High Fidelity Authentication

High Fidelity, Philip Rosedale’s new virtual world project, released more details on how they plan to do things. This is information about their authentication process.

High Fidelity Authentication

High Fidelity Authentication

For the general users the diagram probably doesn’t say much. I’ll describe what I think the basic idea is using Second Life. This is just a ‘sort-of-how’ to get you and idea of what they are talking about.

In SL we login. That is done on the SL “LOGIN SERVERS.” They verify that I am me. Then provide my viewer a token so it can show me in world as my avatar or as the Lindens call my avatar an agent. The agent is known in the system by its UUID.

The login process is all about verifying I have the right to use the UUID associated with my avatar and SL account. UUID’s are used because for practical purposes there is an infinite supply of them and it is easy to generate new ones without fear of duplication.

There is more to it, but simply said the login server gives my viewer my account’s UUID and I am in world.

If I am understanding HiFi’s idea something similar will happen, but with added features. A region owner could be satisfied with using my UUID in our dealing. All financial transactions will go through HiFi’s payment servers. The region owner would not know me but funds can change hands and merchandise placed in my inventory, very much how SL works.

But, in HiFi depending on what I permit and the region owner wants, more identification could be exchanged. If the region owner required full RL identification and I permit it, the server would provide it. If I am not willing to provide the level of ID required by the region owner, they could prevent my entering their regions. Both sides would have more control.

I am sure Philip is well aware of the griefer problems we have in Second Life. This would be a step in reducing those. Plus if the idea works for HiFi then it would likely be adopted in other Internet uses. The idea is one would have to provide RL ID to the HiFi servers with financial data. But, could remain anonymous in the virtual worlds.

Philip is thinking removing name tags in world would be a good idea too. See his post on in-world identity.

3 thoughts on “High Fidelity Authentication

  1. I just came across your blog today, and have been reading several of your posts this afternoon.

    I am really looking forward to seeing what exactly comes about via High Fidelity.
    Thanks so much for the info. and link to the YouTube video of Phillip talking all about it.

  2. You aren’t really correct about this. Hopefully I can shed some light here…

    The whole concept of hi-fi is that it’s servers are decentralized (as opposed to second life, which utilizes a centralized authentication system). It’s a little bit like open-sim, where everyone can run their own servers if they wish, and connect them together with hypergrid. Where that analogy diverges is that hi-fi does want to run a centralized authentication system, but that it will be completely optional depending on what you are DOING in the world, or what servers I choose to go to.

    What this means in practical terms is that you could run a hi-fi world yourself where everyone is completely anonymous, for example (such as an anonymous ‘chat-room’ style world). Or, you could run a commercial retail mall world where everyone has to be completely authenticated down to their real name and financial info. It would be up to the user whether they want to authenticate with your world – but you can also choose not to let anyone into your world without first authenticating in the way you desire.

    Basically, it’s exactly like the regular internet. If you go to a webpage like a blog, the blog shouldn’t really need to know anything about you unless you decide to comment ( little-to-no authentication). The moment you decide to comment, you might require a little bit of authentication (such as an email address or whatever the hi-fi equivalent will be). If you were selling things though on your web page, you would probably require the user to give you their creditcard or other payment info, as well as other real info that would allow you to identify them (name, address, etc.). Those are the ‘tiers’ of authentication.

    You can see something similar with ‘permissions’ for smart phone apps. Different apps require different levels of permissions depending on what they are doing with your phone. If it’s just a chat app, it shouldn’t have permissions to view your web history or access your camera or things like that – it should have minimal permissions according to what it is doing. Only, as the owner of a hi-fi server, you can decide what permissions you want to require of your users, and it’s up to them whether to allow you to have those permissions, or whether they should turn around and go home.

    • Actually, re-reading your post again, I think I missed some of the stuff you said at the bottom. It looks like you actually have a good grasp of the system – my bad!

Leave a Reply

Your email address will not be published.