On Sat, Apr 25, 2009 at 10:47 PM, Diva Canto <[email protected]> wrote: > That sounds reasonable. I should find out more about what the Web 2.0 > crowd is thinking for the "service catalogue", haven't heard that before > coming from them. Because that's exactly where I have been taking OpenSim :) > > Point 4 is also pretty much covered, with code already in place in > OpenSim, used by Grider. The client requests these tokens from the User > Server (ID server, whatever you want to call it), sends them to each > server it wants to use, including regions, the servers in turn verify > them with the User Server. > > So far, I haven't felt the need for OpenID whatsoever. Login can be > performed directly with the User Server, it doesn't need to be > redirected from anywhere. (I have a problem with those redirections, > they are utterly unsafe; if they can be avoided, they should. And I > think they can.)
It's a good idea to have some kind of decentral system, whether it be openid or ssl. These diagrams may give you a flavour of the interactions you'd use in each case: http://esw.w3.org/topic/PushBackDataToLegacySourcesAuthentication Both are great solutions, imho, openid/oauth slightly more mature, ssl slightly fewer interactions/redirections, you'll have to decide what suits best. > > > Christian Scholz wrote: >> Diva Canto schrieb: >>> Let's focus on the goal, before discussing techniques: "I would like >>> to use my google identity in OpenSim as soon as possible :)" >>> >>> Once you've been ID'ed, where would your user services be? >> >> For instance by using a service catalogue which is bound to your OpenID >> and lists where >> >> - your profile is (could be implemented using PortableContacts/OpenSocial) >> - your inventory is (maybe multiple of them) >> - your preferred IM service is (could be Jabber or IRC or something else) >> - your contacts are stored (again could be OpenSocial) >> >> and so on. >> >> This could all be put into an XRDS file which is used by OpenID in the >> discovery step already. >> >> So a workflow might roughly look like this: >> >> 1. A user enters two things: An OpenID and the region URL to connect to >> 2. The client performs an OpenID authentication and retrieves the >> Service Catalogue associated with it. >> 3. The client connects to the region and passes the Service Catalogue >> over (after all the region needs profile data and so on) >> 4. The client retrieves access tokens for those services which it has >> been allowed to pass to regions it connects to. >> 5. The client send the necessary access tokens to the region >> 6. The region retrieves the necessary information (e.g. profile data and >> avatar info) and connects the client to the simulation >> >> The big question is 4. and how this is being handled. But as said in an >> earlier reply, this is exactly what many people are thinking about right >> now. >> >> Another question might also be what the client's responsibility is and >> what the region's. Of course it could all also be routed through the >> client but in general I would assume that simulation related things are >> faster if handled by the region. At least it needs to be allowed to >> cache those as long as the user is active. >> >> But that's more loud thinking here. I might come back with some proposal >> which has got some more thinking :-) >> >> -- Christian >> >> >> >>> >>> >>> Tommi Laukkanen wrote: >>>> Hello >>>> >>>> OAuth seems to provide OpenSimulator server side authentication and >>>> authorisation needs. If you are interested in this area please read >>>> this page and especially the "What is it for"-chapter: >>>> >>>> http://oauth.net/about/ >>>> >>>> "Is OAuth a New Concept?"-chapter is a good read as well. >>>> >>>> Essentially it looks like a way to pass capabilities to servers. For >>>> example you might give opensim region limited access to your >>>> inventory. >>>> >>>> More details can be found from their community wiki: >>>> >>>> http://wiki.oauth.net/ >>>> >>>> Does anyone know other specifications for service level authentication >>>> and authorisation (as opposed to browser and user level authentication >>>> like OpenID and SAML)? >>>> >>>> As you can see from the wiki front page for example google offers >>>> standard oauth api. I would like to use my google identity in OpenSim >>>> as soon as possible :). Someone might want to use AOL, Flickr, Amazon, >>>> yahoo or facebook which are already supported. The big difference is >>>> here that you need not pass your secrect password to opensim server or >>>> go to openid login page at the provider. Idealistviewer could handle >>>> authentication with google and pass the capability tokens to region >>>> when connecting to it. >>>> >>>> If you want to help Metaverse be realised in shortest possible time >>>> please study OAuth and alternative approaches if such exist. I believe >>>> this area needs some OpenSim community focus to get it properly sorted >>>> for next technology leap. I hear a new version of CableBeach is coming >>>> out and it would be great to have standards compliant solution in >>>> capabilities area. By standards compliant I mean a solution which can >>>> hook to major identity provider players as of now. The claim of this >>>> post is that it is already possible with OAuth specification which has >>>> been written by experts of the area. >>>> >>>> If all those major players are supporting OAuth I think it is a strong >>>> signal that the technology is good and mature. My understanding is >>>> that it is very well compliant with OpenSim needs as well. >>>> >>>> -tommi >>>> _______________________________________________ >>>> Opensim-dev mailing list >>>> [email protected] >>>> https://lists.berlios.de/mailman/listinfo/opensim-dev >>>> >>> _______________________________________________ >>> Opensim-dev mailing list >>> [email protected] >>> https://lists.berlios.de/mailman/listinfo/opensim-dev >> >> > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev > _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
