Hi Diva Thanks for the analysis. I have to admit I have only fastly scanned the oAuth spec. They advertise that it works for desktop applications so I assume it should not necessarily be too complex for the end user and not too hard to implement either. Someone would need to study / poc it or get a statement from the oAuth team. If the viewer acts as users and regions are consumers it could be that it can be nicely automated and hidden from the user. This would allow us to use all those identity providers who have adopted oAuth. Personally I think identity management, authentication and authorisation are so well known fields that it would be odd if we had to invent it from scratch. That said we should not try bend a standard to something which is not suitable for.
In the end it is important to realise that this is not just about virtual worlds but all identity management in the net. No user wants to upkeep separate credentials just for virtual worlds. Besides web and vws will become more and more entangled in the long run. If we want to have a system which will fly in the near future we should stick our identity eggs to same basket with the rest of the internet crowd. regards, Tommi
_______________________________________________ Opensim-dev mailing list Opensim-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/opensim-dev