<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial,helvetica,sans-serif;font-size:12pt"><div>That is an interesting point. I think the perception by some is that we would like to have 'seamless' use of openid/oauth between various grids as folks might move from grid to grid using OGP, MXP, HG or other interop notions. So, popping up a password dialog in the midst of a teleport might be 'off putting'. <br><br>I had heard there was a use case where that was not the case, but admit that I am not all that familiar with the inner workings of openid/oauth. If we need to have a password dialog in interop teleports, well, that may be a small price to pay.<br><br>Charles<br></div><div style="font-family: arial,helvetica,sans-serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><font size="2" face="Tahoma"><hr size="1"><b><span style="font-weight:
bold;">From:</span></b> Melvin Carvalho <melvincarvalho@gmail.com><br><b><span style="font-weight: bold;">To:</span></b> opensim-dev@lists.berlios.de<br><b><span style="font-weight: bold;">Sent:</span></b> Saturday, April 25, 2009 11:10:08 AM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [Opensim-dev] OAuth as authentication and authorisation (capability) specification<br></font><br>
On Sat, Apr 25, 2009 at 5:09 PM, Tommi Laukkanen<br><<a ymailto="mailto:tommi.s.e.laukkanen@gmail.com" href="mailto:tommi.s.e.laukkanen@gmail.com">tommi.s.e.laukkanen@gmail.com</a>> wrote:<br>> Hello<br>><br>>><br>>> Oauth is not an authentication system, it is delegated credentials<br>>> system via a third party.<br>>><br>><br>> Authentication and authorisation with delegated credentials is what we<br>> need as identities will be provided by identity providers and assets<br>> from asset providers in distributed model. We need the client to be<br>> able to authenticate against indentity provider acquire tokens and<br>> provide them to region for authentication on region level, access to<br>> profile information and assets etc. It is not good idea to pass<br>> credentials to the region server directly.<br><br>It's a good tech, and the community has done a lot of work getting the<br>open model
recognised.<br><br>You'd be looking at at least two specs, openid and oauth to start<br>with, then there's a few others such as sreg and attributute exchange,<br>maybe pape, so there is some complexity there.<br><br>Also bear in mind that this was designed with standard pattern is<br>username/login from the 3rd party interface, so you'd have to server<br>up, for example a google login form (or every other kind of login<br>form) when singing in, or perhaps when teleporting, which might not be<br>the ideal user experience.<br><br>><br>>> FOAF+SSL (aka Secure Web ID), is a much newer 3.0 techonology which<br>>> has less complex interactions (no third party authentication or<br>>> passwords required, it is a client server). In a nutshell it uses the<br>>> well established SSL protocol for authentication, and FOAF to makup a<br>>> public key in your profile.<br>><br>> You can use OAuth for 2 legged authentication
but your suggestion<br>> sounds interesting as well. One would like to be able to use existing<br>> networks hosting user identities but time will rectify that for any<br>> new technologies as they gain popularity.<br><br>Do take a look if you get a chance, it's a good system, and SSL PKI is<br>mature and tried and tested, it is used to log in to secure email,<br>VPN, ssh and many other systems. You just need to store a public key<br>with the users assets and you're well on your way. Im happy to help<br>if it's needed, I'll try and follow the discussions here :)<br><br>><br>> -tommi<br>> _______________________________________________<br>> Opensim-dev mailing list<br>> <a ymailto="mailto:Opensim-dev@lists.berlios.de" href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br>> <a href="https://lists.berlios.de/mailman/listinfo/opensim-dev"
target="_blank">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br>><br>_______________________________________________<br>Opensim-dev mailing list<br><a ymailto="mailto:Opensim-dev@lists.berlios.de" href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a><br><a href="https://lists.berlios.de/mailman/listinfo/opensim-dev" target="_blank">https://lists.berlios.de/mailman/listinfo/opensim-dev</a><br></div></div></div></body></html>