[Opensim-dev] OAuth as authentication and authorisation (capability) specification
Melvin Carvalho
melvincarvalho at gmail.com
Tue Apr 28 10:27:40 UTC 2009
On Tue, Apr 28, 2009 at 5:49 AM, <diva at metaverseink.com> wrote:
> Melvin Carvalho wrote:
>>
>> It's a good idea to have some kind of decentral system, whether it be
>> openid or ssl.
>>
>> These diagrams may give you a flavour of the interactions you'd use in
>> each case:
>>
>> http://esw.w3.org/topic/PushBackDataToLegacySourcesAuthentication
>>
>> Both are great solutions, imho, openid/oauth slightly more mature, ssl
>> slightly fewer interactions/redirections, you'll have to decide what
>> suits best.
>
> I'm not entirely sure what on Web calls for things like OpenID redirects. Is
> it because the web browser is dumb?
I think the idea was to be able to delegate login via a possible 3rd
party. The predominate pattern there is username password via human
interaction, so you need a redirect or a popup.
>
> Because if you have a non-dumb browser, it can keep state. You don't need
> much more than the masterKey and the subsequent services keys -- that's
> enough. If you can keep that state on the client side, there is absolutely
> no need for redirects of any sort. The user logs in to his/her identity
> service (whatever that is) *first*, and moves on to using any services
> he/she wants without ever needing those services to redirect.
Agree with this, and this is exactly how SSL works (which browsers do
use), though any key system with challenge response mechanism would
work equally well.
>
> So what is it about the Web that made people come up with this idea of
> redirecting the login procedure across trust domain boundaries?
OpenID works well on the web, and people are happy with the redirect,
and it has gained a lot of traction in the web community. I
personally use a stateful browser with SSL keys to log in to a
website, or even to an openid site, but I guess im more of a power
user. At the end of the day it beats the previous alternative hands
down, which was having to pay $50,000 to join the Microsoft passport
scheme!
>
>
More information about the Opensim-dev
mailing list