[sldev] OpenID & SSL certificates

[Dzonatas]

Argent Stonecutter wrote:
> On 30-Sep-2007, at 09:49, Dzonatas wrote:
>> For example, when the user first logs in, they access the 
>> certification through an login with the OpenID. Once the 
>> certification scheme generates and propagates authorities andkeys, 
>> the user no longer need to use OpenID to re-establish sessions.
>>
>> One of the users certificate may expire. In this case, the user logs 
>> into the OpenID system again to lease/create a new certificate. The 
>> system re-propagates as needed.
>
> How does this handle alts?

With multiple certificates. The selection of what certificate to use is 
at the client side.



>
> Does this require my using the same identity with SL as with other 
> OpenID services?


I'm not sure by "other" you mean affiliated or non-affiliated OpenID 
servers. If one wishes for maximum flexibility, then the identity used 
at OpenID login should not be closely tied with the identity used for 
the SL account. If one wants maximum anonymity, the two should be tied 
closely.

However, there is the potential for an affilate OpenID server to verify 
RL ID and issue a likewise certificate that SL could use.

For example, IBM announced tentative plans to implement in-world dialog 
portals for the U.S. congress (federal and state). That may require a 
very strict RL ID verification system where even LL can't access the 
pertinent details, but they can be verified to LL through the certificate.

>
> Can the authentication be handled entirely within SL?

Since SL can be partially in-world and part web, as it now exists, yes.

For example, if the viewer does not find a certificate stored locally, 
it can open a browser window to the OpenID login, or it can prompt to a 
insert USB drive with a (mobile/temp) certificate.


-- 
Power to Change the Void