IETF Logo Mail Archive

Re: [ogpx] A Review of Multi-Domain Use Cases [Was: Re: OpenID and OGP : beginning the discussion ...]

Morgaine <morgaine.dinova@googlemail.com> Tue, 30 June 2009 07:03 UTC

Return-Path: <morgaine.dinova@googlemail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 992763A6E17 for <ogpx@core3.amsl.com>; Tue, 30 Jun 2009 00:03:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmQTXEREpItU for <ogpx@core3.amsl.com>; Tue, 30 Jun 2009 00:03:10 -0700 (PDT)
Received: from mail-ew0-f210.google.com (mail-ew0-f210.google.com [209.85.219.210]) by core3.amsl.com (Postfix) with ESMTP id F1CF728C144 for <ogpx@ietf.org>; Tue, 30 Jun 2009 00:03:09 -0700 (PDT)
Received: by ewy6 with SMTP id 6so6352260ewy.37 for <ogpx@ietf.org>; Tue, 30 Jun 2009 00:03:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=txxOxppDqA6O9W7fzJ7+q8SGucWQvfDDpKlG/YAnCW8=; b=dfQdhVo7DFxaJrDeQ0iD5gO1+uJZ4RdXc+A5XHhcTzfd1RMDw2S/w50AMRtEtaIfEW Nkov83EBiqEYwS7HnLnDolhPMUn+pI3tlcpM0q7jwdqWDbs5G6bxKeJDTkpKrJXB1B7Y etxDXwZp2E8GgtV0WgM+d+m0x62/UoBNAxesw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=bmD8YqudV1onFIrLKNQB4BsA6zUpv83fOSWtQZbawJUbYrr4747d9hXh8F3dxVf5ZQ rH1VumUV6KpbqXkkKQXZX4f5lvfkgfMfur1p9MD0gowXqFhPWoZEJIDjq5t2w6N/luLX gl9MwiQW8U6Y032unBFU/qZ8XEuaQJ7PkBxpE=
MIME-Version: 1.0
Received: by 10.216.52.76 with SMTP id d54mr2353524wec.119.1246345408672; Tue, 30 Jun 2009 00:03:28 -0700 (PDT)
In-Reply-To: <4A4926EE.5060509@lindenlab.com>
References: <3a880e2c0906280906i2cdcdaa3m3c1b1ef54e4e5fcb@mail.gmail.com> <b8ef0a220906290413u5a7358eao300c2ff8ee1ab709@mail.gmail.com> <20090629114512.GC1053@alinoe.com> <b8ef0a220906290751s5131c401h1d55ace39348c89e@mail.gmail.com> <20090629161121.GA17251@alinoe.com> <20090629161815.GB17251@alinoe.com> <591737.89462.qm@web82608.mail.mud.yahoo.com> <3a880e2c0906291219t1990272fkb276979ebc97d292@mail.gmail.com> <897153.73396.qm@web82601.mail.mud.yahoo.com> <4A4926EE.5060509@lindenlab.com>
Date: Tue, 30 Jun 2009 08:03:28 +0100
Message-ID: <e0b04bba0906300003y18207430k95f9b8e901dcff87@mail.gmail.com>
From: Morgaine <morgaine.dinova@googlemail.com>
To: Joshua Bell <josh@lindenlab.com>
Content-Type: multipart/alternative; boundary=0016e6d9675159f37b046d8b6728
Cc: ogpx@ietf.org
Subject: Re: [ogpx] A Review of Multi-Domain Use Cases [Was: Re: OpenID and OGP : beginning the discussion ...]
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2009 07:03:11 -0000

On Mon, Jun 29, 2009 at 9:41 PM, Joshua Bell <josh@lindenlab.com> wrote:

> Be aware that (firstname, lastname) as a unique identifier within a service
> is a quirk of Second Life, and not necessarily something that every OGP
> provider must use. One could imagine services that use single field account
> identifiers (like most email providers), or allow more flexibility in name
> choice to match real-world conventions.
>

+1

>
> It sounds like we're all agreeing, though - there will be some N-part
> unique identifier (which may be easily human readable, but may not) issued
> by an authoritative domain to a user, and given that the domain almost
> certainly has a globally unique identifier of its own (i.e. DNS name) there
> is a composition of the two that can give a globally unique identifier for
> the agent.
>

+1

>
> We should also be explicit that these identifiers are not necessarily also
> used as authentication credentials. Some service providers may want
> two-factor authentication (e.g. hardware key fob) or private login
> credentials distinct from any public identifiers for additional security.
> The 3-tuple login credentials (firstname, lastname, password) which Second
> Life uses today should not be viewed as the only allowable mechanism.
>

+1

Joshua, you've provided a very concise and precise summary of the overall
requirement --- I agree with this entirely.  Condensing it even further, we
need 3 things, and they are quite independent of each other:


   1. Arbitrary in-world name tags, which have only one intent: to provide a
   customer-satisfying visual name.
   2. Globally unique identifiers, either UUID or formed by composition of
   N-part local name @ issuing authority.
   3. Entirely separate authentication credentials, in other words,
   unrelated to 1) or 2).


Keeping these 3 things entirely disjoint would serve us well in many ways,
particularly in the key areas of scalability, flexibility, uniqueness, and
user-friendliness / appropriateness.


Morgaine.

v2.8.7 | Report a Bug | By Email