IETF Logo Mail Archive

Re: [ogpx] Tourist use case

Morgaine <morgaine.dinova@googlemail.com> Sat, 31 October 2009 13:52 UTC

Return-Path: <morgaine.dinova@googlemail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01BE93A67F0 for <ogpx@core3.amsl.com>; Sat, 31 Oct 2009 06:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.443
X-Spam-Level:
X-Spam-Status: No, score=-0.443 tagged_above=-999 required=5 tests=[AWL=-0.881, BAYES_40=-0.185, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aa7EYR8mGl5P for <ogpx@core3.amsl.com>; Sat, 31 Oct 2009 06:52:54 -0700 (PDT)
Received: from mail-ew0-f218.google.com (mail-ew0-f218.google.com [209.85.219.218]) by core3.amsl.com (Postfix) with ESMTP id 3C1A63A6814 for <ogpx@ietf.org>; Sat, 31 Oct 2009 06:52:52 -0700 (PDT)
Received: by ewy18 with SMTP id 18so3416594ewy.43 for <ogpx@ietf.org>; Sat, 31 Oct 2009 06:53:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=D8IQeg4JABHSphpEqPAcTJFOz0lGpIgvnj4CyZC09L4=; b=QVK0P/P7k6WGQxZChgNyACtyEq1YfKrlje09zAZ0lCxwNPlWl/5gW6pgcHwwGlzBgO JIJtusJx319oBJ4k6AbstV889XndZLCXfkGhg4oxGCX4Vx1pyCHfjTFuJnQzYjJiVD9T tkJIPP6B13hyKlT0uP6l2GFenOjNdiEJLVKrg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=rbk5nZc3m1xXFFwlT11K40XXM3ovX0xW2g/1H5FEo+QTRlP0tQigdO7BXCUt6Etc/g QR9koleEwYX27C58nvfEOV96QO3IvTDeBdxPQhTPDxWU8UV02H/K+6nmF229/4ThYu3z QTe3OTFbGw+24LyMFA+YLc3Dk2j471F4ZSyQY=
MIME-Version: 1.0
Received: by 10.216.88.21 with SMTP id z21mr1654595wee.60.1256997187814; Sat, 31 Oct 2009 06:53:07 -0700 (PDT)
In-Reply-To: <f72742de0910301023i266832d3ta7c96cc13985e959@mail.gmail.com>
References: <9b8a8de40910160034j11dcb94fm401f29814aed60a8@mail.gmail.com> <3a880e2c0910160116g7a7e488fpe03b10d9b534aa35@mail.gmail.com> <9b8a8de40910160635j268ef9c9mae55781221c94d7e@mail.gmail.com> <20091029134353.GB2298@alinoe.com> <e0b04bba0910300029jd385ea7s1ab66a6d67b084d4@mail.gmail.com> <f72742de0910301023i266832d3ta7c96cc13985e959@mail.gmail.com>
Date: Sat, 31 Oct 2009 13:53:07 +0000
Message-ID: <e0b04bba0910310653u64f2e1bdw5f6adf52c05bdd4c@mail.gmail.com>
From: Morgaine <morgaine.dinova@googlemail.com>
To: ogpx@ietf.org
Content-Type: multipart/alternative; boundary=0016e6d9677edd0f2704773b76d9
Subject: Re: [ogpx] Tourist use case
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2009 13:52:57 -0000

Great post Joshua, leading to many key issues!

On Fri, Oct 30, 2009 at 5:23 PM, Joshua Bell <josh@lindenlab.com> wrote:

> On Fri, Oct 30, 2009 at 12:29 AM, Morgaine <morgaine.dinova@googlemail.com
> > wrote:
>
>>
>> This directly implies that asset services must be quite separate from
>> ADs.  Although we haven't spelled it out, clients must have access to an
>> arbitrary list of asset services, because as agents travel around the
>> VWRAP-compatible metaverse, the regions they visit will contain objects from
>> an arbitrary number of asset service providers.
>>
>> *Without access to these asset services, the visited regions would not be
>> visualizable at all.  And denying visualization is no business of the AD's.
>>  * This makes it clear that access to asset services should not be
>> mediated by the AD at all --- the AD's role should be limited to allowing or
>> denying entrance to a region.  Once inside a region, it is the region that
>> offers capabilities for access to the asset services of assets within the
>> region.
>>
>
> After reading this a few times, I agree with the high level sentiment - but
> be careful regarding the terminology, as specific wording tripped me up the
> first few times through.
>


My writing style tends to be preoccupied with precision, and readability can
suffer, sorry. ;-)

I did however mean exactly what I wrote, and I chose the term
*mediate*deliberately for its breadth of coverage, because I wanted to
convey
strongly that the AD should have nothing whatsoever to do with allowing or
denying access to *specific* asset services relevant to a region, directly
or indirectly, in any manner at all other than by permitting entry in the
first place.

This may seem like major anathema from a centrally-controlled, single asset
service perspective.  However, it falls out naturally when you consider:

   - David's point about no AD policy control over remote services,
   - Carlo's point about users having control over their own inventory,
   - the quite widespread support for an agent/region split in policy
   controls,
   - John's support for strongly decoupled asset services as in Cable Beach,
   - my point about not breaking region visualization once in a region.


All of these points shout loudly that considering assets and inventory to be
part of the agent service is badly structured because it creates unnecessary
constraints.  It seem far more appropriate to consider asset services as
independent, so that whoever needs them can gain access to them if the
services permit it.  (This doesn't imply a free-for-all, to be clear, but
only that there should be no *a priori* barriers *by design*, such as would
occur if ADs were given exclusive power to grant caps for all asset
services.)

