• nintendiator@feddit.cl
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    3
    ·
    1 year ago

    the URL is the id in the database

    Who was the idiot that decided to use for a database ID an identifier that almost entirely depends on external (and, for fediverse purposes, usually antagonistic) entities?

    • Max-P@lemmy.max-p.me
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      The W3C, apparently. It’s both the ID and the URL of the object if you want to refresh it. They seem to suggest doing it that way because the URL of a user profile is going to be guaranteed to be unique, and can only be owned by the owner of the domain.

      Lemmy assigns it its own internal ID per instance but it’s only used internally for joins and stuff.

      For example, your person ID is https://feddit.cl/u/nintendiator. If you curl it in ActivityPub format you’ll get your user:

      ~ % curl -H "Accept: application/activity+json" https://feddit.cl/u/nintendiator
      {
        "@context": [.....]
        "type": "Person",
        "id": "https://feddit.cl/u/nintendiator",
        "preferredUsername": "nintendiator",
        "inbox": "https://feddit.cl/u/nintendiator/inbox",
        "outbox": "https://feddit.cl/u/nintendiator/outbox",
        ......
      }
      
      • nintendiator@feddit.cl
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        They seem to suggest doing it that way because the URL of a user profile is going to be guaranteed to be unique, and can only be owned by the owner of the domain.

        Immediate design issue right there: the URL of a user profile is not guaranteed to be unique, and while it can “”“only”“” be owned by the owner of the domain, 1.- it’s not owned by the user of the profile and 2.- the ownership by the domain owner is revocable by a third party.

        Design-wise, it feels to me like they decided that land / house deeds could be certified by municipal traffic signage.

    • Zetaphor@zemmy.cc
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Who was the idiot

      The W3C, also known as the people who develop the web standards. It’s a reasonable expectation as you have to draw a line in the sand somewhere. Distributed identity is not a solved problem, so domains are the best solution we have right now.

      What would you suggest they use as the identifier with which allows other entities uniquely identity you? There are no alternatives until you introduce a ton of cryptography, which is what DID hopes to address, but that’s still going to be bad UX.

      • nintendiator@feddit.cl
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The W3C, also known as the people who develop the web standards

        Figures. The same people who added DRM to the web standards.

        Now, I don’t know what other alternatives could have been used, but I know that URL was among the obvious ones to not use. Something that uniquely identifies you has to be non-transitive and non-revocable by a third party, of which URLs are neither (domain names are revocable, URLs don’t have addressing persistence let alone when you add query strings into the mix, etc). Among the few things that I can think are non-transitive and non-thirdparty-revocable are the good ol’ ssh-keygen keys, easy to generate and all that but I’ve never found a good mechanism or design to query about them.