Christian Scholz wrote: > As for the web needing some more intelligent client, maybe that's right > but then again we have to deal with it as it's now ;-)
Yes, but that's not the case in Virtual Worlds :-) Virtual Worlds have really big, fat clients, full of state and logic to their eyeballs. Carrying keys/credentials for verifiable identity is a tiny little thing to do, compared to all the other state they carry around. Let's not complicate things just because the emerging protocols for the Web 2.0 assume that clients are dumb. Our servers and clients are being developed as we speak, and we can make them be smart. The login process can be: 1. User enters ID (u...@idprovider) and destination world (areg...@agrid) in the client 2. Client logs in with the ID service -- not with the grid/region, because if you do that you immediately place the user at risk of being phished. Client gets masterKey directly from the IDprovider. Grid/region don't exist in this step, there are no redirects. 3. Client requests a key from IDProvider for launching an agent at areg...@agrid, and it launches that agent, along with the key 4. areg...@agrid calls back to IDProvider verifying that the given key is valid for that user. Repeat for all other services. Later, users wants to Teleport to f...@foogrid. 5. Client requests a key from IDProvider for launching an agent at f...@foogrid, and it launches that agent, along with the key 6. f...@foogrid calls back to IDProvider verifying that the given key is valid for that user. etc. This is what Grider does. A Web client could do that too, if the Web didn't insist on having its browsers thin and blond :-) So if there's a place in those new Web 2.0 protocols for smart, slightly chubbier brunette clients that'd be great! -- then Tommil can have his wish of login with his google account [safely]. Crista / Diva _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
