Re: [ogpx] A Review of Multi-Domain Use Cases [Was: Re: OpenID and OGP : beginning the discussion ...]

[Carlo Wood <carlo@alinoe.com>]

On Mon, Jun 29, 2009 at 12:14:07PM -0700, Infinity Linden wrote:
> so yeah. a global identifier of some sort is good. it does not need to
> be an email address, but it will have some of the same
> characteristics: part of it will unambiguously identify the authority
> (i.e. the FQDN of the agent domain host that holds info about the
> agent) and the other half holds the identifier that is unique inside
> that domain. i would vote we use a URI; they have these
> characteristics, and they're not an email address that can be spammed.

Agreed. I'd be fine with an url that includes the authority that holds
my account (login credentials). If only because then all viewers have
a nice point to 'contact' to report abuse.

> but at the end of the day if you want distant systems to be able to
> reference individual agents, you would need a way to address them, and
> unless you wanted to REQUIRE a white list you have to admit the
> possibility that a malicious adversary might try to force the protocol
> or spam you.

I'm not that afraid of spam :). I'm "afraid" that I wouldn't be able
to be a different person in SL, because everyone would be able to
find who I am and what i do in RL with a simple Google on my email
address. This is about privacy.

> i also don't think having two John Jones rezzed in the same region at
> the same time is _that_ big of a problem, provided the region domain
> and the client application have enough information to disambiguate the
> two if it is required.

It's definitely a lesser problem than if there can't be two John Jones
rezzed at the same time!

-- 
Carlo Wood <carlo@alinoe.com>