[sldev] More about viewer auth in today's RC

[Tess Chu]

Back in October, we requested feedback about the Viewer Authentication 
project with a broad set of unfocused goals, which masked the main drive 
for the project: Code consolidation of authentication for future 
anti-fraud efforts.  As I'm sure you've noticed by now, the upcoming 
1.18.6 release candidate has the implementation of this new system.

Much of the ensued debate centered around the relative security of the 
old xml-rpc based approach versus the new approach of using HTML.  We 
*weren't* necessarily trying to make the mechanism itself more secure 
(we believe both mechanisms are secure), but rather, we want to give 
ourselves greater flexibility to use new security mechanisms already 
being successfully employed by banks, credit-card companies, and other 
service providers that need rigorous security regimes.  By moving to 
standard HTTPS plus HTML, we get the benefit of being able to integrate 
new security systems without creating a lot of custom code.

We realize that the way that we went about this was a little clumsy.  We 
have a lot of conflicting priorities to balance; we're working on the 
part of the system that is necessarily shrouded in the most secrecy 
(since we are trying to keep the bad guys out).  Though we fully expect 
Second Life to become more open over time, there will always need to be 
secrets.  We are, after all, not planning on publishing the root 
password for our systems any time soon.

The process of making Second Life more open will take time, and will 
probably (unfortunately) be filled with awkward moments like this one 
where we figure out how to work together with you all.  Please bear with 
us, we're trying to learn the best way to do this.

Thanks,
Tess