[sldev] More about viewer auth in today's RC

Anders Arnholm Anders at Arnholm.se
Wed Dec 5 02:54:58 PST 2007

Previous message: [sldev] More about viewer auth in today's RC
Next message: [sldev] Viewer Auth + Automated Login (was RE: More about viewer auth in today's RC)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 04, 2007 at 03:47:17PM -0800, Tess Chu wrote:
> Back in October, we requested feedback about the Viewer Authentication 
> project with a broad set of unfocused goals, which masked the main drive 
> for the project: Code consolidation of authentication for future anti-fraud 
> efforts.  As I'm sure you've noticed by now, the upcoming 1.18.6 release 
> candidate has the implementation of this new system.

So far it sound good...

> Much of the ensued debate centered around the relative security of the old 
> xml-rpc based approach versus the new approach of using HTML.  We *weren't* 
> necessarily trying to make the mechanism itself more secure (we believe 
> both mechanisms are secure), but rather, we want to give ourselves greater 

The main problem have always been that it's outside the viewer, and
involve a new i.m.h.o. stupid way of starting the viewer and giving
information to the viewer. It's this small technical problem that many
have trouble with, moving stuff into an other domain adding stuff that is
hard and how to solve the big obvious problems this we have not see
answers on yet. It's makes good reason to believe that big problems still
exist and other goals have taken priority over the issues I believe it
more important. 

> get the benefit of being able to integrate new security systems without 
> creating a lot of custom code.

And lost very much flexibility, needed in the future.

> The process of making Second Life more open will take time, and will 
> probably (unfortunately) be filled with awkward moments like this one where 
> we figure out how to work together with you all.  Please bear with us, 
> we're trying to learn the best way to do this.

I hope we can continue to work and understand each other (I happen to
work at the moment in a department ding this kind of work for many
government agencies in the world.) Our approach in details are
very different, we are bot scared of the little extra work if it add more
to the security, we can't afford to take the small error way in we have
to make the extra mile.

/ Balp
-- 
      o_   Anders Arnholm,               HiQ - Consultant
 o/  /\    anders at arnholm.nu             Phone  : +46-703-160969
/|_, \\    http://anders.arnholm.nu/     http://www.hiq.se
/
`

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20071205/e9ea940a/attachment.pgp

Previous message: [sldev] More about viewer auth in today's RC
Next message: [sldev] Viewer Auth + Automated Login (was RE: More about viewer auth in today's RC)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list