Avatar, Authentication, Assets, and Identity -- Oh my!
Ryan McDougall
which is to unite all the services necessary to run an reX grid (reX
services, OpenSim UGAIM) with the services I think are important for
making a real internet-ready 3D VW framework (Cable Beach, OpenID,
etc).
I was unsure from the start whether we should attempt this before or
after we have a basic client viewer; however we have had a couple
research tasks based on these ideas, and given the progress of ModreX,
Belsepubi's glowing reports, and jhurliman's continuing work in
related areas, such as making the OpenSim.UserServer an OpenID
provider, I feel that now is a good time to make a move.
== reX-NG Requirements ==
* Distributed Identity System which doesn't rely on any central service.
* Avatar portability, so users can take their investment in their
avatar anywhere their Identity goes.
* Flexible Authentication System, so institutions can use their
existing security infrastructure, such as MS Active Directory or
Public Key Cryptography.
* Distributed Asset System, so the burden of hosting assets is more
distributed, yet not without some protection against copyright abuse.
* Simple Web-based Identity Registration System, so anyone wishing to
assert Identities, say as part of a hosted Grid, doesn't need write
their own registration and management applications.
== Use Cases ==
# Joe wishes to comment on a forum which supports OpenID
# He can either create an account for the forum, or he can use his reX avatar ID
# Joe downloads and creates a reX grid on joesworld.example.com
# Bob does so on bobsworld.example2.com, independent to Joe
# Joe wishes to travel from joesworld to bobsworld.example.com
# Bob white-lists joesworld.example.com on his UserServer
# Joe instructs his user agent to log-in to bobsworld.example.com
# Joe asserts the identity joe.joesworld.example.com on bobsworld.example.com
# Authorization to bobsworld.example.com is relayed from joesworld.example.com
# A URL to the Avatar server is relayed through an OpenID 2.0 attribute tag
# Joe enters successfully
== Proposed Solution ==
# Merge features of RexAuth into a UserServer plugin to create RexUserServer
# Modify existing User Registration webapp to support UserServer's
existing OpenID provider feature
# Devise a new OpenID-based login protocol which supports foreign logins
# Add OpenID client capabilities to GridServer or UserServer as a module
# Add white listing and black listing to the OpenID client in order to
support a Network of Trust
# Test cross-grid logins from white-listed domains
== Details ==
Belsepubi will research precisely what is implied here.
Cheers,
Toni Alatalo
> == reX-NG Requirements ==
>
> * Distributed Identity System which doesn't rely on any central service.
> * Avatar portability, so users can take their investment in their
> avatar anywhere their Identity goes.
> * Flexible Authentication System, so institutions can use their
> existing security infrastructure, such as MS Active Directory or
> Public Key Cryptography.
> * Distributed Asset System, so the burden of hosting assets is more
> distributed, yet not without some protection against copyright abuse.
> * Simple Web-based Identity Registration System, so anyone wishing to
> assert Identities, say as part of a hosted Grid, doesn't need write
> their own registration and management applications.
>
I think these are pretty much the same than there were for the current
system originally. The 'global avatar system'. The difference basically
being that OpenID was kinda reinvented (dunno how similarily exactly),
and that only avatar assets have been so far moved to the asset servers.
For example the idea with the authentication server was that it can have
an MS AD backend or whatever (was that even implemented / experimented
with?).
So refactoring to use OpenID and Cable Beach might be pretty
straightforward, though of course all kinds of difficulties always can
occur with these things.
~Toni