AW Groupies login feedback meeting

The main topic of this meeting was to provide feedback to the Second_Life_Login_API_Strawman protocol.

Chat Log

[9:30] Saijanai Kuhn: I love it. AFter all that drama in SLDEV about how LL isn't stransparent with their proposed login, not a SINGLE person who clmplained has bothered to show
[9:30] Periapse Linden: hi, Zha, I'm here already
[9:31] Zha Ewry: LOL
[9:31] Zha Ewry: oops
[9:31] Burhop Piccard: So how stable is Open Sim?
[9:31] Zha Ewry: Hey Periapse
[9:31] Ina Centaur coughs
[9:31] Ina Centaur: as stable as melting cheese in jamaica
[9:31] Lazarus Longstaff: Howdy
[9:31] Zha Ewry: Depends on what you are doing, with OpenSim
[9:31] Lazarus Longstaff: OpenSim is fairly stable
[9:31] Burhop Piccard: I mean, as the SL viewer updates, does Open Sim break a lot?
[9:31] Zha Ewry: I have some sims, which are cherry picked
[9:32] Periapse Linden: I'm afraid I haven't seen Tess this morning
[9:32] Zha Ewry: which are very stable
[9:32] Zha Ewry: and.. no
[9:32] Saijanai Kuhn: zomg Zero is here
[9:32] Zha Ewry: The openSim code tends to hang in fine with changes
[9:32] Ina Centaur: has anyone tried building in opensim?
[9:32] Opensource Obscure: Katharine Berry says his AjaxLife is crashing OpenSim sims
[9:32] Opensource Obscure: *her
[9:32] Lazarus Longstaff: I've built extensively in opensim
[9:33] Burhop Piccard: Just trying to get a feel for who to roll stuff out to, what expectations to set, yada yada....
[9:33] Ina Centaur: define extensively
[9:33] Lazarus Longstaff: I'm one of osgrid's operators
[9:33] Zha Ewry: Well, you need to watch the trunk, and freeze the stable ones
[9:33] Periapse Linden: hey, zero, is tess in the office yet?
[9:33] Zha Ewry: We have a OpenSim, with
[9:33] Zha Ewry counts
[9:33] Zha Ewry: 7,000 prims in it
[9:33] Lazarus Longstaff: extensively: full sim buddhist temple
[9:33] Zha Ewry: and a lot of scripts running
[9:33] Teravus Ousley: :D
[9:33] Lazarus Longstaff: around 7k prims yeah
[9:33] Zha Ewry: and it's pretty solid
[9:33] Ina Centaur: wow...
[9:33] Zha Ewry: This weeks trunk, not so much
[9:33] Ina Centaur: which version are you running?
[9:34] Burhop Piccard: Hi Zero.
[9:34] Zha Ewry: OK
[9:34] Lazarus Longstaff: an svn thats a few days old at best
[9:34] Zha Ewry: I think, except for Tess, whe have a quorum
[9:34] Burhop Piccard: Zero, Try twitter again. There are lost more of us out there :-)
[9:34] Zha Ewry: SO everyone... This is largely Periapse's meeting today
[9:34] Tao Takashi: Hi Periapse, Zero :-)
[9:34] Zha Ewry: He asked to present the proposed login scheme that they have been working on for feedback and discussion
[9:35] Zha Ewry: First.. Let me quickly say, how great it is that Linden's this deeply engaged here, it's the right model for all of us
[9:35] Zha Ewry: and then..
[9:35] Zha Ewry: Let s get to work...
[9:35] Tao Takashi already has worked the whole day ;-)
[9:35] Periapse Linden: This is the page we want to talk about: https://wiki.secondlife.com/wiki/Second_Life_Login_API_Strawman
[9:36] Zha Ewry pulls out her hard copy
[9:36] Burhop Piccard: "virtual hard copy"?
[9:37] Periapse Linden: I'm afraid that Tess isn't here yet, and she was the one who had the specific questions we wanted feedback on.
[9:37] Periapse Linden: So I'll just start with some general observations
[9:37] Tao Takashi: don't be afraid that you won't get feedback at all though ;-)
[9:37] Periapse Linden: Right! We started with: https://wiki.secondlife.com/wiki/AWG_flows_login
[9:38] Zha Ewry: Sure. Go ahead, and we'll try and hold the deep stuff for Tess ;-)
[9:38] Periapse Linden: and expanded, or "evolved" that into the current
[9:38] Periapse Linden: What we're looking for is feedback on:
[9:38] Periapse Linden: Are there any obvious problems with the approach we're taking?
[9:39] Periapse Linden: Are there login elements we have missed?
[9:39] Periapse Linden: Does this seem versatile enough for use by the greater metaverse of future agent and region domains
[9:40] Zha Ewry smiles "In particular, with that, one, can we see using it for very different client styles?"
