I forgot something to add.
Diva Canto schrieb: > So far, I haven't felt the need for OpenID whatsoever. Login can be > performed directly with the User Server, it doesn't need to be > redirected from anywhere. (I have a problem with those redirections, > they are utterly unsafe; if they can be avoided, they should. And I > think they can.) Actually the redirection part in the OAuth spec is only one way to obtain access tokens and is very much tailored towards a web browser situation. One can nevertheless invent different ways of obtaining them but still use the signing method of OAuth. -- Christian > > > Christian Scholz wrote: >> Diva Canto schrieb: >>> Let's focus on the goal, before discussing techniques: "I would like >>> to use my google identity in OpenSim as soon as possible :)" >>> >>> Once you've been ID'ed, where would your user services be? >> For instance by using a service catalogue which is bound to your OpenID >> and lists where >> >> - your profile is (could be implemented using PortableContacts/OpenSocial) >> - your inventory is (maybe multiple of them) >> - your preferred IM service is (could be Jabber or IRC or something else) >> - your contacts are stored (again could be OpenSocial) >> >> and so on. >> >> This could all be put into an XRDS file which is used by OpenID in the >> discovery step already. >> >> So a workflow might roughly look like this: >> >> 1. A user enters two things: An OpenID and the region URL to connect to >> 2. The client performs an OpenID authentication and retrieves the >> Service Catalogue associated with it. >> 3. The client connects to the region and passes the Service Catalogue >> over (after all the region needs profile data and so on) >> 4. The client retrieves access tokens for those services which it has >> been allowed to pass to regions it connects to. >> 5. The client send the necessary access tokens to the region >> 6. The region retrieves the necessary information (e.g. profile data and >> avatar info) and connects the client to the simulation >> >> The big question is 4. and how this is being handled. But as said in an >> earlier reply, this is exactly what many people are thinking about right >> now. >> >> Another question might also be what the client's responsibility is and >> what the region's. Of course it could all also be routed through the >> client but in general I would assume that simulation related things are >> faster if handled by the region. At least it needs to be allowed to >> cache those as long as the user is active. >> >> But that's more loud thinking here. I might come back with some proposal >> which has got some more thinking :-) >> >> -- Christian >> >> >> >>> >>> Tommi Laukkanen wrote: >>>> Hello >>>> >>>> OAuth seems to provide OpenSimulator server side authentication and >>>> authorisation needs. If you are interested in this area please read >>>> this page and especially the "What is it for"-chapter: >>>> >>>> http://oauth.net/about/ >>>> >>>> "Is OAuth a New Concept?"-chapter is a good read as well. >>>> >>>> Essentially it looks like a way to pass capabilities to servers. For >>>> example you might give opensim region limited access to your >>>> inventory. >>>> >>>> More details can be found from their community wiki: >>>> >>>> http://wiki.oauth.net/ >>>> >>>> Does anyone know other specifications for service level authentication >>>> and authorisation (as opposed to browser and user level authentication >>>> like OpenID and SAML)? >>>> >>>> As you can see from the wiki front page for example google offers >>>> standard oauth api. I would like to use my google identity in OpenSim >>>> as soon as possible :). Someone might want to use AOL, Flickr, Amazon, >>>> yahoo or facebook which are already supported. The big difference is >>>> here that you need not pass your secrect password to opensim server or >>>> go to openid login page at the provider. Idealistviewer could handle >>>> authentication with google and pass the capability tokens to region >>>> when connecting to it. >>>> >>>> If you want to help Metaverse be realised in shortest possible time >>>> please study OAuth and alternative approaches if such exist. I believe >>>> this area needs some OpenSim community focus to get it properly sorted >>>> for next technology leap. I hear a new version of CableBeach is coming >>>> out and it would be great to have standards compliant solution in >>>> capabilities area. By standards compliant I mean a solution which can >>>> hook to major identity provider players as of now. The claim of this >>>> post is that it is already possible with OAuth specification which has >>>> been written by experts of the area. >>>> >>>> If all those major players are supporting OAuth I think it is a strong >>>> signal that the technology is good and mature. My understanding is >>>> that it is very well compliant with OpenSim needs as well. >>>> >>>> -tommi >>>> _______________________________________________ >>>> Opensim-dev mailing list >>>> [email protected] >>>> https://lists.berlios.de/mailman/listinfo/opensim-dev >>>> >>> _______________________________________________ >>> Opensim-dev mailing list >>> [email protected] >>> https://lists.berlios.de/mailman/listinfo/opensim-dev >> > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev -- COM.lounge GmbH http://comlounge.net Hanbrucher Strasse 33, 52064 Aachen Amtsgericht Aachen HRB 15170 Geschäftsführer: Dr. Ben Scheffler, Christian Scholz email: [email protected] fon: +49-241-4007300 fax: +49-241-97900850 personal email: [email protected] personal blog: http://mrtopf.de/blog personal podcasts: http://openweb-podcast.de, http://datawithoutborders.net _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
