With all due respect to you and the people who find the problem of
bounded interoperability interesting, that is not the problem I'm trying
to solve. We have different goals. So, find a solution for your problem
(not difficult, in my view, and it looks like you already found it), and
those of us who are interested in unlimited interoperability will a find
a solution to ours. I'm sure OpenSim can accommodate all of the above.
As Teravus suggested, for our problem of unlimited interoperability, the
final key here is to authenticate the viewer's endpoint. We're close.
Crista
Mark Malewski wrote:
Crista,
If Grid owners chose to use OpenID to allow users to authenticate
(between grids) that would be a choice that a Grid owner would have to
make. You can't just expect ALL grids to be wide open, without any
form of interoperable secure authentication (trust) between grids, and
also expect everything to remain secure at the same time.
You either have one, or the other. You either have trust, or you
don't have trust. The "trust agreement" needs to be done somehow, and
"OpenID" is just one simple "open standards" based "trust agreement"
that Grid owners could use.
It seems like a very logical choice.
http://groups.google.com/group/google-federated-login-api/browse_thread/thread/dc0923363b5ef2dc/e46014d89ab520c2
Grid owners (who chose to implement OpenID logins) could just have a
login page similar to this:
http://wiki.openid.net/session/login?page_name=OpenIDServers
With a little "OpenID" symbol, so users knew they could login with
their OpenID login. Again, this "trust" relationship would then be
done by OpenID (between grids).
*/> For those of you who don't know, this already exists. Click this:
/*> */http://osgrid.org:8002/users/charles_krinke/*
*/> or this:
/*> */http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes/**/ /*
I do apologize, I just checked both of those links, and didn't realize
that OS Grid and UCI were both already setup to run their own OpenID
identity servers.
Then nevermind, I retract what I was saying earlier, because there
would not need to be any form of "trust relationship" between grids,
as the "trust" relationship would be established via the OpenID server.
Each Grid would need to allow users to login/authenticate by either
having an OpenID login page, but yes... if osgrid and ucigrid are both
running OpenID identity servers then something like this could be
implemented.
*/> I'm not going to act on anything that suggests "trust agreements
between various grids." /*
I'll clarify that statement, by saying/explaining that the "trust
agreements" between various grids would be done via OpenID standards
(an OpenID login using an OpenID identity server).
I do apologize, and I did not know that osgrid already had an OpenID
identity server setup.
*/>The goal is to be able to go from my home standalone to *any* sim
out there that I know >nothing about, and still be sure that nothing
bad will happen to my belongings. Anything less >than this is not
acceptable as a goal, for me.
/*
I stand corrected, yes... you could "in theory" move between grids by
using something like OpenID to authenticate across grids.
*/> This way various grids could all run "openID" servers, and trust
agreements would need/*
*/> to be /**/established between the various grids./*
Again, let me clarify... various grids could run OpenID servers, and
the "trust agreements" would be established by the various OpenID
identity servers.
Mark
P.S. What OpenID servers are OS Grid, and uci.edu <http://uci.edu>
running? Are they using a OpenID 2.0 compliant identity server? Are
you using Prairie? NetMesh InfoGrid LID PHP?
On Mon, Feb 23, 2009 at 7:05 PM, Diva Canto <d...@metaverseink.com
<mailto:d...@metaverseink.com>> wrote:
Mark Malewski wrote:
Just to clarify...
*/> Grids could provide openIDs in the form of
"/**/openid.osgrid.org/users/screenname/*
<http://openid.osgrid.net/screenname>*/"/*
With all grids being independent of one another, or in the
example given by John, maybe use an
"openid.osgrid.org/users/screenname
<http://openid.osgrid.org/users/screenname>"
http://openid.osgrid.org/users/Charles_Krinke
For those of you who don't know, this already exists. Click this:
http://osgrid.org:8002/users/charles_krinke
or this:
http://ucigrid00.nacs.uci.edu:8002/users/crista_lopes
Again, in this example Charles happens to have his identity at
OSGrid, but that's not a requirement of the exchange. It could
just as easily been an identity from another grid.
This way various grids could all run "openID" servers, and trust
agreements would need to be established between the various grids.
I'm not going to act on anything that suggests "trust agreements
between various grids." That's an AWG concept that I very much
disagree with, and want no part in. I have no problem with
companies cutting corners on security in order to be able to
exchange agents on a lawyer-backed up trust basis. But that's not
what I'm doing here, and that's not what a lot of people want
OpenSim to be.
The goal is to be able to go from my home standalone to *any* sim
out there that I know nothing about, and still be sure that
nothing bad will happen to my belongings. Anything less than this
is not acceptable as a goal, for me.
Crista
_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de <mailto:Opensim-dev@lists.berlios.de>
https://lists.berlios.de/mailman/listinfo/opensim-dev
------------------------------------------------------------------------
_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
Opensim-dev@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