[9:40] Periapse Linden: The basic technology is the Capabilities system for web services that we've already been using.
[9:40] Teravus Ousley: well, is there any chance that there could be a space for additional optional information. For example.. a way to tell the client that the simulator handles things differently
[9:41] Periapse Linden: Our other concern was to make this mesh with the existing login. So that we can do *minimal* changes for a first iteration.
[9:41] Teravus Ousley: .. I'm not sure if that's specifically /agent domain/ it might be /simulator domain/
[9:41] Periapse Linden: Teasing out all the agent related capabilities from the simulator and moving to the agent domain is a huge taske
[9:41] Periapse Linden: task. not to all be tackled at once
[9:41] Teravus Ousley: .. one example.. the simulator allows prim larger then 10m
[9:42] Tao Takashi is still no fan of caps but there is no way around it now anyway ;-)
[9:42] Periapse Linden: So we leverage the legacy simulator seed capability.
[9:42] Teravus Ousley: .. on one grid, the max prim size is 100m, vs another grid, it's 10m
[9:42] Zha Ewry: Teravus.. I think that comes in the form of a caps the client can queet about the sim
[9:42] Zha Ewry: We would want to assume it changes with every poissible regoin you visit, alas
[9:43] Zha Ewry: The login is to agent domain, which, doesn't actually have a region in hernetly associated with it
[9:43] Zero Linden: But, that question brings up another point
[9:43] Teravus Ousley: true, however we also specify grid settings during this login
[9:44] Zero Linden: Well no, actually, we shouldn't - since this log in is authenticating the viewer to the agent domain
[9:44] Zha Ewry: That's probably the biggest conceptual change
[9:44] JayR Cela: ok so you know what the capabilities of that domain are beforehand ???
[9:44] Zero Linden: at that level, it says nothing about the cpaabilities the viewer should expect/desire/assume about any region the agent may choose to go
[9:44] Zha Ewry: That we log into the agent domain, not a region
[9:44] Zha Ewry: No, ou don't.
[9:44] Zha Ewry: You should assume you know
[9:44] Zha Ewry: exactly one thing
[9:44] Zha Ewry: how to get the first seed cap
[9:44] Zha Ewry: so you can enumerate your way in
[9:45] JayR Cela: Zero that is my point / there should be a way to determine the new domains capabilities / or lack thereof
[9:45] Saijanai Kuhn: Which calls it a tree of caps. The question is, how deep should thetree go
[9:45] Zha Ewry: In practice, we'll have a lot more somewhat back in
[9:45] Zero Linden: well, after you authenticate, (prove to the agent domain you are who you claim), then you get back a seed cap for the agent domain
[9:45] Teravus Ousley: ok, so in the future, we'll see a greater separation of the Grid Settings, and logging into the agent domain.
[9:46] Zero Linden: from there you can ask for a cap to the abilities API (if we create one...)
[9:46] Teravus Ousley: :D
[9:46] Tao Takashi: so do I see this right that this is basically the process we talked about earlier but a bit more documented (with all the options etc.) ?
[9:46] Periapse Linden: Yes, Tao.
[9:46] JayR Cela: Zero I beleave we will have no choice but to create one
[9:46] Zero Linden: But - in HTTP, normally one relies on the HTTP header UserAgent to deal with client inconsistencies and deployed, er, mistakes
[9:47] Tao Takashi: ok, might update my auth server then to have these options, too
[9:47] Tao Takashi: might be nice to have openid login ;-)
[9:47] Zero Linden: should we keep using that, or should we include a user_agent field in the authentication arguments
[9:47] Zero Linden: Tao - if you notice in the protocol, we left the method of authenticating open
[9:47] Saijanai Kuhn: I think you're right, JayR. Different grids/sims will have different makeups
[9:47] Zero Linden: you pass a credential and a credential method
[9:47] Tao Takashi: yes, I see that
[9:48] Tao Takashi: so it could also be YADIS then and some handshaking afterwards
[9:48] Zero Linden: it is between a user and an agent domain to (and the user's viewer) to decided what credential systems to support
[9:48] JayR Cela: I think a user_agent field in the authentication arguments may be the better approach
[9:48] Tao Takashi: the only thing I cannot implement right now is probably the legalcy login caps
[9:48] Zero Linden: though obviously we need to do name space allocation on the credential methods - and we shouloddefine some standard ones (not that an agent domain has to do do those)
[9:48] Tao Takashi: then again, maybe I can do the login in my agent domain via xmlrpc and pass this over?
[9:49] Teravus Ousley: agreed, otherwise we'll end up with OpenID which is different from open-id, which is different from..
