CableBeachProposal

From OpenSimulator

Revision as of 13:03, 6 April 2009 by Jhurliman (Talk | contribs)

Jump to: navigation, search

LL Client Login

CableBeach LL Client Login 1.png

  1. This step is the familiar XML-RPC login initiated from the Linden Lab client, passing a first name, last name, and md5 hash of the password. What is new here is that the login is sent directly to the grid server for a grid, since identities are no longer tightly coupled to grids.
  2. The login is forwarded to a known identity server. Note that because the client is providing a grid server with sensitive information (md5 hash of the agent password), and it does not provide a URL for the identity server, this form of login requires the grid server and a known identity server to exist in the same trust domain.
  3. The identity server holds profile information for each identity, which includes a list of URLs for various services. For each service, a temporary access token is requested.
  4. Each service grants a temporary access token back to the identity server.
  5. The login request successfully returns back to the grid server with information about the agent, the list of services, and access tokens for each service.
  6. The grid server determines which simulator the client will start in. This may be the closest available location to a requested destination, the agent's home simulator in this grid, or the default starting location for the grid.
  7. The grid server contacts the starting simulator to prepare the login. Information about the agent, the list of services for the agent, and the access tokens for each service are given to the simulator. The grid server uses its certificate as a client certificate so the simulator can authenticate the request.
  8. The simulator checks the presented client certificate and confirms it as being signed by the grid server. Preparations are made and a UDP circuit is created. The identifier for the waiting UDP circuit is passed back to the grid server with the success response.
  9. The grid server uses the access token it received for the inventory server to contact the inventory server and receive information about the agent inventory, including a skeleton of the folder structure and owner information.
  10. The inventory server checks the access token and confirms that it is a valid and non-expired token.
  11. Inventory information is returned to the grid server along with the success response.
  12. Agent information, inventory information, and the UDP circuit identifier are all returned to the client along with the success response.

OpenID Client Login

Hypergrid Trusted Teleport

Personal tools
General
About This Wiki