[Opensim-dev] Proposal for using OpenID in OpenSim
Justin Clark-Casey
jjustincc at googlemail.com
Fri Mar 28 14:05:22 UTC 2008
Where do you think .ini files for individual modules should go? Just
putting them in /bin seems a little messy - perhaps they should have
their own subdirectory (putting them with modules directly may make them
hard to find, though perhaps that it also an additional option).
--
justincc
Michael Wright wrote:
> Authentication is already quite modular , but in time hopefully it
> will be even more so. Its quite easy to write new login services that
> use the login and authentication method of your choice. We
> (TribalMedia) do this all the time for various different applications.
>
> And yes opensim should always support walled 3d appplications. Its not
> about trying to create one single metaverse that all use the same
> databases/methods/whatever. It is about creating a platform that can
> be used for lots of different things. The idea of a single shared
> metaverse is one application, but separate 3d applications are just as
> important (and my main focus).
>
> So yes OpenID should be a option, but to me it should be that...a
> option and the only authentication system.
>
> There is never going to (or at least should never) be one
> "distribution" of opensim that mights all needs. We have tried to make
> opensim modular, so we should use that. And not try to add thousands
> of flags to the ini file, but instead have the core and then the
> modules. With a ini file (or whatever) defining what modules are to be
> used. Different distributions of opensim could come with different
> modules and a default ini file that loads those modules. So we could
> have a OpenID based distribution that includes the relevant modules.
>
> */Ryan McDougall <ryan at 3di.jp>/* wrote:
>
>
> On Thu, 2008-03-27 at 23:01 -0400, The Burnman wrote:
> > My concern, much like what Melanie stated, is that I do not want
> to be
> > forced to use a 3rd party service to use OpenSim. If OpenID is
> not an
> > optional module, I will drop OpenSim from my toolset and move on to
> > something else.
>
> Well, this is open source, so in a very strict manner of speaking,
> _all_
> modules are optional, so it kinda like asking if you can have your
> hamburger without a side of ice water.
>
> As for being _easily_ configurable to run without OpenID, I'm sure
> that
> just a matter of:
>
> // in OpenSim.ini
> flag = false
>
> // in UserServer.cs
> if (flag)
> do_fancy_open_id_junk();
> else
> ask_for_a_ridiculously_simple_name_and_password();
>
> So I don't think its remotely clear that anyone would be _forced_
> to use
> 3rd party stuff.
>
> > Aside from the idea of being forced to use 3rd party services, two
> > concerns I have about using OpenID are:
> >
> > 1) Data security and integrity - With no control over authentication
> > or storage of related data, what's to say data won't be stolen or
> > corrupted, thus causing my clients/users distress and thus
> causing me
> > a nightmare?
>
> Many issues here:
>
> 1. OpenID is a method of authentication, and optionally passing
> identity
> preferences. It can enable portability, but in no stretch of the
> imagination _requires_ it.
>
> 2. Anyone who can read your data can copy or modify it. There is
> no such
> thing as "data security" (ie DRM) in practice. If you don't want
> anyone
> to read your assets, don't put them on a publicly accessible server.
> Simple as that.
>
> 3. If your concern is integrity or authorization There are things such
> things as trust networks, digital signing, and whatnot, but thats not
> what OpenID is about and is a related but separate discussion.
>
> > 2) Service perpetuality (I might have made that word up) - What
> > guarantees OpenID will remain in business in a year, considering how
> > volatile the Internet business world is? How much downtime do I have
> > to deal with because of maintenance or hardware failure?
>
> What guarantees _any_ website will remain up in a year?
>
> OpenID isn't a business, its a protocol with some implementations.
> OpenID disappearing is about as likely as HTTP or Apache disappearing.
>
> > In fact, I don't know why people think OpenID is a good idea at all.
> > The whole concept is based on trusting a 3rd party to remain up 100%
> > of the time, completely secure, and functioning efficiently. Using
> > OpenID takes any control of those variables out of my hands, and if
> > they have an issue, my service is offline.
>
> If you don't trust a 3rd party, you're able to run your own OpenID
> server with your own rules. That one will only ever go down if you die
> or the internet quits working. That's the Open part.
>
> > Sure, it allows some level of interoperability, but I don't consider
> > it worth the risk for my projects. Just do a Google search for
> > "OpenID security" (or similar search parameters) and read about the
> > concerns a lot of people have about OpenID.
>
> I'm sure OpenID isn't a panacea, but as has been said repeatedly,
> no one
> is suggesting it be required for all people using OpenSim.
>
> Cheers,
>
> > On Thu, Mar 27, 2008 at 9:33 PM, Ryan McDougall wrote:
> > My understanding is that, like OpenID is currently used on the
> > web,
> > which is you could use OpenID if you have one, or the
> > old-fashion type
> > if you don't.
> >
> > However, with OpenID > 1.0, it is possible to add attributes,
> > so OpenID
> > in OpenSim is a means of avatar portability, since one of the
> > attributes
> > would be a URL to where your avatar can be found.
> >
> > That can't be done the old fashioned way.
> >
> > What specifically is your concern about OpenID?
> >
> > Cheers,
> >
> > On Wed, 2008-03-26 at 23:57 -0400, The Burnman wrote:
> > > And I take it we are still on the "optional module" page in
> > reference
> > > to OpenID, yes?
> >
> > > _______________________________________________
> > > Opensim-dev mailing list
> > > Opensim-dev at lists.berlios.de
> > > https://lists.berlios.de/mailman/listinfo/opensim-dev
> > --
> > Software Engineer
> > http://www.3di.jp
> >
> > The opinions expressed herein represent those of the
> > individual, and do
> > not constitute company policy unless expressly stated.
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> --
> Software Engineer
> http://www.3di.jp
>
> The opinions expressed herein represent those of the individual,
> and do
> not constitute company policy unless expressly stated.
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> ------------------------------------------------------------------------
> Sent from Yahoo! Mail
> <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52418/*http://uk.docs.yahoo.com/nowyoucan.html>.
>
> A Smarter Inbox.
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
More information about the Opensim-dev
mailing list