Hello > > Oauth is not an authentication system, it is delegated credentials > system via a third party. >
Authentication and authorisation with delegated credentials is what we need as identities will be provided by identity providers and assets from asset providers in distributed model. We need the client to be able to authenticate against indentity provider acquire tokens and provide them to region for authentication on region level, access to profile information and assets etc. It is not good idea to pass credentials to the region server directly. > FOAF+SSL (aka Secure Web ID), is a much newer 3.0 techonology which > has less complex interactions (no third party authentication or > passwords required, it is a client server). In a nutshell it uses the > well established SSL protocol for authentication, and FOAF to makup a > public key in your profile. You can use OAuth for 2 legged authentication but your suggestion sounds interesting as well. One would like to be able to use existing networks hosting user identities but time will rectify that for any new technologies as they gain popularity. -tommi _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
