[Opensim-dev] Authentication and oAuth

[Tommi Laukkanen]

Hi Diva

Thanks for the analysis. I have to admit I have only fastly scanned the
oAuth spec. They advertise that it works for desktop applications so I
assume it should not necessarily be too complex for the end user and not too
hard to implement either. Someone would need to study / poc it or get a
statement from the oAuth team. If the viewer acts as users and regions are
consumers it could be that it can be nicely automated and hidden from the
user. This would allow us to use all those identity providers who have
adopted oAuth. Personally I think identity management, authentication and
authorisation are so well known fields that it would be odd if we had to
invent it from scratch. That said we should not try bend a standard to
something which is not suitable for.

In the end it is important to realise that this is not just about virtual
worlds but all identity management in the net. No user wants to upkeep
separate credentials just for virtual worlds. Besides web and vws will
become more and more entangled in the long run. If we want to have a system
which will fly in the near future we should stick our identity eggs to same
basket with the rest of the internet crowd.

regards,
Tommi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090301/9ed36bf9/attachment-0001.html>