needing to individually determine the pros and cons of each option.
As an example, consider that on PixelFed’s Github, there is an Issue #2089 open asking for SSO with LDAP, SAML, or Open ID Connect; Issue #935 asks for IndieAuth support; and Issue #14 asks for LDAP or other SSO support. On Friendica, Issue #1260 asks for IndieAuth support. And some Friendica instances such as Nerdica.net offer Open ID sign-on, but this seems outdated compared to Open ID Connect and other options. Giving guidance on this could allow developers to focus on developing.
Here are the options that I have seen discussed:
Open ID Connect
IndieAuth: https://indieauth.com/
KeyCloak: https://www.keycloak.org/
Gluu: https://gluu.org/docs/gluu-server/
SQRL: https://en.m.wikipedia.org/wiki/SQRL
Zot protocol: Nomadic identity and Remote Authentication Zotlabs
Or perhaps address this through ActivityPub’s Client to Server Interactions.
What do people think? Is there guidance that can be developed? Are any of these approaches better than others, or additional options that should be on the table?