↳ In-reply-to » Speaking of SSO and a draft blog post I'm writing that I think I'll call Protecting Internal Web Resources (comments, feedback welcome before I publish 🙏) -- I've been thinking for a while now about building a new project based around Indie Auth that provides a full solution to managing a set of users that you could use in place of the more traditional approach of LDAP or Active Directory (shudder 🙄). The use-case I have in mind is to (for example) have auth.example.com that runs this software, lets me manage users, users can manage their credentials, information, etc. Then other software like Gitea, Authelia, or basically anything you want could use it as an "Authentication backend" / "Identity Provider".

@prologic@twtxt.net True, though it becomes less of a problem once people realize writing apps with traditional security models is bad and everyone does it our way. ;)

The challenge with changing the world is overcoming momentum.