[Opensim-dev] [Opensim-users] Grid <-> Authentication Service

Dalien Talbot dalienta at gmail.com
Fri Feb 15 21:55:17 UTC 2008 

Jani,

lol. :-) very cool.

Actually I thought a bit more about it - the fancy authentication should be
done in the "U" component. We should just take care of the standalone mode
to also handle something similar to "expect_user" xml method.

Then it could be written in whatever language (one could start off with my
ruby-based "dumb UGA" for example) - and be easily tweakable and very
loosely coupled...

anyway, I am very much looking to see your code :-)

/d

On Fri, Feb 15, 2008 at 10:34 PM, Jani Pirkola <jpirkola at gmail.com> wrote:

> Hi Dalien,
>
> That is exactly what we did in realXtend! Except that we use timeout of 2
> minutes :)
> We have user authentication and avatar storage. User authentication is the
> web service for 1) and 2). Avatar storage is a web service where other
> viewers fetch the appearance of your avatar (mesh, skeleton, textures,
> animations, ...) and the url there is supplied by the sim (where each viewer
> send their urls).
>
> The name of user in login screen is e.g. jani at somedomain.org, and the
> avatar storage then provides Avatar's name to sim.
>
> The avatar storage and user authentication will be put into opensim svn
> asap, but it may take some time to take them into use in opensim.
>
> Jani
>
> 2008/2/15, Dalien Talbot <dalienta at gmail.com>:
>
> > IMHO tackling the password authentication might be quite simple:
> >
> > 1) have a separate web service into which you login, and which returns
> > you a 4-digit number, valid for, say, 15 minutes.
> > 2) have a web service to answer the requests from the sims who will
> > supply the hash from the client
> > 3) have the simulator forward the hash from the client to this service
> > upon the user login - and get the pass/fail result from this server.
> >
> > On a first look, this will be reasonably secure, easy to use, simple to
> > code, and harder to crack than the web-single-sign-on proposal that I heard
> > in the discussions some time ago.
> >
> > the last name could be the domain name, and the exact method of the
> > authentication/URL/whatnot could be stored in a TXT record for that domain.
> >
> > Users with the higher level of paranoia might have an option on the
> > backend of selecting a longer one-time-password for the simulator login.
> >
> > What do you think of such an approach ?
> >
> > /d
> >
> > On Fri, Feb 15, 2008 at 5:15 PM, Diva Canto <diva at metaverseink.com>
> > wrote:
> >
> > > dr scofield wrote:
> > > > that makes it rather easy for any of your UCI users to log in as any
> > > > other UCI user. if that's what you want, fine. were i a UCI user,
> > > i'd
> > > > not like that...
> > > >
> > > > if you were planning on using the password field as well, that is
> > > > going to require some additional code at the UCI authentication
> > > > service side as the password is not being send in the clear by as a
> > > > salted MD5 hash, so you'd have to generate those for all your UCI
> > > users.
> > > >
> > > >    cheers,
> > > >    dirk
> > > >
> > > >
> > > We will use passwords, of course, that's how authentications get done
> > > these days. We'll have to figure out how to handle the MD5 hash if the
> > > campus authentication service doesn't do it. Of course, better would
> > > be
> > > if the credentials were entered at the site of the authentication
> > > service, which is how this usually works on the web: you want to login
> > > to your grades -> you're first redirected to the authentication
> > > service
> > > -> you come back to the grades system.
> > >
> > > In any case, what I really want is to let everyone in, UCI and
> > > non-UCI,
> > > and properly ACL things -- just like what happens on the web. OpenSim
> > > still doesn't have permissions, so that probably won't be done now.
> > > But
> > > when it has permissions, that's what we will want. This whole idea of
> > > having un-interoperable domains of users, each grid with its own
> > > domain,
> > > is not going to scale to the kinds of things universities want to do
> > > with virtual worlds; it's a major step *back* from what we got
> > > accustomed with the Web. We want interoperable ID domains,
> > > interoperable
> > > inventory (storage) domains, gridless and intergrid sim-to-sim TPs,
> > > external exposure of data for search engines, and all kinds of good
> > > old
> > > web openness, properly ACLed -- that's very clear.
> > >
> > > _______________________________________________
> > > Opensim-dev mailing list
> > > Opensim-dev at lists.berlios.de
> > > https://lists.berlios.de/mailman/listinfo/opensim-dev
> > >
> >
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080215/3943a834/attachment-0001.html>

More information about the Opensim-dev mailing list