Re: [ogpx] A Review of Multi-Domain Use Cases [Was: Re: OpenID and OGP : beginning the discussion ...]

Be aware that (firstname, lastname) as a unique identifier within a 
service is a quirk of Second Life, and not necessarily something that 
every OGP provider must use. One could imagine services that use single 
field account identifiers (like most email providers), or allow more 
flexibility in name choice to match real-world conventions.

It sounds like we're all agreeing, though - there will be some N-part 
unique identifier (which may be easily human readable, but may not) 
issued by an authoritative domain to a user, and given that the domain 
almost certainly has a globally unique identifier of its own (i.e. DNS 
name) there is a composition of the two that can give a globally unique 
identifier for the agent.

We should also be explicit that these identifiers are not necessarily 
also used as authentication credentials. Some service providers may want 
two-factor authentication (e.g. hardware key fob) or private login 
credentials distinct from any public identifiers for additional 
security. The 3-tuple login credentials (firstname, lastname, password) 
which Second Life uses today should not be viewed as the only allowable 
mechanism.

Joshua Bell (but *not* the Joshua Bell from http://www.joshuabell.com/)

Charles Krinke wrote:
> Hmmm. Well, it seems reasonable to me that each grid has one and only 
> one first/last avatar of any particular first and last.
>
> Admiteddly, I am more focused on the OpenSim and the OSGrid side of 
> this interop discussion, but, since the precedent has already been set 
> for <first>.<last>@GridName.Com it seems a reasonable and 
> non-ambiguous method.
>
> All avatars on OpenSim grids do have a UUID, so that could certainly 
> be exposed. Then we could have conversations between 
> "0123-4567-89ab-123456899abc-defa" and others instead of 
> <first>.<last>@gridname.comgridname.com, I suppose.
>
> Charles Krinke
>
> ------------------------------------------------------------------------
> *From:* Infinity Linden <infinity@lindenlab.com>
> *To:* Charles Krinke <cfk@pacbell.net>
> *Cc:* Carlo Wood <carlo@alinoe.com>om>; Meadhbh Siobhan 
> <meadhbh.siobhan@gmail.com>om>; ogpx@ietf.org
> *Sent:* Monday, June 29, 2009 12:19:18 PM
> *Subject:* Re: [ogpx] A Review of Multi-Domain Use Cases [Was: Re: 
> OpenID and OGP : beginning the discussion ...]
>
> hmm... i think over in the OGP world we have a history of being
> enamored with capabilities and RESTful resources, ergo my suggestion
> that an agent's unique ID be an URL. If the public URL a service may
> go to to get public information about an agent is the unique ID for an
> avatar, then you don't need a name to service resolution step, which
> has some advantages. i don't want to sound partisan, but the
> formulation below (that looks like an email address) seems to have the
> potential for ambiguity.
>
> On Mon, Jun 29, 2009 at 11:11 AM, Charles Krinke<cfk@pacbell.net 
> <mailto:cfk@pacbell.net>> wrote:
> > In some interop scenarios, and I am using HyperGrid as an example as it
> > addresses the same problem, the current solution is to use:
> >
> > <First>.<Last>@GridName.Com
> >
> > Which is not an email, but is a unique identifier for an avatar on a
> > particular grid.
> >
> > As OGP moves forward, it seems reasonable to me that the Grids (or 
> perhaps
> > AgentDomains to use the vernacular here) are the authority for a 
> particular
> > avatar that comes from that grid.
> >
> > Charles Krinke
> >
> > ________________________________
> > From: Carlo Wood <carlo@alinoe.com <mailto:carlo@alinoe.com>>
> > To: Meadhbh Siobhan <meadhbh.siobhan@gmail.com 
> <mailto:meadhbh.siobhan@gmail.com>>
> > Cc: Infinity Linden <infinity@lindenlab.com 
> <mailto:infinity@lindenlab.com>>; ogpx@ietf.org <mailto:ogpx@ietf.org>
> > Sent: Monday, June 29, 2009 9:18:15 AM
> > Subject: Re: [ogpx] A Review of Multi-Domain Use Cases [Was: Re: 
> OpenID and
> > OGP : beginning the discussion ...]
> >
> > On Mon, Jun 29, 2009 at 06:11:21PM +0200, Carlo Wood wrote:
> >> If this is the case, then I'm happy and there should be no problems
> >> in the future regarding this. If no separate ID is provided then
> >> several problems occur:
> >> * Impersonation (people deliberately using the same shape and skin etc)
> >> * IM's will be logged to the same file, because the viewer can't
> >>  know who is who.
> >>
> >> Also, the ID has to be same every time - because the viewer will
> >> need to recognize that this John Smith is not AGAIN a new one,
> >> but the same, every time.
> >
> > To clarify; what started this thread was this:
> >
> >    & identifier = {
> >        type: 'agent',
> >        first_name: string,
> >        last_name: string,
> >    }
> >
> > Here I only see 'first_name' and 'last_name'.
> > As we've established now (I hope) this is not enough at
> > any level of the protocol, not between servers, but also
> > not between server and client.
> >
> > Hence, it worried me. If you say "identifier" I expect
> > something globally unique.
> >
> > I think this should be:
> >
> >    & identifier = {
> >        type: 'agent',
> >     uuid: string,
> >        first_name: string,
> >        last_name: string,
> >    }
> >
> > Where the uuid is not only unique, but constant for any given
> > account (it doesn't change if one logs out and logs in again).
> > It could be an email address, but for privacy reasons I think
> > that should not be used; some hash seems much more logical.
> >
> > --
> > Carlo Wood <carlo@alinoe.com <mailto:carlo@alinoe.com>>
> > _______________________________________________
> > ogpx mailing list
> > ogpx@ietf.org <mailto:ogpx@ietf.org>
> > https://www.ietf.org/mailman/listinfo/ogpx
> >
> ------------------------------------------------------------------------
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>   