[Opensim-dev] Trust & distributed grids
Melvin Carvalho
melvincarvalho at gmail.com
Tue Nov 24 15:35:12 UTC 2009
On Tue, Nov 24, 2009 at 3:40 PM, Infinity Linden (Meadhbh Hamrick)
<infinity at lindenlab.com> wrote:
> heya.
>
> just as a FYI, we're going to be working through the whole trust
> management issue as part of VWRAP. there was some informal discussion
> about using X.509 on the ogpx list running up to a general agreement
> we should try to agree on the problem domain before pushing any one
> particular technology.
X.509 is the way to go.
However I say FOAF is probably the ideal long term solution for this
stuff. This blog gives an example of the user experience
http://blogs.sun.com/bblfish/entry/foaf_ssl_in_mozilla_s
>
> so... based on informal discussions about trust management on a VWRAP
> open grid seem to be tending towards OAuth and PKI. there is some
> heartburn about including OpenID directly into the specifications, but
> i understand that jhurliman is working on some OpenID tools to work
> with cable beach. and tao (aka christian) is working with xmlgrrrl on
> ProtectServ, which should be VERY interesting at some point.
>
> so from a standards perspective, there's a lot of cool stuff on the
> horizon and some more conventional stuff that'll probably get
> specified a little sooner.
>
> -cheers
> -meadhbh hamrick ( aka infinity linden aka meadhbh oh )
>
> --
> infinity linden (aka meadhbh hamrick) * it's pronounced "maeve"
> http://wiki.secondlife.com/wiki/User:Infinity_Linden
>
>
>
> On Tue, Nov 24, 2009 at 06:14, Robert A. Knop Jr. <rknop at pobox.com> wrote:
>> I don't know that this really *is* offtopic, unless it's already a
>> settled issue amongs the OpenSim devs.
>>
>> On Tue, Nov 24, 2009 at 02:19:20PM +0100, Impalah Shenzhou wrote:
>>> I could trust in you, but you need to tell me "you are really you" with a
>>> local login (i.e. email headers can be altered to impersonate as another
>>> person) or someone I trust should tell it to me (i.e. OpenID).
>>
>> Do you have any personal web pages anywhere? Do you run any CGI or any
>> PHP there? Do you identify everybody who comes there? That's the
>> analogy we should think about. Yes, we need a secure infrastructure so
>> that only the small number of people you *really* trust can do scary
>> things. But at the level of running regions -- well, you may be using a
>> hosting provider, or you may be hosting yourself, but you don't need
>> full and complete trust that everybody is who they claim to be just to
>> connect to the world.
>>
>> --
>> --Rob Knop
>> E-mail: rknop at pobox.com
>> Home Page: http://www.pobox.com/~rknop/
>> Blog: http://www.sonic.net/~rknop/blog/
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>>
>> iD8DBQFLC+pcfEn1oMJSrdsRApVqAKCGz8o5gt7vEqvl3HJK07jftpLi5wCg56g+
>> oq1mcfGvljoH5K0Y6X/WX9M=
>> =bh/M
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
More information about the Opensim-dev
mailing list