[Opensim-dev] Mantis#2816 patch and openid
Mic Bowman
cmickeyb at gmail.com
Mon Dec 15 19:16:22 UTC 2008
So this is really an API that can be used to apply the set of
identities managed by the user server to other services. A couple more
places this could be useful... the web interfaces like opensimwi
currently manipulate the database directly in order to perform
authentication for account management. Also, the Alan's REST
interfaces for asses & inventory on the region server currently cannot
authenticate a specific user in grid mode (there is no API & the User
server does not hand out the hashed password to the region server in
grid mode).
The choice of OpenID vs some other API is really just a choice to
support a fairly standard API rather than invent something new.
--mic
On Mon, Dec 15, 2008 at 10:15 AM, Hurliman, John
<john.hurliman at intel.com> wrote:
>> -----Original Message-----
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>> bounces at lists.berlios.de] On Behalf Of Sean Dague
>> Sent: Monday, December 15, 2008 5:03 AM
>> To: opensim-dev at lists.berlios.de
>> Subject: Re: [Opensim-dev] Mantis#2816 patch and openid
>>
>> Hurliman, John wrote:
>>>
>>> A clarification on the patch, this adds OpenID provider support to
>> user server. It does not turn the user server into an OpenID consumer.
>> I think OpenID grid login is a very interesting discussion that should
>> take place on the mailing list, but what this does is allow you to
>> prove ownership of an avatar on a grid. You could leave a comment on a
>> blog using your avatar identity, for example. The main reason for the
>> patch is to pave the way to building a secure hypergrid. Now that
>> OpenSim is evolving into a federated grid model it's critical to be
>> able to carry identity around the metaverse. I also have a patch for
>> the distributed asset service that authenticates all inventory and
>> asset transactions against the user server and allows
>> whitelisting/blacklisting of foreign grids (will be committed very
>> soon after some cleanup).
>>
>> Could you explain that authentication flow with the existing client?
>> While this patch doesn't hurt anything, I'd really like to understand
>> where this is going before we commit something like this.
>>
>> -Sean
>>
>
>
> This doesn't change any existing authentication flow. It adds a new feature, which is that you can go to http://www.jhurliman.org/ and leave a comment on my blog as http://www.osgrid.org:8002/users/Some_Avatar, or write a PHP script that lets you directly upload assets to a distributed asset store without having to login (directly) through a user server and establish an unnecessary agent presence.
>
> John
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
More information about the Opensim-dev
mailing list