In this discussion started by James Turner in my post about API v1 we ended up also taking about authentication.
As we're not a multi tenant architecture my initial thoughts were to lean towards a decentralized architecture, both for trust reasons (Forem's code can be changed, so there's no, at least the present moment, way to trust a Forem installation that's not managed by Forem the company), for security and for privacy. StackExchange comes up often in comparison.
As you can imagine this is very much an open discussion that includes possible requirements that we haven't foreseen (like the need for a centralized alternative as Ben mentioned), possible technical limitations and privacy concerns on user management.
Some of these surfaced in the discussion in that post, like "should a user profile be portable between Forems, and what if a person wants to be someone else on another Forem?" or "should the Forems know about any of the other profiles that this human impersonates if they decide to "link"?".
Should there be a foremauth.com/1234 which universally represents rhymes across forems? Does rhymes actually care to have a central profile panel? Should the person just make new accounts if they don't want to be linked to the others in that particular Forem?
For further actions, you may consider blocking this person and/or reporting abuse
Hi Alberto!
In this discussion started by James Turner in my post about API v1 we ended up also taking about authentication.
As we're not a multi tenant architecture my initial thoughts were to lean towards a decentralized architecture, both for trust reasons (Forem's code can be changed, so there's no, at least the present moment, way to trust a Forem installation that's not managed by Forem the company), for security and for privacy. StackExchange comes up often in comparison.
As you can imagine this is very much an open discussion that includes possible requirements that we haven't foreseen (like the need for a centralized alternative as Ben mentioned), possible technical limitations and privacy concerns on user management.
Some of these surfaced in the discussion in that post, like "should a user profile be portable between Forems, and what if a person wants to be someone else on another Forem?" or "should the Forems know about any of the other profiles that this human impersonates if they decide to "link"?".
Should there be a
foremauth.com/1234which universally representsrhymesacross forems? Doesrhymesactually care to have a central profile panel? Should the person just make new accounts if they don't want to be linked to the others in that particular Forem?