[9:50] Teravus Ousley: :D
[9:50] Tao Takashi: well, such things might already be defined as they are also used in YADIS
[9:50] Tao Takashi: they have an XRDS document listing the possible auth methods which a client can use
[9:50] Tao Takashi: afaik
[9:51] Tao Takashi: http://en.wikipedia.org/wiki/Yadis
[9:51] Zha Ewry: So.. Everyone seems comfortable, that it's really log on and authenticat just to the Agent Domain, Yes?
[9:51] Tao Takashi: how does the legacy login then really look like?
[9:51] JayR Cela: Yeah I thing the main thing we need to iron out here is the correct login
[9:52] JayR Cela: proc
[9:52] JayR Cela: and getting all 3rd parties to agree upon it as a standard
[9:52] Saijanai Kuhn: well at the lowest level, its just getting the initial cap. a lot of voodo can happen optionally after that
[9:52] Tao Takashi: is it something I can actually implement? or is this only possible on LL's side?
[9:52] Zha Ewry: Right, Saij, in fact
[9:52] Zha Ewry: Its important that alot of voodoo can happen
[9:52] Zha Ewry: Ohh. Here' Tess
[9:53] Teravus Ousley: that is a question that I had also, presumably we're using LLSD as the underlying way of communicating here... so would that be LLSD --> legacy login ---> XmlRPC response?
[9:53] Periapse Linden: Hi, Tess
[9:53] Tess Linden: Hi guys, sorry I'm late, SF bus didnt come on time :(
[9:54] Tao Takashi: that might be implementable. I implement the caps endpoint, get the login data, pass it to XMLRPC and return the XMLRPC stuff anf then it goes the "normal" way
[9:54] Zha Ewry: 'sokay Tess. We're just warming up
[9:55] Zha Ewry: So..
[9:55] Tess Linden: Teravus: it would be LLSD -> legacy login protocol, but HTTPs -> LLSD response
[9:55] Zha Ewry: I am curious Zero.. you say any authentication
[9:55] Zha Ewry: Do you really mean that.. or.. do we mean a small set.. or a secondary one.. or..
[9:55] Teravus Ousley: ah, so no XMLRPC Response.
[9:55] Zha Ewry: Because, if we mean any, there's an odd pre-discovery oprocess needed
[9:56] Saijanai Kuhn: Tao, normal POST, response, much more predictable i think
[9:57] Tao Takashi: well, to the client I of course return the result of the XMLRPC
[9:57] Tao Takashi: but internally I do that xmlrpc call which the client would do normally
[9:57] Tao Takashi: if it's still available
[9:58] Tao Takashi: but then I wonder if this is useful at all
[9:58] Rex Cronon: hello everybody
[9:58] Tao Takashi: as I wouldn't be able to do more advanced stuff like inventory management as I doubt that LL wants to gibe me access ;-)
[9:58] Tao Takashi: give
[9:58] Saijanai Kuhn: hopefully it won't be, soon. XMLRPC is unpredictable. The post/response is identical, but it uses llsd formatted xml instead.
[9:58] Teravus Ousley: Does the current client support LLSD logins?
[9:58] Rex Cronon: it took like 10 minutes to log in
[9:59] Tao Takashi: for me it's also quite laggy here in typing..
[9:59] Tao Takashi: not sure it's SL or my cmpt
[9:59] Burhop Piccard: (lol - Rex's commment amusing giving the discussion)
[9:59] Zero Linden appologies for being AFK - and will be for a bit more...
[10:00] Opensource Obscure: (also, i saw some people crashing in the last minutes)
[10:00] Tess Linden: Tevarus: no the current client does not, but Icehouse has a branch somewhere that we need to revive with all the client changes
[10:00] Dale Innis is about to run off to RL mtg, not crashing. :)
[10:00] Rex Cronon: i guess i dropped in at the right time:)
[10:00] Tess Linden: Tevarus: we plan to revive that branch and then publish it in the OS repository for debugging/testing
[10:01] Teravus Ousley: ok, I know the login.cgi, supports LLSDLogin because LibSecondLife has been using it exclusively for a while now.
[10:02] Zha Ewry: Zero, Tess? Is the plan to be fully self discoverable?
[10:02] Zha Ewry: ie, will there be a given path whcih would always allow one to enumerate the capabiltiy triee from outside, to fully logged in?
[10:03] Tess Linden: Zha: what did you mean by the "odd pre-discovery process needed"
[10:03] Zha Ewry: Ah
[10:03] Tess Linden: oh
[10:03] Zha Ewry: If you allow lots of authentication methods
[10:03] Zha Ewry: How do you discover which one to use?
[10:04] Tess Linden: there would have to be a user interface provided for that
[10:04] Zha Ewry: (so. you could, pre-discover, as it were, by doing a get, from a well defind URL, or such)
[10:04] Tess Linden: either from the client, or on the website
[10:04] Lazarus Longstaff: Tess: a user interface or an API?
