Is there a way to confirm the identity of a user between private servers?
Let me explain this a bit… Say a user is running a script and they are on logged onto hifi server FOO, but this script communicates with RPC server BAR. BAR needs to confirm this user is actually who they claim to be, because server FOO cannot be trusted. Is there some sort of mechanism in place to verify identities through official hifi servers (i.e. global services, etc)?
If there is nothing like this then maybe there should be. it would be great to not have to require a password for every hifi script. Perhaps there could be a script function that returns a key from global services, which can be handed to the application’s host which is then sent to the hifi server for authentication of the user. This would also be a good way to secure assets (say you want to block a user from using your services, use encryption based on the session key, or restrict access to membership types of services or even restrict your server from anybody not using it from within hifi).
Of course there are probably ways for independent providers to implement something like this too…