[Opensim-dev] User Authentication

Mark Malewski mark.malewski at gmail.com
Tue Feb 24 02:23:18 UTC 2009 

Crista,

If Grid owners chose to use OpenID to allow users to authenticate (between
grids) that would be a choice that a Grid owner would have to make.  You
can't just expect ALL grids to be wide open, without any form of
interoperable secure authentication (trust) between grids, and also expect
everything to remain secure at the same time.

You either have one, or the other.  You either have trust, or you don't have
trust.  The "trust agreement" needs to be done somehow, and "OpenID" is just
one simple "open standards" based "trust agreement" that Grid owners could
use.

It seems like a very logical choice.

http://groups.google.com/group/google-federated-login-api/browse_thread/thread/dc0923363b5ef2dc/e46014d89ab520c2

Grid owners (who chose to implement OpenID logins) could just have a login
page similar to this:

http://wiki.openid.net/session/login?page_name=OpenIDServers

With a little "OpenID" symbol, so users knew they could login with their
OpenID login.  Again, this "trust" relationship would then be done by OpenID
(between grids).

*> For those of you who don't know, this already exists. Click this:
*> *http://osgrid.org:8002/users/charles_krinke*<http://osgrid.org:8002/users/charles_krinke>
*> or this:
*> *http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes*<http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes>
* *

I do apologize, I just checked both of those links, and didn't realize that
OS Grid and UCI were both already setup to run their own OpenID identity
servers.

Then nevermind, I retract what I was saying earlier, because there would not
need to be any form of "trust relationship" between grids, as the "trust"
relationship would be established via the OpenID server.

Each Grid would need to allow users to login/authenticate by either having
an OpenID login page, but yes... if osgrid and ucigrid are both running
OpenID identity servers then something like this could be implemented.

*> I'm not going to act on anything that suggests "trust agreements between
various grids." *

I'll clarify that statement, by saying/explaining that the "trust
agreements" between various grids would be done via OpenID standards (an
OpenID login using an OpenID identity server).

I do apologize, and I did not know that osgrid already had an OpenID
identity server setup.


*>The goal is to be able to go from my home standalone to *any* sim out
there that I know >nothing about, and still be sure that nothing bad will
happen to my belongings. Anything less >than this is not acceptable as a
goal, for me.
*
I stand corrected, yes... you could "in theory" move between grids by using
something like OpenID to authenticate across grids.

*> This way various grids could all run "openID" servers, and trust
agreements would need*
*> to be **established between the various grids.*

Again, let me clarify... various grids could run OpenID servers, and the
"trust agreements" would be established by the various OpenID identity
servers.

            Mark

P.S. What OpenID servers are OS Grid, and uci.edu running?  Are they using a
OpenID 2.0 compliant identity server?  Are you using Prairie?  NetMesh
InfoGrid LID PHP?


On Mon, Feb 23, 2009 at 7:05 PM, Diva Canto <diva at metaverseink.com> wrote:

>  Mark Malewski wrote:
>
> Just to clarify...
>
> *> Grids could provide openIDs in the form of "**
> openid.osgrid.org/users/screenname* <http://openid.osgrid.net/screenname>*
> "*
>
> With all grids being independent of one another, or in the example given by
> John, maybe use an "openid.osgrid.org/users/screenname"
>
> http://openid.osgrid.org/users/Charles_Krinke
>
>
> For those of you who don't know, this already exists. Click this:
> http://osgrid.org:8002/users/charles_krinke
> or this:
> http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes
>
>  Again, in this example Charles happens to have his identity at OSGrid,
> but that's not a requirement of the exchange. It could just as easily been
> an identity from another grid.
>
> This way various grids could all run "openID" servers, and trust agreements
> would need to be established between the various grids.
>
> I'm not going to act on anything that suggests "trust agreements between
> various grids." That's an AWG concept that I very much disagree with, and
> want no part in. I have no problem with companies cutting corners on
> security in order to be able to exchange agents on a lawyer-backed up trust
> basis. But that's not what I'm doing here, and that's not what a lot of
> people want OpenSim to be.
>
> The goal is to be able to go from my home standalone to *any* sim out there
> that I know nothing about, and still be sure that nothing bad will happen to
> my belongings. Anything less than this is not acceptable as a goal, for me.
>
> Crista
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090223/b9db5588/attachment-0001.html>

More information about the Opensim-dev mailing list