[10:04] Zha Ewry: API
[10:04] Tess Linden: right, an API
[10:04] Zha Ewry: The point being to allow clients to discover it, I hope
[10:04] Zha Ewry: REST, of course
[10:04] Zha Ewry: http get ;-)
[10:05] Zha Ewry: Define responde
[10:05] Zha Ewry: *response
[10:05] JayR Cela: Is it possible to run a loop that would do a test on each possible one ?
[10:05] Saijanai Kuhn: Tess, we're assuming (in AW Groupies) that dozens of different clients will be used, not just the LL Opensource one
[10:05] JayR Cela: then when it finds the correct proc. the loop stops running an d initiates
[10:05] Tess Linden: in the authentication API, if you do not indicate a separate first name last name form the credentials that you indicate, and there are multiple ones, it will give you back a list
[10:05] Zha Ewry: I'm hoping, we could imagine, goign from a naked URL, for the agent domain, to fully logged in, with every step, except the first, get, and it's format
[10:05] Zha Ewry: being discovering
[10:05] Saijanai Kuhn: so any ole interface might be available
[10:06] Zha Ewry: The web, really, prefers, you to do a get, JayR, and be told
[10:06] Zha Ewry: not try and guess
[10:06] Tao Takashi: for authentication discovery you should probably use YADIS
[10:06] Zha Ewry: Because, every time someone cooks up a new scheme
[10:06] Tao Takashi: http://en.wikipedia.org/wiki/Yadis
[10:06] Zha Ewry: You're going to miss it until you leanr about it
[10:06] Zha Ewry: http, with a good 50X reply
[10:06] JayR Cela: Zha : that makes sense
[10:06] Zha Ewry: lets the client at least say
[10:07] Tao Takashi: it's basically an XML document which lists all the possible auth methods
[10:07] Tao Takashi: then you can choose
[10:07] Zha Ewry: Hey, I can't log on here, it only found "Tao's really odd scheme" and I don't understand it, and here's the 50X data
[10:07] Zha Ewry grins
[10:07] JayR Cela: ok Tao / but how do you expect the average user to know which one to choose ?
[10:07] Zha Ewry: Oh, wait, That's Tao's really cool scheme ;-)
[10:07] Tao Takashi: well, actually you can check yourself before the 50x if you support that method
[10:07] Zha Ewry: I would hope the client will mostof the time
[10:08] Zha Ewry: Tru Toa
[10:08] Zha Ewry: even better
[10:08] Zha Ewry: But. you want the full range
[10:08] Tao Takashi: so if it's of type openid you can directly use that
[10:08] Zha Ewry: Be responsible http players
[10:08] Zha Ewry: so if someone asks wrong, you still give a good reply
[10:08] Tao Takashi: of course the openid part might be badly implemented and you geta 50x then ;-)
[10:08] Tao Takashi: or you don't find the XRDS doc
[10:08] Tao Takashi: then you get a 404 though ;-)
[10:08] Teravus Ousley: well, presumably we also limit the methods we support so as to reduce the amount of code to maintain.
[10:08] Sophie Zhu: you could have one default and free selection could be turned on from the preferences perhaps?
[10:08] Tao Takashi: there will probably be some standard methods
[10:08] Zha Ewry: For any one grid, Teravus, sure
[10:09] Tao Takashi: like openid
[10:09] Zha Ewry: In the whole, you probably need to assume that *someone* is goign to insiste on wonky scheme 678B.
[10:09] Tess Linden: interesting
[10:09] Zha Ewry: and build clients which requires a fingernail clipping, and have support for DNA anlysis.
[10:09] Tao Takashi: well, in which preferences.. the URL with the list of auth methods might not be stored at Linden Lab
[10:09] Tao Takashi: it can be myopenid.org
[10:10] Zha Ewry: Tess, is there any thoght given to passing back the various Http:// services, such as search, through caps in the new approach?
[10:10] Tao Takashi: and it might depend on the agent domain then iof it can make use of one of the listed methods
[10:10] Zha Ewry: right now, its really impossible to plug in a local search, since the client, simply bakes in lindenlabs.com. ...
[10:11] Saijanai Kuhn: The only entry in the discussion page for the strawman login brings thatup.
[10:11] Tess Linden: zha: yes, we've been talking about caps for a long time, most of which are only available through the simulator right now, but will begin to move to the agent domain as appropriate
[10:11] Zha Ewry nods
[10:11] Tess Linden: search is one of those that has a lot to do with the region domain, but have pieces that sit with the agent domain like profile
[10:12] Zha Ewry: Good, since, in general, both Linden and other grids will want to be able play with those, over time, I expect. There's no good reason to bake it
[10:13] Zero Linden back and reading the back log
[10:13] Lazarus Longstaff: wb Zero
[10:13] Zha Ewry: wb Zero
[10:13] Tao Takashi: wb Zero
[10:14] Zero Linden notes that Yadis is one the wrong side: it says how identities can be validated, not how relying parties accepts validations
[10:15] Elixer Aero: It suddenly gets very quiet...
