[Opensim-dev] User Authentication

Diva Canto diva at metaverseink.com
Tue Feb 24 02:53:56 UTC 2009 

With all due respect to you and the people who find the problem of 
bounded interoperability interesting, that is not the problem I'm trying 
to solve. We have different goals. So, find a solution for your problem 
(not difficult, in my view, and it looks like you already found it), and 
those of us who are interested in unlimited interoperability will a find 
a solution to ours. I'm sure OpenSim can accommodate all of the above. 
As Teravus suggested, for our problem of unlimited interoperability, the 
final key here is to authenticate the viewer's endpoint. We're close.

Crista

Mark Malewski wrote:
> Crista,
>  
> If Grid owners chose to use OpenID to allow users to authenticate 
> (between grids) that would be a choice that a Grid owner would have to 
> make.  You can't just expect ALL grids to be wide open, without any 
> form of interoperable secure authentication (trust) between grids, and 
> also expect everything to remain secure at the same time.
>  
> You either have one, or the other.  You either have trust, or you 
> don't have trust.  The "trust agreement" needs to be done somehow, and 
> "OpenID" is just one simple "open standards" based "trust agreement" 
> that Grid owners could use.
>  
> It seems like a very logical choice. 
>  
> http://groups.google.com/group/google-federated-login-api/browse_thread/thread/dc0923363b5ef2dc/e46014d89ab520c2
>  
> Grid owners (who chose to implement OpenID logins) could just have a 
> login page similar to this:
>  
> http://wiki.openid.net/session/login?page_name=OpenIDServers
>  
> With a little "OpenID" symbol, so users knew they could login with 
> their OpenID login.  Again, this "trust" relationship would then be 
> done by OpenID (between grids).
>  
> */> For those of you who don't know, this already exists. Click this:
> /*> */http://osgrid.org:8002/users/charles_krinke/*
> */> or this:
> /*> */http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes/**/ /*
>  
> I do apologize, I just checked both of those links, and didn't realize 
> that OS Grid and UCI were both already setup to run their own OpenID 
> identity servers.
>  
> Then nevermind, I retract what I was saying earlier, because there 
> would not need to be any form of "trust relationship" between grids, 
> as the "trust" relationship would be established via the OpenID server.
>  
> Each Grid would need to allow users to login/authenticate by either 
> having an OpenID login page, but yes... if osgrid and ucigrid are both 
> running OpenID identity servers then something like this could be 
> implemented.
>  
> */> I'm not going to act on anything that suggests "trust agreements 
> between various grids." /*
>  
> I'll clarify that statement, by saying/explaining that the "trust 
> agreements" between various grids would be done via OpenID standards 
> (an OpenID login using an OpenID identity server).
>  
> I do apologize, and I did not know that osgrid already had an OpenID 
> identity server setup.
>  
>  
> */>The goal is to be able to go from my home standalone to *any* sim 
> out there that I know >nothing about, and still be sure that nothing 
> bad will happen to my belongings. Anything less >than this is not 
> acceptable as a goal, for me.
> /*
> I stand corrected, yes... you could "in theory" move between grids by 
> using something like OpenID to authenticate across grids.
>  
> */> This way various grids could all run "openID" servers, and trust 
> agreements would need/*
> */> to be /**/established between the various grids./*
>  
> Again, let me clarify... various grids could run OpenID servers, and 
> the "trust agreements" would be established by the various OpenID 
> identity servers. 
>  
>             Mark
>  
> P.S. What OpenID servers are OS Grid, and uci.edu <http://uci.edu> 
> running?  Are they using a OpenID 2.0 compliant identity server?  Are 
> you using Prairie?  NetMesh InfoGrid LID PHP? 
>  
>  
> On Mon, Feb 23, 2009 at 7:05 PM, Diva Canto <diva at metaverseink.com 
> <mailto:diva at metaverseink.com>> wrote:
>
>     Mark Malewski wrote:
>>     Just to clarify...
>>      
>>     */> Grids could provide openIDs in the form of
>>     "/**/openid.osgrid.org/users/screenname/*
>>     <http://openid.osgrid.net/screenname>*/"/*
>>      
>>     With all grids being independent of one another, or in the
>>     example given by John, maybe use an
>>     "openid.osgrid.org/users/screenname
>>     <http://openid.osgrid.org/users/screenname>"
>>      
>>     http://openid.osgrid.org/users/Charles_Krinke
>>      
>     For those of you who don't know, this already exists. Click this:
>     http://osgrid.org:8002/users/charles_krinke
>     or this:
>     http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes
>
>
>>     Again, in this example Charles happens to have his identity at
>>     OSGrid, but that's not a requirement of the exchange. It could
>>     just as easily been an identity from another grid.
>>      
>>     This way various grids could all run "openID" servers, and trust
>>     agreements would need to be established between the various grids.
>     I'm not going to act on anything that suggests "trust agreements
>     between various grids." That's an AWG concept that I very much
>     disagree with, and want no part in. I have no problem with
>     companies cutting corners on security in order to be able to
>     exchange agents on a lawyer-backed up trust basis. But that's not
>     what I'm doing here, and that's not what a lot of people want
>     OpenSim to be.
>
>     The goal is to be able to go from my home standalone to *any* sim
>     out there that I know nothing about, and still be sure that
>     nothing bad will happen to my belongings. Anything less than this
>     is not acceptable as a goal, for me.
>
>     Crista
>
>
>     _______________________________________________
>     Opensim-dev mailing list
>     Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>     https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090223/e863c6f6/attachment-0001.html>

More information about the Opensim-dev mailing list