[sldev] [Auth] [OpenID] OpenID and AWG

Dzonatas dzonatas at dzonux.net
Sun Oct 7 07:38:34 PDT 2007


Should AWG focus on this first as discussion?

After I read that long long wiki log...hmmm..., I think this is 
something that can be tackled easier and have more of an immediate impact.

Matthew Dowd wrote:
> I've already covered this scenario in other posts to the list.
>  
> There is a lot of work on  brokered id validation, which could use 
> OpenID or similar as the foundation piece.
>  
> A feature an OpenID provider can do is to provide an attribute look up 
> service (similar to Shibolleth), so that SL (or others) can send back 
> queries such as Age, Over18Status, Address.
>  
> You can control how much or how little is revealed to a particular 
> provider (so SL may be able to ask Over18Status but not Age; your web 
> service provider may be able to ask for MobilePhoneNumber etc.)
>  
> It terms of validating - this is done by third party brokers - so your 
> bank may sign the Age and Over18Status properties (using certificates 
> or similar) - there is some industry interest in providing such services.
>  
> This validation is therefore completely independent of who the OpenID 
> provider is.
>  
> If this gets off the ground, on LL's side, it becomes a case of which 
> identity providers they are willing to trust (say some major league 
> banks).
>  
> On the users side, LL gets to access *only* the information they need 
> (i.e. Over18Status), whilst all the supporting information for this 
> only needs to go to someone who trust or have already trusted with 
> this information (e.g. your bank). In essence this is a digital 
> automated equivalent of a notary signing a "this person is over 
> eighteen" statement...
>  
> Yes - there is still a lot of work outstanding on the above, and it 
> will only fly if there's enough momentum behind it, but this is a 
> direction that is attracting a lot of interest in the online 
> verification debate.
>  
> Matthew
>  
>
>
> > Date: Sun, 7 Oct 2007 02:14:54 -0400
> > From: gigstaggart at gmail.com
> > To: kamilion at gmail.com; sldev at lists.secondlife.com
> > Subject: Re: [sldev] [Auth] [OpenID] OpenID as SL Authentication 
> Solution
> >
> > Kamilion wrote:
> > > I've been doing some surfing on OpenID, and found out a lot about it.
> >
> > So I set up gigstaggart.com/openid as my own provider. I claim to be
> > Bill Clinton. Second Life has no way of knowing I'm not Bill Clinton,
> > since my provider (me) doesn't do any strong authentication of who I am.
> >
> > Replace Bill Clinton with "over 18", if you want the age 
> verification angle.
> >
> > Basically, OpenID is only as strong as the provider in terms of real
> > authentication. The only OpenID provider that would be acceptable for
> > Second Life would be Linden Lab. Back to square 1.
> >
> > -Jason
> > _______________________________________________
> > Click here to unsubscribe or manage your list subscription:
> > /index.html
>
>
> ------------------------------------------------------------------------
> Get free emoticon packs and customisation from Windows Live. Pimp My 
> Live! <http://www.pimpmylive.co.uk>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>   

-- 
Power to Change the Void
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071007/25a7a8a9/attachment-0001.htm


More information about the SLDev mailing list