[10:16] Periapse Linden is reading about YADIS
[10:16] Lazarus Longstaff: I think we are waiting for Zero to catch up :)
[10:16] Zero Linden: uhm - so search is something I think we can say we haven't come to grips with yet
[10:16] Zero Linden: search is both agent domain and region domain and super-grid .... so, for now, I don't know how to best handle it
[10:17] Zha Ewry nods
[10:17] Periapse Linden: Search spans both domains. Agent domain should offer people search. Region domains places and events.
[10:17] Rex Cronon: search? like for avatars, objects, places, groups, sales, land for sale?
[10:17] Zha Ewry: I think, Zero, we need to assume we have multiple URLswhich need to be findable
[10:17] Saijanai Kuhn: the question aries: will LL commit to being the search provider for the super-grid
[10:17] Zha Ewry: Which.. is going to eventually be true, for most of the utitlies
[10:18] Zero Linden: Zha - perhaps - bur for now I don't know if this comes from your agent domain, the current region domain.... personal preference (like having google in your title bar)
[10:18] Teravus Ousley: hmm, in that line of thinking, the regiondomain also includes the gridinformation.
[10:18] Zha Ewry nods
[10:18] Zha Ewry: Well, Zero, the default search
[10:18] Lazarus Longstaff: Saijanai: precisely. Per'aps we should think in terms of search as being a third tier, if not a third party
[10:18] Zha Ewry: presumably comes from your agent domain
[10:19] Zha Ewry: What I think we need to start keeping in mind, as we refine this
[10:19] Zha Ewry: is that all sorts of singletons become sets, over time
[10:19] Zero Linden: I don't know that Zha, my preferred search comes from neither of my current sources of electronic identity: my e-mail address nor my cell phone number
[10:19] Zha Ewry nods
[10:19] Zero Linden: but we are far afield
[10:19] Zero Linden: back to the issue of login
[10:20] Zha Ewry: At login time, I'm just happy, if we can detch the agent domain's default notions of such
[10:20] Zha Ewry: *fetch
[10:20] Tess Linden: yes, zero, it seems like theres some questions about the authentication protocol
[10:21] Tess Linden: I havent heard about Yadis before, but perhaps Zha can talk about what's missing with the authentication protocol ?
[10:22] Tao Takashi: YADIS is AFAIK also part of the OpenID 2.0 standard
[10:23] Zha Ewry: Missing
[10:23] Zha Ewry: Hmm.
[10:23] Zha Ewry: Ahm
[10:23] Zero Linden: YADIS is a way that, given a URL which is itself an identity, you can find out what identity protocols that identity supports, and where to go for "further instructions"
[10:23] Zha Ewry: mostly being able to discover all the way from the outside in
[10:24] Saijanai Kuhn: seems to me you could reverse that process using the same idea
[10:24] Tess Linden: "A Yadis services document is a file that relying parties read in order to find your services. It's an XML file that contains an entry for each service, indicating that service's parameters. "
[10:24] JayR Cela: SAi I agree
[10:24] Zha Ewry: I want to be able to go to a agent domain, with a flexible agent
[10:24] Zero Linden: What I think Zha is after is a negotiable way for the viewer to find out from the agent domain what set of authorization methods it will accept so that a generic viewer can offer those it understands to the user
[10:24] Zha Ewry: and disocver which schemes are supported, pick a common one we share
[10:24] Zha Ewry: and then use it
[10:24] Zha Ewry smiels
[10:24] Zha Ewry: Zhactly Zero.
[10:25] Zero Linden: Let's look out this step by step
[10:25] Tao Takashi: so couldn't this also be done with XRDS?
[10:25] Tao Takashi: well, actually it might be just the listing of types
[10:26] Zero Linden: Tao - my reading of XRDS doesn't see how that is possible
[10:27] Zero Linden: but, let's explore this use case: I'm a user, I have an account at an agent domain, say CoolAgents.com
[10:27] Adasyd Nino: What's going on here?
