Federated ID seems interesting but impractical. Take your home instance ID and use it to auth to another server, nice to have if the home base is down but if the home is down then how does the remote host validate the user in a realtime sense? Storing tokens or creating a local version of the account would be possible but if the user was banned from the home base then you have to trust replication to clear it from the remotes or have a short enough token expiration to know they need to revalidate against the home base after X time.
A ways out of my expertise, I work more on the lower layers of connectivity so maybe I’m overthinking it. What could be helpful would some sort of local app setup that would create an instance with an easy executable. Creating spontaneous servers has playing with fire potential and doesn’t address domain creation or port allocations, but with the certbot/acme systems out there it seems like it wouldn’t be too far out of the realm of reality. Musings of a mad scientist…