OpenID for data portability in virtual world
From OpenSimulator
Contents |
What is OpenID
For OpenID related knowledge: http://en.wikipedia.org/wiki/OpenID
Foreign user login
In virtual world, To enable a foreign user authentication, What I can imagine is that there are 3 ways can be used.
- Import account from one GridService to another
- Use a central OpenID provider
- UserServer(OpenSim) acts as both RP and OP
Detailed explanations are following:
Import (copy an account information from one to another)
This is the most simple way, just copy an account from its original Gridservice to another.
this can be done through webpages, and current OpenSim's Userserver already has a similar XMLRPC method (GetUserProfile) to do such thind, even though some security holes need to be filled.
- Advantages:
- Quick, direct solution, easy to develop / use.
- Disadvantage:
- The same user profile copied many times, can not manage them(in the case you change your profile in 1 gridservice, it does not affect other grids)
- User have to remember too many password(even though you can always use the same)
- If your name has been taken, you have to change to another - no name portability
- other bad points ...
Use a central OpenID provider
Just like in the web world, there are already lots of website enabled both legacy login and openid login,
UserServer can also support OpenID login, in this case, authentication can be delegated to OpenID providers.
- Advantages:
- User auth information is stored only in 1 place.
- no worry about your favorite name has been take.
- ... some other OpenID advantages
- Disadvantages:
- Current client need to be changed.(ver 1-18-6 is OK)
- In data portability theory [Avatar portability], not only the auth information, but also others (UUID, inventoryurl, asseturl) are needed.
- OpenID has 2 extensions:
- These 2 extensions supports OpenID user to store its additional information, but there are only a few OpenID providers enabled these functions. as far as I searched,
- only myopenid.com: https://www.myopenid.com/ enabled both extensions.
- yahoo.com does not support any of the 2 extensions.
UserServer acts as both RP(Relying Party) and OP(OpenID Provider)
UserServer can not only delegate an authentication to another UserServer, but also accept an incoming authtication request from another UserServer.
That means,
- If a local user login to an UserServer, the UserServer use legacy way(password checking) to confirm the user's identity,
- If a foregin user login to an UserServer, UserServer delegates the authtication.
- user input its OpenID url(probably its Grid's UserServer url), then follow the OpenID
authentication protocol
- When an authtication request comes, UserServer checks the user's identity, if OK, UserServer returns the user profile(include name, uuid, inventoryurl, asseturl).
- Advantages