[Opensim-dev] Authentication and oAuth
Diva Canto
diva at metaverseink.com
Mon Mar 2 00:06:31 UTC 2009
I just realized that this discussion about
authentication/authorization/security/ etc is actually happening at two
levels. It's important to unpack that.
On one level we have integration with the Web. For example, we want
users of OpenSim worlds to be able to use their identities in Web 2.0
sites, and vice-versa. Definitely. OpenID+OAuth seems like a very good
idea for that purpose.
On another level (which is the level I'm looking at right now) we have
the interactions between user agents and regions. I really don't think
that the model {region=consumer, inventory server=service provider,
agent=user} is the right model. It's a lot more interesting than that;
the authentication & authorization goes both (or even multiple) ways,
not just one. Therefore the applicability of OAuth is questionable.
That's why thinking through the details is so important.
More information about the Opensim-dev
mailing list