Just to keep the record straight, the Capabilities concept is about 50
years old. It was devised at about the same time as ACLs. For a number
of reasons, ACLs have dominated the field. See here for a nice
historical perspective:
http://www.nabble.com/On-the-Spread-of-the-Capability-Approach-to5608409.html
Tommi Laukkanen wrote:
Hi Diva
Thanks for the analysis. I have to admit I have only fastly scanned
the oAuth spec. They advertise that it works for desktop applications
so I assume it should not necessarily be too complex for the end
user and not too hard to implement either. Someone would need to
study / poc it or get a statement from the oAuth team. If the viewer
acts as users and regions are consumers it could be that it can be
nicely automated and hidden from the user. This would allow us to use
all those identity providers who have adopted oAuth. Personally I
think identity management, authentication and authorisation are so
well known fields that it would be odd if we had to invent it from
scratch. That said we should not try bend a standard to something
which is not suitable for.
In the end it is important to realise that this is not just about
virtual worlds but all identity management in the net. No user wants
to upkeep separate credentials just for virtual worlds. Besides web
and vws will become more and more entangled in the long run. If we
want to have a system which will fly in the near future we should
stick our identity eggs to same basket with the rest of the internet
crowd.
regards,
Tommi
------------------------------------------------------------------------
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev