On Tue, Nov 24, 2009 at 3:40 PM, Infinity Linden (Meadhbh Hamrick) <[email protected]> wrote: > heya. > > just as a FYI, we're going to be working through the whole trust > management issue as part of VWRAP. there was some informal discussion > about using X.509 on the ogpx list running up to a general agreement > we should try to agree on the problem domain before pushing any one > particular technology.
X.509 is the way to go. However I say FOAF is probably the ideal long term solution for this stuff. This blog gives an example of the user experience http://blogs.sun.com/bblfish/entry/foaf_ssl_in_mozilla_s > > so... based on informal discussions about trust management on a VWRAP > open grid seem to be tending towards OAuth and PKI. there is some > heartburn about including OpenID directly into the specifications, but > i understand that jhurliman is working on some OpenID tools to work > with cable beach. and tao (aka christian) is working with xmlgrrrl on > ProtectServ, which should be VERY interesting at some point. > > so from a standards perspective, there's a lot of cool stuff on the > horizon and some more conventional stuff that'll probably get > specified a little sooner. > > -cheers > -meadhbh hamrick ( aka infinity linden aka meadhbh oh ) > > -- > infinity linden (aka meadhbh hamrick) * it's pronounced "maeve" > http://wiki.secondlife.com/wiki/User:Infinity_Linden > > > > On Tue, Nov 24, 2009 at 06:14, Robert A. Knop Jr. <[email protected]> wrote: >> I don't know that this really *is* offtopic, unless it's already a >> settled issue amongs the OpenSim devs. >> >> On Tue, Nov 24, 2009 at 02:19:20PM +0100, Impalah Shenzhou wrote: >>> I could trust in you, but you need to tell me "you are really you" with a >>> local login (i.e. email headers can be altered to impersonate as another >>> person) or someone I trust should tell it to me (i.e. OpenID). >> >> Do you have any personal web pages anywhere? Do you run any CGI or any >> PHP there? Do you identify everybody who comes there? That's the >> analogy we should think about. Yes, we need a secure infrastructure so >> that only the small number of people you *really* trust can do scary >> things. But at the level of running regions -- well, you may be using a >> hosting provider, or you may be hosting yourself, but you don't need >> full and complete trust that everybody is who they claim to be just to >> connect to the world. >> >> -- >> --Rob Knop >> E-mail: [email protected] >> Home Page: http://www.pobox.com/~rknop/ >> Blog: http://www.sonic.net/~rknop/blog/ >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iD8DBQFLC+pcfEn1oMJSrdsRApVqAKCGz8o5gt7vEqvl3HJK07jftpLi5wCg56g+ >> oq1mcfGvljoH5K0Y6X/WX9M= >> =bh/M >> -----END PGP SIGNATURE----- >> >> _______________________________________________ >> Opensim-dev mailing list >> [email protected] >> https://lists.berlios.de/mailman/listinfo/opensim-dev >> >> > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev > _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