[10:27] Zha Ewry: I'm happy, if we start with a http get, and end up with an enumeration of types
[10:27] Zero Linden: so what do I do.... I launch my viewer
[10:27] Tao Takashi: I actually don't know enough about XRDS ;-)
[10:27] Zero Linden: at first, if I've never used this viewer on this machine before, it will have no information about me
[10:27] Tao Takashi: but I founda link that suits me titled "The Tao of XDI: Making use of XRDS" ;-)
[10:27] Zero Linden: perhaps it has a pop-up list of common region domains, and a type-in-field for others
[10:28] Zero Linden: so say, CoolAgents is in the pop-up list, I pick it
[10:28] Zero Linden: since at start - that is the ONLY control I can see
[10:28] Zero Linden: now, the viewer contacts CoolAgents, gets a list of auth methods
[10:28] Zha Ewry: right
[10:28] Zero Linden: winnows the list down to the ones it understands
[10:28] Zha Ewry: (and we can even populate that from an HTTP get, if we want)
[10:29] Zero Linden: and then puts up some form of interface: perhaps a set of forms: one for account/password, one for OpenID, one for avatar name / password
[10:29] JayR Cela: that sounds workable
[10:29] Zero Linden: I fill one in, and press Go
[10:29] Tao Takashi: and my mother would wonder what all this means... ;-)
[10:29] Zero Linden: and then that is the method that is used
[10:29] Zero Linden: So, to a degree I agree with Tao
[10:30] JayR Cela: and not overly complex to implement
[10:30] Tao Takashi: so can't I just give my authentication URL or email (if there is a way to map that to an URL) and the rest is doscovered automatically?
[10:30] Zero Linden: My mother started by going to CoolAgents and filling out too many pages of forms to get an avatar identity and account set up
[10:30] Saijanai Kuhn: like anything else, the most comon option is put first and the rest are behind the "Advanced Login" button
[10:30] Zero Linden: at the end of that, CoolAgents gave her some credential
[10:30] Tao Takashi: and if there's no common method found then "Sorry, unsupported"
[10:30] Zero Linden: they probably gave her just one
[10:31] Zha Ewry nods at Zero
[10:31] Zero Linden: it was probably: Here is your account name (different than your avatar nam), and the password you chose
[10:32] Zero Linden: they they said: "When you launch the viewer, choose CoolAgents as your agent domain (she says "huh?, whatever!") and then type in your account and password when prompted"
[10:32] Tao Takashi: so what about: 1. Client asks for Account name
[10:32] Tao Takashi: 2. Client sends this to agent domain
[10:32] Zero Linden: (If you like, replace "account and password" with "openID URL" in both cases, but I bet most sites will think that our mothers can handle account & password easier than openID URL)
[10:33] Tao Takashi: 3. Agent domain asks that account name (an URL) for a YADIS doc
[10:33] Tao Takashi: 4. Agent domain filters out the method it understands and returns the ones to the client
[10:33] Tao Takashi: then client can choose
[10:33] Zero Linden: Tao - The Agent Domain would only do that if the credential you gave it was an OpenID that it didn't issue
[10:34] Tao Takashi: whats the difference between a openid you issue or another one issued?
[10:34] Tao Takashi: (or any other authmethod)
[10:34] Zero Linden: this would only happen if you, the user, went into your account with the agent domain, and said on thier web site, "I'd like to be able to authenticate with thei other ID, which I have from somewhere else"
[10:34] Talarus Luan: I think it should go without saying that you should have some way of reasonable defaultin for users who want more simplicity and less control, but with the option for more technical users to have more control at the cost of less simplicity.
[10:35] Cenji Neutra: (which was the point behind openid, for example - single signon)
[10:35] Tao Takashi: so you mean I cannot use my openid I use everywhere before I have been on their website?
[10:35] Zero Linden: Then, and only then, would the agent domain need to, at log in time, do the negotiating that YADIS supplies to authenticate you against that openid
[10:35] Zha Ewry: Right. I think the key notion, is that it needs to be both ximple in the simple case, but.. also flexible enough to do this
[10:35] Zha Ewry: We want, when someone decides to required an iris scan
[10:35] Zha Ewry: that we can handle that
[10:36] Zero Linden: I have a 10:30 --- I'll have to run now
[10:36] Zero Linden: see you all at office hours
[10:36] Tao Takashi: thanks for coming, Zero
[10:36] Rex Cronon: bye zero
[10:36] Tao Takashi: cya later! :)
[10:36] Saijanai Kuhn: later zero
[10:36] Nadine Neddings shakes her fist at RL
[10:36] JayR Cela: bye Zero
[10:36] Muslima Questi: bye Zero
[10:36] Talarus Luan: I would expect that CoolAgents.com inially attracts users via some kind of advertising, and would probaly use some kind of slurl-esque link to tell the viewer to assume some defaults for someone to sign up through them as their agent domain.
[10:36] Zha Ewry: Tess... I konw its going to evolve, but can you talk al ittle about how the scheme is likely to handle the pre-region connected state?
[10:36] Lazarus Longstaff: TC Zero
[10:37] Zha Ewry: ie. authenticated, but not yet attached to a region?
[10:37] Tao Takashi: I still don't get why it should be different regarding who the openid issued
[10:37] Tao Takashi: it can also ask it's own YADIS document which maybe only returns coolagent.com's openid service
[10:37] Tess Linden: zha: yes. there are several agent-specific services, one of which is agent presence
[10:37] Tao Takashi: and it should have a YADIS document so I can use that openid from another domain as well
[10:37] Periapse Linden: I think the plan is that in that "pre-region" state there would be nothing at first, but we could start migrating things like groups over to AD
[10:37] Tao Takashi: or maybe for my facebooklogin
[10:38] Tess Linden: agent presence is the first natural service that should be moved to the agent domain, which means, you are "online" even when disconnected from a region
[10:38] Cenji Neutra: Is LL planning to support, say openid, itself?
