[Opensim-dev] Opensim Auth and Access Control / FOAF+SSL

[Melvin Carvalho]

OpenID / OAuth is not a bad choice for a decentral login / delegated
credentials system, they wre the first system of its kind and is
gaining some traction now, however for this project I would strongly
recommend looking at FOAF and SSL

http://esw.w3.org/topic/foaf+ssl

FOAF is a global solution (using XML/RDF) for describing person data,
backed by the w3c, and is extremely extensible.  It has been around
for over 10 years and there are about 100 million FOAFs out there.
This allows you to keep a global version of, say, your avatar and
allow other grids (and systems) to pick it up immediately.  You also
will be able to get the benefit of semantically marking up data (not
only avatar data) which allows its reuse in other systems, and aslo
the ability to import, for example from openstreetmap etc.

SSL is a well established mechanism for authentication built in to
most clients.  Using X.509 client certificates you can avoid some of
the nasty problems of phishing and reliance on a 3rd party identity
provider, because the authentication goes on in the well established
TLS handshake that comes with every browser, and uses strong PKI to
ensure ownership of an avatar.

Combining these 2 techniques, is a relatively new but evolving
strategy, and will likely fit very well with what opensim is trying to
do, and should be extensible to match opensim's long term goals.  It
is considerably less complex than OpenID, and will be backwards
compatible with both OpenID and Oauth, so in theory you should be able
to get a flavour of OpenID and Oauth for free, but you'll be able to
do much richer things than OpenID sreg / attribute exchange.

I would encourage opensim developers to look at this, as it evolves,
and am happy to answer any questions.