[Opensim-dev] Authentication and oAuth

[Diva Canto]

I just realized that this discussion about 
authentication/authorization/security/ etc is actually happening at two 
levels. It's important to unpack that.

On one level we have integration with the Web. For example, we want 
users of OpenSim worlds to be able to use their identities in Web 2.0 
sites, and vice-versa. Definitely. OpenID+OAuth seems like a very good 
idea for that purpose.

On another level (which is the level I'm looking at right now) we have 
the interactions between user agents and regions. I really don't think 
that the model {region=consumer, inventory server=service provider, 
agent=user} is the right model. It's a lot more interesting than that; 
the authentication & authorization goes both (or even multiple) ways, 
not just one. Therefore the applicability of OAuth is questionable. 
That's why thinking through the details is so important.