[10:38] Zha Ewry: Right "On, but no location"
[10:38] Tao Takashi: I certainly hope so :)
[10:38] Zha Ewry: Possible able to send and accept IMs
[10:39] Saijanai Kuhn: able to send/receive group IM, transfer inventory, money, etc
[10:39] Tao Takashi: but from all this talk about openid recently I also guess they will support it someday :)
[10:39] Tao Takashi has to go shopping quickly, brb
[10:39] Tess Linden: cenji: we plan to be an openID provider and yes, suport OpenID
[10:39] Tao Takashi: Tess: also a consumer?
[10:40] Cenji Neutra: excellent. I won't roll it out myself then :)
[10:40] Tess Linden: zha: sending and accepting IM's may come at a later time, but need to be moved ot the agent domain
[10:40] Tao Takashi: because somehow everybody only wants to be a provider which defeats the point to some extend ;-)
[10:40] Cenji Neutra: yeah - the one glaring omission of openif is that it doesn't let a provider just add something to an existing id issued elsewhere - like the avatar association for example
[10:40] Cenji Neutra: (*openid)
[10:40] Zha Ewry nods
[10:41] Zha Ewry: I'm not trying to pin you down to a timeline here
[10:41] Zha Ewry: Just the notional framework
[10:41] Zha Ewry: I assume, that, at the moemnt, since IM delivery is entnaged with the regions
[10:41] Zha Ewry: you can't do that, until you have a region
[10:41] Zha Ewry: But, I also assume we unbundle that
[10:41] Tess Linden: Tao: we only have immediate projects planned for being an OpenID provider, but definitely see the value of linking identities from other networks together
[10:41] Zha Ewry: as we grow out the agent domain
[10:42] Cenji Neutra: well, of course, our SL id is the only one that matters, lol
[10:42] Tess Linden: zha: correct. we have to do the work to move that service out
[10:42] Zha Ewry smiles Cool
[10:43] Lazarus Longstaff: I have to run take care of some things on osgrid, but before I go I want to applaud Linden Labs for the risks you are taking with this body of work, in the interest of doing something TRULY interesting for us all. Your community spirit is to be commended :D
[10:44] Lazarus Longstaff waves
[10:44] Rex Cronon: bye lazarus
[10:44] Tess Linden: there are also some cross-domain services like maps
[10:44] JayR Cela: yeah this was an interesting discussion
[10:45] Tess Linden: the agent and region domains have to work together to identify agents in those regions
[10:46] Tess Linden: I would like to merge the AWG_flows_login page with Second_Life_Login_API_Strawman
[10:46] Zha Ewry: That makes perfect sense, Tess
[10:46] JayR Cela: Tess : sounds like a good Idea to me the merge :_)
[10:47] Tess Linden: it seems that the AWG_flogs_login page is more high-level and doesnt have the specific protocols defined although the path is very similar to the other page
[10:47] JayR Cela: ,
[10:47] Talarus Luan: "flogs"... hehe
[10:48] Saijanai Kuhn: Those are all listed here: https://wiki.secondlife.com/wiki/AW_Groupies#Communications
[10:48] Tao Takashi: back
[10:48] Rex Cronon: wb
[10:48] Tao Takashi: thanks:)
[10:50] Tess Linden: can you explain the Public_asset hosts form teh AWG page?
[10:51] JayR Cela: take care everyone / I have another meeting to attend at 11:00 / bye~byeee
[10:51] Rex Cronon: bye jayr
[10:51] Saijanai Kuhn: Public_asset hosts?
[10:51] Teravus Ousley: I have one at 11 also.
[10:52] Rex Cronon: oh, there is also the havok4 meeting at 11
[10:52] Teravus Ousley: presumably though, a public asset host might be a service dedicated to hosting assets, also tied to your 'crediential'
[10:52] Marcus Vendetta: me too - thanks for the open discussion folks appreciate all your great work
[10:53] Rex Cronon: bye everybody. i am heading over to the havok4 office hours @: http://slurl.com/secondlife/Content%20to%20Hover/128/128/0
[10:54] Tess Linden: before we go, Id just like to point out a few things that havent been discussed yet
[10:54] Saijanai Kuhn: Tes, I'm not sure what you meant by explaining Public_asset hosts...
[10:54] Talarus Luan: Thank you, Zha, for allowing non-groupies access today. :)
[10:54] Tess Linden: 1. how does the agent domain discover which region the agent wants to be placed
[10:54] Tess Linden: and 2. how will the teleport API look like?
