[Opensim-dev] secure_inventory_server ??

liu xiaolu lulurun at gmail.com
Fri Jul 25 15:06:50 UTC 2008 

First, I want to clarify that, I am not against what you said
To release inventory, asset server become independent ones is also what I
have been working on.

I am just trying to introduce my thoughts:
>>[solution:]
>>* add a new table for inventoryserver, 2 fields, useruuid, userserver_url,
everytime inventoryserver
>>  extract "session_id", "user_id" from the request, get "userserver_url"
by "user_id", then check the
>>  identity of "user_id" from "userserver_url" (call check_auth_session)
>I really think rather than the inventory server calling a authenticate
method on the user server. That
>the user server should send a sessionid to the inventory server when a new
login happens. I guess
>your idea of the userserver_url was something silmilar in that the
userserver would update it when
>a user logs in? Otherwise if it was just "hardcoded" in the db then it
wouldn't solve anything.

sorry for the lack of explanation of the new table, temporary let me call it
"userserver_dictionary".
* "userserver_dictionary" is a table always together with inventoryfolers,
inventoryitems
* "userserver_dictionary" has 2 column: user_id pkey, userserver_url
// user registration
when a new user registered at a GridService G1, the user will possibly have
its account on G1's
userserver U1, then, no matter which inventoryserver the user is using(or
going to use), assume it is called InvN,
InvN's "userserver_dictionary" would be added 1 record <"uid", U1's url>,
// user login to VW
* user get authentication at U1, get "session_id"
* user login into a regionserver, regionserver gets user's profile and
extract user's inventoryserver InvN from its profile.
* regionserver requests getInventory("session_id", user.uuid) from InvN.
* InvN gets "U1's url" by user.uuid from "userserver_dictionary"
* InvN requests check_auth_session("session_id", user.uuid) from "U1's url"
//
in this case, dose InvN satisfies what you want ?
* InvN is separate from any other server
* InvN is independent, not rely on any userserver, it pull identity under
user's specification(get "userserver_url" by uuid)
* InvN can store users from different gridsevices

-- 
Lulurun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080726/2e84844c/attachment-0001.html>

More information about the Opensim-dev mailing list