[Opensim-dev] OAuth as authentication and authorisation (capability) specification
Tommi Laukkanen
tommi.s.e.laukkanen at gmail.com
Sat Apr 25 04:21:47 UTC 2009
Hello
OAuth seems to provide OpenSimulator server side authentication and
authorisation needs. If you are interested in this area please read
this page and especially the "What is it for"-chapter:
http://oauth.net/about/
"Is OAuth a New Concept?"-chapter is a good read as well.
Essentially it looks like a way to pass capabilities to servers. For
example you might give opensim region limited access to your
inventory.
More details can be found from their community wiki:
http://wiki.oauth.net/
Does anyone know other specifications for service level authentication
and authorisation (as opposed to browser and user level authentication
like OpenID and SAML)?
As you can see from the wiki front page for example google offers
standard oauth api. I would like to use my google identity in OpenSim
as soon as possible :). Someone might want to use AOL, Flickr, Amazon,
yahoo or facebook which are already supported. The big difference is
here that you need not pass your secrect password to opensim server or
go to openid login page at the provider. Idealistviewer could handle
authentication with google and pass the capability tokens to region
when connecting to it.
If you want to help Metaverse be realised in shortest possible time
please study OAuth and alternative approaches if such exist. I believe
this area needs some OpenSim community focus to get it properly sorted
for next technology leap. I hear a new version of CableBeach is coming
out and it would be great to have standards compliant solution in
capabilities area. By standards compliant I mean a solution which can
hook to major identity provider players as of now. The claim of this
post is that it is already possible with OAuth specification which has
been written by experts of the area.
If all those major players are supporting OAuth I think it is a strong
signal that the technology is good and mature. My understanding is
that it is very well compliant with OpenSim needs as well.
-tommi
More information about the Opensim-dev
mailing list