[Opensim-dev] OGPX and IETF-ing things

Infinity Linden infinity at lindenlab.com
Wed Jun 3 23:27:48 UTC 2009 

a couple points...

a. it's ms. hamrick, not mr. hamrick. but don't worry... i get that a lot.

b. the purpose of the OGPX mailing list is to discuss requirements for
standardization as they exist today. with the expectation that we'll
eventually form a working group "soonish."

c. our plan is to take the bits of a protocol we have general
agreement on and standardize them now. once they're standardized, we
recharter and work on the next couple of bits, and then keep repeating
this pattern til we have something resembling a complete standard.

d. i think i'm starting to understand where Christina's coming from...
it seems to me her approach is "code now, standardize later," which is
a PERFECTLY valid thing to do. and i also agree that ultimately, HG
and OGP will remain distinct protocols. but it sounds like there's
still some things we're both using. capabilities is the perfect
example. we're both using them, and we just had a request to add some
form of introspection. we're probably going to add some verbiage in
the spec that OGP servers should respond to an OPTIONS request with
the LLIDL of the resource represented by the capability. it would be
nice that before we put that in ink, we get someone with some
understanding of how HG is using capabilities gives it a once over and
lets us know whether it's going to break anything on the HG side. If
we find out about it early, we can change it. Finding out about it
after systems have been deployed makes it a lot harder to change.

e. yup. we like OAuth and ProtectServ (well... some of us like
ProtectServ.) OpenID is a bit of a non-starter because the OpenID
community has declared "authenticating a desktop application" an
un-interesting use case. That being said... what John's doing where
OpenID is used in a web browser, and that browser then forwards to a
secondlife: URL or to a HTTP URL that downloads a blob with a user
token. That's actually pretty cool. However... it is sort of outside
the realm of OGP. Though if peeps want to work on an informational RFC
re: best practices for integrating OpenID with OGP, that's cool too.
If you want to do it on the OGPX list, that's fine. if you want to do
it on sldev, that's fine.

so... to recap... OAuth definitely has a place in OGP. OpenID? sure.
there's lots of stuff we could do there, but probably not IN OGP
itself. OpenSocial... sure. if there's interest.

-cheers
-meadhbh

On Wed, Jun 3, 2009 at 2:55 PM, Christian Scholz <cs at comlounge.net> wrote:
> Hi!
>
> Toni Alatalo schrieb:
>> On Jun 3, 2009, at 10:37 PM, Cristina Videira Lopes wrote:
>>
>>> Personally, I think this is all premature. IETF-ing the Hypergrid is
>>> premature for different reasons than IETF-ing OGP is premature. The
>>
>> I think that depends on what is meant by IETF-ing. For proposing as a
>> standard, you are most probably correct. But starting to discuss
>> something within the IETF doesn't mean there's a ready proposal for a
>> standard - perhaps just an idea of the need, a set of requirements and
>> some early implementation. For example a working group can then discuss
>> based on those.
>
> If Cristina says it's too premature for a standards track then I guess
> that's right but I also think that putting things up there maybe on a
> separate mailing list and just discussing ideas/proposals for the
> protocol there could be useful. There are a lot of people very informed
> about protocol building and security issues which might be very helpful.
> It also means that maybe other VW vendors (who produce right now even
> more proprietary protocols) might be included at least a little bit and
> it might lead to a better chance at some interoperability in the end
> (where I agree there is space for different implementations but I would
> see this more in specific areas, for some areas I still think it makes
> sense to reuse existing standards such as OpenID, OAuth, OpenSocial and
> the like).
>
> -- Christian
>
>
> --
> COM.lounge GmbH
> http://comlounge.net
> Hanbrucher Strasse 33, 52064 Aachen
> Amtsgericht Aachen HRB 15170
> Geschäftsführer: Dr. Ben Scheffler, Christian Scholz
>
> email: info at comlounge.net
> fon: +49-241-4007300
> fax: +49-241-97900850
>
> personal email: cs at comlounge.net
> personal blog: http://mrtopf.de/blog
> personal podcasts: http://openweb-podcast.de, http://datawithoutborders.net
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>

More information about the Opensim-dev mailing list