[Opensim-users] [Opensim-dev] Grid <-> Authentication Service
Dr Scofield
DrScofield at xyzzyxyzzy.net
Fri Feb 15 18:15:21 UTC 2008
Dalien Talbot wrote:
> IMHO tackling the password authentication might be quite simple:
>
> 1) have a separate web service into which you login, and which returns
> you a 4-digit number, valid for, say, 15 minutes.
> 2) have a web service to answer the requests from the sims who will
> supply the hash from the client
> 3) have the simulator forward the hash from the client to this service
> upon the user login - and get the pass/fail result from this server.
>
> On a first look, this will be reasonably secure, easy to use, simple
> to code, and harder to crack than the web-single-sign-on proposal that
> I heard in the discussions some time ago.
yep. that should work. plus, it has the advantage that once the web-auth
stuff is back you can then just hand out proper secondlife:/// URIs. the
rest of the framework would already be in place.
you could even SMS the code to the users to a registered mobile phone :-)
cheers,
dirk
--
dr dirk husemann ---- math & computer science ---- ibm zurich research lab
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/
SL: drscofield at xyzzyxyzzy.net --------------------- http://xyzzyxyzzy.net/
More information about the Opensim-users
mailing list