User:Infinity Linden/OGP Trust Phase 0

From Second Life Wiki
Jump to navigation Jump to search

Important Note

  • This page describes the near term "trust objectives". In this context, "Near Term" means issues relating to features that already existed in Second Life in September 2008, and how they will be implemented to support non-Linden Agent and Region domains. Discussions regarding the future of Trust in OGP (including, but not limited to: Rights Expression Languages, revised permissions for in-world objects, distributed third-party authentication, integrating OpenID or SAML, etc.) should be directed towards the OGP Trust Model page.

Introduction

todo: add introduction here. best done after the content is produced.

How We Authenticate Protocol Actors

simplified trust model

The diagram to the right shows how different protocol actors in OGP establish trust. The diagram shows the three major classes of protocol actors: client applications, agent domains and region domains. The objective of this section is to describe how actors establish trust in remote protocol participants. The concept of "trust" is intimately related to the authentication technology used by client and server software, but can be seen to be more than simple authentication. As we'll see in the section describing the proposed registration authority, authentication "reflects" trust, it does not create it.

note: this diagram needs a bit of an update. it does a poor job describing how capabilities are trusted and it doesn't describe how client applications trust the region domain servers.

Authenticating Client Applications to Agent Domain Servers

Authenticating Client Applications to Region Domain Servers

Authenticating Agent Domain Servers to Region Domain Servers

Authenticating Region Domain Servers to the Agent Domain

Specific Issues With Linden Lab Software

Linden Lab Self Signed Certificate For Agent and Region Domain Authentication

Specific Issues With OpenSim Software

Self Signed Certificates for Agent and Region Domain Authentication

Proposed Registration Authority for OpenSim Operators

Specific Issues With PyOGP Software

Note: Tao... Sai... I know we discussed this a bit... but i'm blanking on what we said... so feel free to add stuff here, otherwise i'm going to add my best guess regarding how we want to handle it

Discussions