[Opensim-users] Grid <-> Authentication Service

[Diva Canto]

dr scofield wrote: 
> that makes it rather easy for any of your UCI users to log in as any 
> other UCI user. if that's what you want, fine. were i a UCI user, i'd 
> not like that...
>
> if you were planning on using the password field as well, that is 
> going to require some additional code at the UCI authentication 
> service side as the password is not being send in the clear by as a 
> salted MD5 hash, so you'd have to generate those for all your UCI users.
>
>    cheers,
>    dirk
>
>
We will use passwords, of course, that's how authentications get done 
these days. We'll have to figure out how to handle the MD5 hash if the 
campus authentication service doesn't do it. Of course, better would be 
if the credentials were entered at the site of the authentication 
service, which is how this usually works on the web: you want to login 
to your grades -> you're first redirected to the authentication service 
-> you come back to the grades system.

In any case, what I really want is to let everyone in, UCI and non-UCI, 
and properly ACL things -- just like what happens on the web. OpenSim 
still doesn't have permissions, so that probably won't be done now. But 
when it has permissions, that's what we will want. This whole idea of 
having un-interoperable domains of users, each grid with its own domain, 
is not going to scale to the kinds of things universities want to do 
with virtual worlds; it's a major step *back* from what we got 
accustomed with the Web. We want interoperable ID domains, interoperable 
inventory (storage) domains, gridless and intergrid sim-to-sim TPs, 
external exposure of data for search engines, and all kinds of good old 
web openness, properly ACLed -- that's very clear.