IETF Logo Mail Archive

[ogpx] Context for Service Establishment in OGP

Infinity Linden <infinity@lindenlab.com> Mon, 01 June 2009 09:49 UTC

Return-Path: <infinity@lindenlab.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 92AD53A6DBC for <ogpx@core3.amsl.com>; Mon, 1 Jun 2009 02:49:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.067
X-Spam-Level:
X-Spam-Status: No, score=0.067 tagged_above=-999 required=5 tests=[AWL=0.555, BAYES_05=-1.11, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nFmcQS3A+H+r for <ogpx@core3.amsl.com>; Mon, 1 Jun 2009 02:49:51 -0700 (PDT)
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.244]) by core3.amsl.com (Postfix) with ESMTP id D31393A6E0D for <ogpx@ietf.org>; Mon, 1 Jun 2009 02:49:50 -0700 (PDT)
Received: by an-out-0708.google.com with SMTP id c3so5514987ana.4 for <ogpx@ietf.org>; Mon, 01 Jun 2009 02:49:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.132.4 with SMTP id f4mr6863823and.109.1243849788918; Mon, 01 Jun 2009 02:49:48 -0700 (PDT)
Date: Mon, 1 Jun 2009 02:49:48 -0700
Message-ID: <3a880e2c0906010249n34bf1b3di1aa588a6ba9b9bde@mail.gmail.com>
From: Infinity Linden <infinity@lindenlab.com>
To: "ogpx@ietf.org" <ogpx@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [ogpx] Context for Service Establishment in OGP
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2009 09:49:51 -0000

whoops... that last message went out without context...

i've been talking with John Hurliman about OAuth and David Lavine
regarding X.509, and at some point it made sense to abstract the three
different authentication / authorization schemes into a single
"service establishment pattern." The message I just sent out really
describes only the mechanism (and only enough mechanism to understand
the concept.) over the next couple of weeks, i'd like to add some more
detail to this and integrate it into the OGP : Authentication
document. So feedback will definitely be welcomed.

to recap:

* there are three different types of authentication / authorization:
password, X.509 and OAuth
* password auth is appropriate for user -> server authentication
* X.509 is appropriate for server <-> server authentication, and
* OAuth is appropriate for server -> distant peer (whom you may not
have an explicit trust relationship with.)
* in all cases, you start with an authenticator (a password, a
certificate or a token) and by presenting it to a server at a well
defined service establishment URL, you'll get a seed cap back
* with that seed cap, you can request those specific capabilities you require

more details and examples forthcoming.

-cheers
-meadhbh

v2.8.7 | Report a Bug | By Email