[Opensim-dev] Proposal for using OpenID in OpenSim

Fri Mar 28 11:30:00 UTC 2008

(This is a resend copy, because I have not received any confirmation mail)
Sorry for the unclear PDF confused you.
Here, I want to explan my idea in detail.

First, I did not say any a word about to make user server to support
OpenID login only, I am sure I think OpenID should remain an option, just
like today a lot of websites already have been doing.
And, Thanks very much to Ryan McDougall's opinion about the asset security
problem,
> Anyone who can read your data can copy or modify it
I am agree with you.
AssetDataPortability's main purpose is to enable user bringing their
"appearance" across different VWs. It dose not mean they can freely
add/modify/take things(prims, assets) on your region without your
permission.

I wrote a more detailed PDF file,
http://lulurun.sakura.ne.jp/Data%20Portability%20in%20VirtualWorld.pdf
including some comments, wish this can give you a better image.

The purpose of my idea is to do 3 things:
1. Enable Avatar portability
2. Enable Asset Data portability
3. Facilitate a future "metaverse" of many small or large interoperable
Virtual World systems across the Internet.

Avatar portability means that one person can use one credential
(name/password key) across all interoperable VWs.

Asset data portability means that that Avatar retains the same assets
(clothing, hair, animations) across each VW he can log into.

And to do the above, means to fundamentally alter the current state of
affairs, where each VW is a walled garden.

1. The problem with Avatar portability is obvious: if you register with
VW X, you have to reregister with VW Y in order to enter Y.

OpenID provides a solution to this problem by delegating authentication
to a trusted 3rd party, ie the OpenID server.

To implement OpenID to solve 1., we offer the user an alternate method
of authentication by providing a dialog box where the user can input his
preregistered OpenID (in addition to the old name/pass method).

Using HTTP, we redirect viewer's HTML renderer to the OpenID escrow,
they do old-fashioned challenge-response, and when the escrow is
satisfied, it returns 200, OK to the User server.

2. The problem with Avatar Asset portability is also obvious: since we
have no centralized means of specifying how to get assets, even well
intended region servers cannot get access to your Avatar's assets.

To enable Avatar Asset portability, we suggest that assets be stored in
one URL accessible server, that is attached to your Avatar's OpenID as a
set of attributes, which various VWs can access when you authenticate
with them.

The immediate problem is that currently, there is bad data portability
among VWs, so for the time being, we will either assume:
 a. Assets are stored in a portable format which all VWs can read
 b. All VWs in question are OpenSimulator

This limitation naturally leads us to a discussion of:

3. How can we make this scheme work outside of OpenSim? What will a
"metaverse" of VWs look like under such a scheme?

There will be a new VW independent "User server" implemented as a thin
web service, and pointing to the grid it serves.

 1. The client viewer directs users to their User server, which is
rendered as an HTML page.

 2. The user server authenticates using OpenID using the preferred
OpenID server.

 3. The OpenID server returns the 200,OK, as well as a list of
attributed, specifically the URL for the Avatar's Asset server.

 4. The User server then returns a CircuitCode, or as its know in SL
parlance, a capability, to the viewer and region/grid server.

In order to manage this, it obviously takes a lot of modifications to
the current infrastructure, but the most serious issues are the
following:

* OpenID 2.0 only supports fixed attributes, and sreg.AssetServerUrl is
not one of them. We can:
 - run our own VW OpenID server that hijacks an existing attribute
 - modify an existing OpenID server to add our pet attribute
 - modify an existing OpenID server to add custom attributes

* How do we encourage other VWs to join our system?
* How do we handle non-OS VW data formats? Common data formats:
 - dataportability.org
 - collada.org

I think a lot of people are having the same sort of ideas as I am, and
we are thinking in a common direction, but what we need to do now is
move from head-nodding into some sort of detail, and then hopefully into
prototypes for testing.

I wrote a more detailed PDF file,
http://lulurun.sakura.ne.jp/Data%20Portability%20in%20VirtualWorld.pdf
including some comments, wish this can give you a better image.

Can we have some discussion on this matter, so we can move forward into
an implementation?

Look forward to hearing your concerns and opinions.

Cheers,
lulurun
-- 
Liu Xiaolu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080328/a1167934/attachment-0001.html>