User:Infinity Linden/OGP Trust Phase 0
Important Note
- This page describes the near term "trust objectives". In this context, "Near Term" means issues relating to features that already existed in Second Life in September 2008, and how they will be implemented to support non-Linden Agent and Region domains. Discussions regarding the future of Trust in OGP (including, but not limited to: Rights Expression Languages, revised permissions for in-world objects, distributed third-party authentication, integrating OpenID or SAML, etc.) should be directed towards the OGP Trust Model page.
Introduction
The diagram to the right shows how different protocol actors in OGP establish trust.
note: this diagram needs a bit of an update. it does a poor job describing how capabilities are trusted and it doesn't describe how client applications trust the region domain servers.
How We Authenticate Protocol Actors
Authenticating Client Applications to Agent Domain Servers
Authenticating Client Applications to Region Domain Servers
Authenticating Agent Domain Servers to Region Domain Servers
Authenticating Region Domain Servers to the Agent Domain
Specific Issues With Linden Lab Software
Linden Lab Self Signed Certificate For Agent and Region Domain Authentication
Specific Issues With OpenSim Software
Self Signed Certificates for Agent and Region Domain Authentication
Proposed Registration Authority for OpenSim Operators
Specific Issues With PyOGP Software
Note: Tao... Sai... I know we discussed this a bit... but i'm blanking on what we said... so feel free to add stuff here, otherwise i'm going to add my best guess regarding how we want to handle it