[10:55] Tess Linden: 3. What happens on Logout?
[10:55] Tess Linden: sai: just wanted to understand how to merge that section from teh AWG page with the other protocol page
[10:55] Saijanai Kuhn: people logout of SL?
[10:56] Periapse Linden: Sai, do they logout of just a region, and stay "online"? or what?
[10:56] Teravus Ousley: agreed.
[10:56] Zha Ewry: I think we want to be able to ldrop to a lightwirght, IM only stsate
[10:57] Tess Linden: It seems to me that the two pages are describing the same protocol, so Zha, if its ok with you, I'd like to replace the AWG_flows_login with the Second_Life_Login_API_Strawman page
[10:57] Saijanai Kuhn: which goes back to the idea of a tree of caps.
[10:57] Tess Linden: zha: maybe there could be 2 levels of logout, like leave the region, or sign off meaning leave the world
[10:58] Zha Ewry: Absolutely
[10:58] Zha Ewry: And..
[10:58] Talarus Luan: Lately, teleporting has been a logout/login affair for me, about every 3rd time. :-/
[10:58] Zha Ewry: possibly a sort of "region of void" as it were;-)
[10:58] Saijanai Kuhn: you move back up the tree (down the tree) to a less-capable level.
[10:58] Tess Linden: it seems that we are all in agreement with the protocol described, except for the authentication part which we will discuss in more detail later
[10:58] Zha Ewry: I think so
[10:59] Zha Ewry: It looks like it really lets us to a lot of flexible things
[10:59] Tess Linden: My next step is to work out a teleport API so that we can talk about what happens when you are already connected to one region domain and then teleport to a nother region domain
[10:59] Talarus Luan: Seems like the handoff works like a one-shot affair. Would be nice if it retried a few times, or at least got the "OK, send me the agent" from the destination region, before dumping the agent from the current region.
[10:59] Saijanai Kuhn: now, this cat log we MUST put onthe wiki.
[10:59] Tao Takashi: btw, in many games you also have a separate screen at which you arenot yet playing but are logged in and you can do some stuff
[11:00] Tao Takashi: so it wouldn't be too strange to have another button to get to a region
[11:00] Tao Takashi: same for logout
[11:00] Tess Linden: this quarter, Icehouse is committed to bringing up an agent host for Second Life so that we can get "log in to Second Life agent domain, but connect to a different region domain"
[11:00] Saijanai Kuhn: chat* log
[11:00] Talarus Luan: yeah, the "character selection" screen, most often
[11:00] Cenji Neutra: will that include the openid provider?
[11:00] Tao Takashi: I wonder how it might be possible in the future to also work on an agent domain outside Linden Lab and connect to e.g. an LL region (on some beta grid)
[11:01] Talarus Luan: Well, must be off. Thanks again. :)
[11:01] Tess Linden: cenji: the OpenID provider project is on Whump's goals for this quarter. Whump is one of our web developers here
[11:01] Zha Ewry: Toa, we're talking about that informally
[11:02] Cenji Neutra: great. thanks. Great to hear the agent domain goals too - help us keep our identity over the ever increasing new grids :)
[11:02] Tess Linden: tao: the protocols are defined, and if they work for a LL agent domain, it should work for other agent domains as well
[11:02] Tess Linden: okay, gotta run off to a meeting
[11:03] Cenji Neutra: thanks!
[11:03] Tess Linden: see you guys next week
[11:03] Tao Takashi: Tess: Yes,but you probably won't let my agent domain on your main grid ;-)
[11:03] Periapse Linden: Thanks, everyone!
[11:03] Tao Takashi: thanks for coming, Tess,Periapse! :-)
[11:03] Tao Takashi: great meeting!
[11:03] Tao Takashi: and great work!
[11:03] Tess Linden: :) bye!
[11:03] Saijanai Kuhn: thanks eeryone. Possbly our best meeting yet
[11:04] Zha Ewry: Thanks all.
[11:04] Zha Ewry: Saij, did you get a clean stranscript?
[11:05] Zha Ewry: or better still, a transript?
[11:05] Saijanai Kuhn: I think so. No crashes, etc
[11:05] Zha Ewry: Can you *please* post
[11:05] Zha Ewry makes puppy gdog eyes
[11:05] Saijanai Kuhn: OK. Never done so before wil be interesting
[11:05] Zha Ewry: look at tree's page
[11:05] Saijanai Kuhn: KK
[11:05] Zha Ewry: he and dr. sco have some formatting scripts
[11:06] Zha Ewry: And. Wow. I think this was a pretty seriously good session
[11:06] Saijanai Kuhn: Yep

AW Groupies/Chat Logs/AWGroupies-2008-02-19

AW Groupies login feedback meeting

Chat Log

Navigation menu

Search