Re: [ogpx] Using the LoginURI as a capability with the Client Application Launch Message
"Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com> Tue, 02 February 2010 22:11 UTC
Return-Path: <infinity@lindenlab.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D2F73A6999 for <ogpx@core3.amsl.com>; Tue, 2 Feb 2010 14:11:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.737
X-Spam-Level:
X-Spam-Status: No, score=-0.737 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sUNU5nd-gnRD for <ogpx@core3.amsl.com>; Tue, 2 Feb 2010 14:11:38 -0800 (PST)
Received: from mail-fx0-f215.google.com (mail-fx0-f215.google.com [209.85.220.215]) by core3.amsl.com (Postfix) with ESMTP id E095E3A688D for <ogpx@ietf.org>; Tue, 2 Feb 2010 14:11:37 -0800 (PST)
Received: by fxm7 with SMTP id 7so696433fxm.28 for <ogpx@ietf.org>; Tue, 02 Feb 2010 14:12:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.102.14.10 with SMTP id 10mr3857462mun.84.1265148733140; Tue, 02 Feb 2010 14:12:13 -0800 (PST)
In-Reply-To: <5cca23bc1002011526n5dbdd813s8cfe408bd6ea130b@mail.gmail.com>
References: <5cca23bc1002011526n5dbdd813s8cfe408bd6ea130b@mail.gmail.com>
From: "Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com>
Date: Tue, 02 Feb 2010 14:11:53 -0800
Message-ID: <3a880e2c1002021411q61c13f24pf52a3ea2d8f5da00@mail.gmail.com>
To: Arrogant Cyberstar <arrogant.cyberstar@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: ogpx@ietf.org
Subject: Re: [ogpx] Using the LoginURI as a capability with the Client Application Launch Message
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2010 22:11:44 -0000
sure. looks good. i'll add that to the next rev. -- infinity linden (aka meadhbh hamrick) * it's pronounced "maeve" http://wiki.secondlife.com/wiki/User:Infinity_Linden On Mon, Feb 1, 2010 at 15:26, Arrogant Cyberstar <arrogant.cyberstar@gmail.com> wrote: > There was a conversation in the #opensim-dev IRC channel recently where some > minor changes to the Client Application Launch Message and the Service > Establishment drafts were discussed. The discussion is being repeated here > to include the wider audience of persons interested in VWRAP. > The two documents in question are at: > * http://tools.ietf.org/html/draft-hamrick-ogp-auth-01 (auth / service > establishment) and > * http://tools.ietf.org/html/draft-hamrick-ogp-launch-00 (client app launch > message) > The first draft describes the LLIDL resources for VWRAP authentication. It > presupposes those resources are accessible at a fixed, well known URI > (termed the LoginURI.) The second draft describes the format and processing > expectations for a VWRAP Client Application Launch Message. The launch > message is generated by a web server as the result of successful OpenID > authentication or OAuth authorization. The draft defines a MIME type to > contain this message, and it is assumed the user's browser will register a > VWRAP viewer application to handle that type. When the viewer receives the > message, it would pass its contents along to the VWRAP client application > which would use information inside it to begin a UA session with an agent > domain. Specifically, the message would contain a username / password pair > (where the password may be a short term temporary shared secret) as well as > the URI of where to initially place the user's avatar. The contents of the > message were defined as LLIDL maps, and could therefore include additional > information (such as protocol endpoints for inventory services.) > The launch message draft requires the use of SHA256 to hash a randomly > generated secret shared between the web authentication / authorization > service and the agent domain. > It was proposed that rather than sending a shared secret to the client to be > used with a resource on a fixed URL, the system should allow the LoginURI to > be a capability. That is, it should allow the use of a launch message with a > null authenticator, but with a cryptographically unguessable URL. > The specific changes to the launch message draft would include: > 1. Referencing the authentication schemes in the auth / service > establishment draft rather than defining new ones in this draft. > 2. Rewording the specification to indicate the processing expectations: > a. if an authenticator map entry is present in the launch_request, the > loginuri should be considered well known and the client SHOULD use the > values in the authenticator map in conjunction with service establishment. > b. if the authenticator map entry is NOT present in the launch_request, > the loginuri should be considered a capability and clients should take due > care in handling it's concents, and MUST NOT include an authenticator map in > the authentication request. > Changes to the authentication / service establishment draft would include: > 1. explicit mention of the "null" authentication scheme. that is... if the > authenticator map entry is not present in the service establishment message, > authentication is assumed to be handled by the transport. > These changes should allow the client application launch message to be used > with web authentication techniques like OAuth and OpenID as well as with > client side certificates when carried over TLS. > > > _______________________________________________ > ogpx mailing list > ogpx@ietf.org > https://www.ietf.org/mailman/listinfo/ogpx > >
- [ogpx] Using the LoginURI as a capability with th… Arrogant Cyberstar
- Re: [ogpx] Using the LoginURI as a capability wit… Infinity Linden (Meadhbh Hamrick)