[Opensim-dev] Proposal for using OpenID in OpenSim

Justin Clark-Casey jjustincc at googlemail.com
Fri Mar 28 14:05:22 UTC 2008 

Where do you think .ini files for individual modules should go?  Just 
putting them in /bin seems a little messy - perhaps they should have 
their own subdirectory (putting them with modules directly may make them 
hard to find, though perhaps that it also an additional option).

--
justincc


Michael Wright wrote:
> Authentication is already quite modular , but in time hopefully it 
> will be even more so. Its quite easy to write new login services that 
> use the login and authentication method of your choice. We 
> (TribalMedia) do this all the time for various different applications.
>
> And yes opensim should always support walled 3d appplications. Its not 
> about trying to create one single metaverse that all use the same 
> databases/methods/whatever. It is about creating a platform that can 
> be used for lots of different things. The idea of a single shared 
> metaverse is one application, but separate 3d applications are just as 
> important (and my main focus).
>
> So yes OpenID should be a option, but to me it should be that...a 
> option and the only authentication system.
>
> There is never going to (or at least should never)  be one 
> "distribution" of opensim that mights all needs. We have tried to make 
> opensim modular, so we should use that. And not try to add thousands 
> of flags to the ini file, but instead have the core and then the 
> modules. With a ini file (or whatever) defining what modules are to be 
> used. Different distributions of opensim could come with different 
> modules and a default ini file that loads those modules. So we could 
> have a OpenID based distribution that includes the relevant modules.
>
> */Ryan McDougall <ryan at 3di.jp>/* wrote:
>
>
>     On Thu, 2008-03-27 at 23:01 -0400, The Burnman wrote:
>     > My concern, much like what Melanie stated, is that I do not want
>     to be
>     > forced to use a 3rd party service to use OpenSim. If OpenID is
>     not an
>     > optional module, I will drop OpenSim from my toolset and move on to
>     > something else.
>
>     Well, this is open source, so in a very strict manner of speaking,
>     _all_
>     modules are optional, so it kinda like asking if you can have your
>     hamburger without a side of ice water.
>
>     As for being _easily_ configurable to run without OpenID, I'm sure
>     that
>     just a matter of:
>
>     // in OpenSim.ini
>     flag = false
>
>     // in UserServer.cs
>     if (flag)
>     do_fancy_open_id_junk();
>     else
>     ask_for_a_ridiculously_simple_name_and_password();
>
>     So I don't think its remotely clear that anyone would be _forced_
>     to use
>     3rd party stuff.
>
>     > Aside from the idea of being forced to use 3rd party services, two
>     > concerns I have about using OpenID are:
>     >
>     > 1) Data security and integrity - With no control over authentication
>     > or storage of related data, what's to say data won't be stolen or
>     > corrupted, thus causing my clients/users distress and thus
>     causing me
>     > a nightmare?
>
>     Many issues here:
>
>     1. OpenID is a method of authentication, and optionally passing
>     identity
>     preferences. It can enable portability, but in no stretch of the
>     imagination _requires_ it.
>
>     2. Anyone who can read your data can copy or modify it. There is
>     no such
>     thing as "data security" (ie DRM) in practice. If you don't want
>     anyone
>     to read your assets, don't put them on a publicly accessible server.
>     Simple as that.
>
>     3. If your concern is integrity or authorization There are things such
>     things as trust networks, digital signing, and whatnot, but thats not
>     what OpenID is about and is a related but separate discussion.
>
>     > 2) Service perpetuality (I might have made that word up) - What
>     > guarantees OpenID will remain in business in a year, considering how
>     > volatile the Internet business world is? How much downtime do I have
>     > to deal with because of maintenance or hardware failure?
>
>     What guarantees _any_ website will remain up in a year?
>
>     OpenID isn't a business, its a protocol with some implementations.
>     OpenID disappearing is about as likely as HTTP or Apache disappearing.
>
>     > In fact, I don't know why people think OpenID is a good idea at all.
>     > The whole concept is based on trusting a 3rd party to remain up 100%
>     > of the time, completely secure, and functioning efficiently. Using
>     > OpenID takes any control of those variables out of my hands, and if
>     > they have an issue, my service is offline.
>
>     If you don't trust a 3rd party, you're able to run your own OpenID
>     server with your own rules. That one will only ever go down if you die
>     or the internet quits working. That's the Open part.
>
>     > Sure, it allows some level of interoperability, but I don't consider
>     > it worth the risk for my projects. Just do a Google search for
>     > "OpenID security" (or similar search parameters) and read about the
>     > concerns a lot of people have about OpenID.
>
>     I'm sure OpenID isn't a panacea, but as has been said repeatedly,
>     no one
>     is suggesting it be required for all people using OpenSim.
>
>     Cheers,
>
>     > On Thu, Mar 27, 2008 at 9:33 PM, Ryan McDougall wrote:
>     > My understanding is that, like OpenID is currently used on the
>     > web,
>     > which is you could use OpenID if you have one, or the
>     > old-fashion type
>     > if you don't.
>     >
>     > However, with OpenID > 1.0, it is possible to add attributes,
>     > so OpenID
>     > in OpenSim is a means of avatar portability, since one of the
>     > attributes
>     > would be a URL to where your avatar can be found.
>     >
>     > That can't be done the old fashioned way.
>     >
>     > What specifically is your concern about OpenID?
>     >
>     > Cheers,
>     >
>     > On Wed, 2008-03-26 at 23:57 -0400, The Burnman wrote:
>     > > And I take it we are still on the "optional module" page in
>     > reference
>     > > to OpenID, yes?
>     >
>     > > _______________________________________________
>     > > Opensim-dev mailing list
>     > > Opensim-dev at lists.berlios.de
>     > > https://lists.berlios.de/mailman/listinfo/opensim-dev
>     > --
>     > Software Engineer
>     > http://www.3di.jp
>     >
>     > The opinions expressed herein represent those of the
>     > individual, and do
>     > not constitute company policy unless expressly stated.
>     >
>     > _______________________________________________
>     > Opensim-dev mailing list
>     > Opensim-dev at lists.berlios.de
>     > https://lists.berlios.de/mailman/listinfo/opensim-dev
>     >
>     > _______________________________________________
>     > Opensim-dev mailing list
>     > Opensim-dev at lists.berlios.de
>     > https://lists.berlios.de/mailman/listinfo/opensim-dev
>     -- 
>     Software Engineer
>     http://www.3di.jp
>
>     The opinions expressed herein represent those of the individual,
>     and do
>     not constitute company policy unless expressly stated.
>
>     _______________________________________________
>     Opensim-dev mailing list
>     Opensim-dev at lists.berlios.de
>     https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> ------------------------------------------------------------------------
> Sent from Yahoo! Mail 
> <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52418/*http://uk.docs.yahoo.com/nowyoucan.html>. 
>
> A Smarter Inbox.
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>

More information about the Opensim-dev mailing list