[sldev] [META] Formal critique of new auth mechanism?

[Dzonatas]

I'm not sure if I'll make the office hours, but I just like to request 
the option to authenticate by SSL certificates. It's not mandatory 
option, but the feature is partially present already, and if fully 
implemented it requires no human interactive session initiation.

On top or to the side of that sometime, people could then add PGP style 
keys to enable very restricted access.

I'm keeping automation in mind.

Anyways... my L$2

Rob Lanphier wrote:
> On 9/29/07 8:05 AM, Dale Glass wrote:
>   
>> Nothing creates interest in alternative viewers like fixing, or at
>> least working around bad ideas implemented by LL.
>>     
>
> Alright folks, nothing here is a done deal, so here's what I really hope
> happens next:
>
> 1.  Let's make sure this is on the agenda of an appropriate office
> hour.  Since Zero's studio is involved, it probably makes the most sense
> to bring it up there.  I believe Zero is out of the office on Tuesday of
> this week, so I'm not sure what the status of his Tuesday office hour
> is, but I'm pretty sure he'll be in on Thursday.  We can use the
> Thursday Open Source Meeting as a venue for discussing this as well.
>
> 2.  It would be really helpful if someone here volunteered to write a
> formal critique, incorporating the salient points from this thread,
> expanding on some of the earlier points (e.g. detail a specific example
> of an XSS attack involving the proposed scheme), and providing a list of
> questions that you'd most like addressed.  The goal is to have something
> that multiple people feel good attaching their name to; it doesn't have
> to be the unanimous consensus of the list, but the more names of people
> who we recognize as thoughtful contributors, the more weight it will
> carry.  If this can be completed in a timely manner, I'll work with the
> team on a detailed response
>
> That's not to say that the informal conversation that's happening now
> can't continue, but I think the proposal above is a better path than the
> one we're on to making sure the right outcome is achieved and that the
> most people understand why its the right outcome.  If we rely solely on
> this email thread, our response is almost certainly going to be
> fragmented and incomplete; we'll probably waste time responding to
> points most people don't care about, miss points that everyone feels are
> essential, and likely (due to human nature) respond to the weakest
> expression of the strongest points.  Proposals for alternate process are
> also welcome.
>
> Rob
>
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>   

-- 
Power to Change the Void
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070929/55e75db2/attachment-0001.htm