[sldev] [Upcoming Changes] Website Viewer Authentication

[Donovan Linden]

I believe the current method of passing a custom -loginuri to the  
client will still continue to work.

Donovan

On Sep 28, 2007, at 2:57 PM, Adam Frisby wrote:

> Will the new login URL's include the ability to switch the IP of  
> the server you are logging in to? (I imagine that will be essential  
> for things like SLProxy, OpenSim and beta grids)
>
> ? :)
>
> Adam
>
> David Kaprielian (Sabin) wrote:
>
>> Hey all.  I'm Sabin Linden, a developer here at Linden Lab.  You  
>> may know me as that Linden with the pixel avatar or maybe...  
>> well... actually I don't do much external facing work so you  
>> probably don't know me at all.  Don't worry, you're not missing  
>> out on much.
>> In any case, I wanted to take a moment and send to this list some  
>> security changes Linden is going to make in order to further the  
>> efforts of anti-fraud and phishing prevention.  Pretty soon we're  
>> going to consolidate logins to our website so we can eventually  
>> centralize the process.  In other words, residents will not have  
>> to type their name and password into SL viewers and applications,  
>> they'll type them into our website instead.  The process that  
>> occurs is as follows:
>> 1: After logging into the website, you'll be taken to a new page  
>> that has the same login location options the current SL viewer has.
>> 2: When you hit the Go button, a form is submitted to a php page,  
>> which redirects to a secondlife:/// url that has a web key  
>> appended to it.
>> 3: The secondlife:/// url itself will launch Second Life with  
>> locational details and the web key will authorize your account for  
>> login.
>> Note: You can find more detailed information (the whys and hows)  
>> on the public wiki at https://wiki.secondlife.com/wiki/ 
>> Viewer_Authentication
>> This method works for Windows and Mac machines, but unfortunately  
>> due to the nature of how Linux handles secondlife:/// links (it  
>> doesn't), we have been unable to come up with a proper, catch-all  
>> solution that would allow this method of login to work for 100% of  
>> the Linux using population.  We estimate (aka: make an educated  
>> guess) that we can catch about 70% of Linux users at first and  
>> will be working to get that number as close to 100% as possible.   
>> However, because there are so many different distributions and  
>> configurations of Linux available, there's always the possibility  
>> of people who cannot launch Second Life from the website.   
>> Fortunately, we will be implementing a login screen for each of  
>> our viewers (similar to the one you see now) which goes through  
>> our website.  Although this doesn't allow as much security as we  
>> would like (since you're still technically typing your password  
>> into the viewer) it will, at least, allow all Linux users to log  
>> in.  Additionally, it will provide a fall-back for those who are  
>> used to the current way of logging in.
>> With this information, I wanted to get your feedback!  Do you  
>> think there's a way we could make website viewer authentication  
>> work for all Linux users?  Do you have any specifications for how  
>> this will interact with your third party viewers and  
>> applications?  Anything I haven't covered that you're worried  
>> about?  Thanks for your time everyone, we'd love to hear what you  
>> have to say.
>> ~Sabin
>> _______________________________________________
>> Click here to unsubscribe or manage your list subscription:
>> /index.html
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html