[Opensim-dev] Proposal for using OpenID in OpenSim
Melanie
melanie at t-data.com
Fri Mar 28 03:56:08 UTC 2008
Hello,
what is wrong with continuing to offer a fully self-contained
userserver, side by side with other authentication schemes? Or
authenticating via http against an apache-based auth server?
Some people aiming for a high level of integration and
interoperability - others just want a SL clone. As far as I
understand, OpenSim aims to be able to be all that.
Where does having to run a jabber server come into it?
Now, i could understand it if the jabber were to be used for
handling inter-region IM, presence, group chat and profiles as well.
Which would not be a bad idea. Not a bad idea at all. But having to
have one, just for auth, seems to be a bit of overkill.
Melanie
Gryc Ueusp wrote:
> Perhaps using a Jabber server to authenticate is an option? It seems to cover
> all of your fears and provide the ability to include a link to data somewhere
> else via the user's profile.
>
> On Thursday 27 March 2008 10:01:32 pm The Burnman wrote:
>> My concern, much like what Melanie stated, is that I do not want to be
>> forced to use a 3rd party service to use OpenSim. If OpenID is not an
>> optional module, I will drop OpenSim from my toolset and move on to
>> something else.
>>
>> Aside from the idea of being forced to use 3rd party services, two concerns
>> I have about using OpenID are:
>>
>> 1) Data security and integrity - With no control over authentication or
>> storage of related data, what's to say data won't be stolen or corrupted,
>> thus causing my clients/users distress and thus causing me a nightmare?
>>
>> 2) Service perpetuality (I might have made that word up) - What guarantees
>> OpenID will remain in business in a year, considering how volatile the
>> Internet business world is? How much downtime do I have to deal with
>> because of maintenance or hardware failure?
>>
>> In fact, I don't know why people think OpenID is a good idea at all. The
>> whole concept is based on trusting a 3rd party to remain up 100% of the
>> time, completely secure, and functioning efficiently. Using OpenID takes
>> any control of those variables out of my hands, and if they have an issue,
>> my service is offline.
>>
>> Sure, it allows some level of interoperability, but I don't consider it
>> worth the risk for my projects. Just do a Google search for "OpenID
>> security" (or similar search parameters) and read about the concerns a lot
>> of people have about OpenID.
>>
>> On Thu, Mar 27, 2008 at 9:33 PM, Ryan McDougall <ryan at 3di.jp> wrote:
>> > My understanding is that, like OpenID is currently used on the web,
>> > which is you could use OpenID if you have one, or the old-fashion type
>> > if you don't.
>> >
>> > However, with OpenID > 1.0, it is possible to add attributes, so OpenID
>> > in OpenSim is a means of avatar portability, since one of the attributes
>> > would be a URL to where your avatar can be found.
>> >
>> > That can't be done the old fashioned way.
>> >
>> > What specifically is your concern about OpenID?
>> >
>> > Cheers,
>> >
>> > On Wed, 2008-03-26 at 23:57 -0400, The Burnman wrote:
>> > > And I take it we are still on the "optional module" page in reference
>> > > to OpenID, yes?
>> > > _______________________________________________
>> > > Opensim-dev mailing list
>> > > Opensim-dev at lists.berlios.de
>> > > https://lists.berlios.de/mailman/listinfo/opensim-dev
>> >
>> > --
>> > Software Engineer
>> > http://www.3di.jp
>> >
>> > The opinions expressed herein represent those of the individual, and do
>> > not constitute company policy unless expressly stated.
>> >
>> > _______________________________________________
>> > Opensim-dev mailing list
>> > Opensim-dev at lists.berlios.de
>> > https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
More information about the Opensim-dev
mailing list