Christian Scholz wrote: > We have been talking about it quite a bit in early 2008 in the > DataPortability Group. There was also some discussion about that concept > in the DiSo group. > > [...]
Cool. >> Point 4 is also pretty much covered, with code already in place in >> OpenSim, used by Grider. The client requests these tokens from the >> User Server (ID server, whatever you want to call it), sends them to >> each server it wants to use, including regions, the servers in turn >> verify them with the User Server. > > But I assume that this won't work with services outside the OpenSim > realm? (e.g. MySpace) I haven't been thinking of those uses, but I don't see any reason why it shouldn't work in exactly the same way. You need: (a) an ID server; (b) a client for the user; (c) a bunch of services that the user uses. Upon login, a master key is given to the client. That master key is then used by the client to request tokens from the ID server for each service that the user wants to use. Those tokens are sent along the first time the client accesses the services, and the services verify the tokens with the given authority in them. If you want to see how this key request/verification process currently works in OpenSim, take a look at OpenSim/Framework/Communications/UserManagerBase -- at the very end of that file. Those keys are sent along authenticated requests, like for example OpenSim/Framework/Communications/Services/HGInventoryService This particular service then establishes a bunch of CAP URLS for secure access to inventory. Service discovery is another matter, I think. For starters, we can assume that the user explicitly specifies the URLs of the services it uses -- so that service catalogue you mentioned -- in his/her ID server. > The reason I like OpenID and OAuth is that it will allow in the future > to manage a limited set of identities properly. There is no need to > create yet another account with profiles etc. on each service. This is > also very much where the discussions in the social networking space are > heading right now and it would be great if I can reuse the same things > in OpenSim, too. You don't need OpenID redirects to do this. You login directly with your ID service. _______________________________________________ Opensim-dev mailing list Opensim-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/opensim-dev