Instead, if an AD provides an inventory service (a policy choice), then this
is just one contributor to the client's inventory.  [*I'll cover this
explicitly further below.*]


In the SL protocol today, clients only ever communicate with a region. It's
> the region's responsibility to provide the data for what the agent sees.
> This occurs both for items that would be considered aspects of the region
> (chairs, buildings, trees, waterfalls) and "transient" items (other avatars
> with attachments). The region exposes a data source (today, the
> byte-efficient but fairly grotesque family of UDP packets) of the
> description of objects (prims, textures, sourds, animations, ...) which the
> client consumes.
>
> Behind the scenes, the region may be pulling those object definitions from
> an asset service, or they may be present in the region definition itself.
> The client is unaware of this - it's hidden behind the services the region
> exposes.
>


That's fine. :-)   Right from the earliest days of the AWG, it has many
times been said that the proxying performed by SL sims is merely a design
choice or implementation detail, and that other implementations of the same
protocols could choose to proxy fewer services, or none at all.

This is actually a very important issue for the protocol, because proxying
has a major impact on the scalability and availability of a sim, and also on
the scalability and availability of any services that it proxies, so
flexibility of choice is crucial.

If services are decoupled then such flexibility can be achieved with nothing
more than appropriate configuration of service endpoint locations to permit
the whole gamut of proxying choices to be expressed, including no proxying.
And REST was chosen among other reasons for its flexibility in allocation of
endpoints, so we already have the means to do this. :-)


> Now for the terminology bit: we can call the services the region is
> exposing "asset services" but these could be quite distinct from the sorts
> of things present in an agent's inventory. One phrase that's potentially
> confusing is "the regions they visit will contain objects from an arbitrary
> number of asset service providers" - while I agree with the high-level
> interpretation of that statement, I think it paints a picture that as you're
> exploring a region, the client is *necessarily* going off and making
> connections to a variety of asset servers to fetch the data.
>
> I don't think VWRAP should *preclude* that (I imagine it's only sensible
> for things like textures to be referenced by URLs which could be coming off
> of any old place), but my initial reading of your text was that the client
> would necessarily be fetching things from external asset services. For
> example, if I buy a chair on FooGrid and drop it on BarGrid, when you visit
> BarGrid you're having to ask FooGrid's asset service for the description.
> Again, I think that's *conceivable*, but shouldn't be *necessary*. (And I
> don't think you're claiming that - but my first read-through came away with
> that impression.)
>


I certainly agree on the principle of deployment choice!  :-)

We periodically tell each other that we're interested in defining only
mechanisms, not policies, but this is implied all the time, I hope.  The
principle is so clear and uncontested that it's widely seen as universal in
IETF protocol work, although the latter is my own personal reading of it.
For us here it means that nothing important is precluded, and that a given
provider may choose not to implement or configure a given feature or
facility, yet the mechanism that we provide should allow it.  In the current
case, it means that service proxying must be a deployment choice, neither
required nor precluded by the protocol.

Perhaps I should explain further the phrase that gave you trouble above.  I
was trying to indicate that once an agent is in a region, denying the user
the ability to visualize the world around her would be a very bad idea, as
it would break the intended perceptual mashup.  "Breaking the perceived
world" is such a poor idea on many fronts that nobody has proposed it as far
as I know, and if we have a legacy design that may be interpreted as
suggesting exactly this then it should raise immediate red flags with us.
(I'm not saying that it does.)

The original OGP idea was almost always described with the AD as sole
provider of seed caps, but the caps concept is of course not actually
limited in this regard, and I've been working towards a flexible
interpretation.  In my preferred interpretation stemming from our
discussions about tourism, it *includes* the semantic that *the AD can
provide cap access to other sources of seed caps*.  It is through this
mechanism that we would implement the variously described key concept
of "*separation
of agent and region policies*" or "*policies are local*" or "*no policy
export*", and it is this that would allow us to support the DDP principle
through which we achieve tourism in those VWRAP deployments where it is
desired.

I hope that this explains it better.  Such choices are not precluded nor
mandated -- the AD doesn't have to provide a cap to any given region or RD,
that's a policy decision.  But if it chooses to grant the cap for access to
a particular region then that region's policies now apply within the
region.  It is then up to the region to grant the seed caps that give access
to the assets that allow the region to be visualized, as one crucial
operation.

Here is is my design principle for a caps system that would meet multiple
requirements:


*Gaining access to resources via caps is akin to exploring a caps tree.
Each inner node (region) provides a seed cap that gives access to any number
of leaf nodes (asset services) and to any number of child nodes (other
regions).  What distinguishes the AD is that it's the root node of the tree.
*


Now I can fill in my earlier forward reference to how inventories should be
structured:  if the AD provides an inventory service (a policy choice), then
the items in the inventory offered by the AD are the items delivered by the
asset services linked at the leaf nodes of the AD's initial caps tree.  Not
only is this elegant and extensible through tree-structured design, but it
also supports an unlimited set of policies and deployments without
prescribing nor proscribing anything.


> And, of course, one can conceive of clients that implement a policy of not
> trusting FooGrid for anything and wouldn't make such a connection - FooGrid
> could be blacklisted by some large search company, my ISP, or perhaps my AD.
>


Definitely.  That's a policy choice, just don't grant the region cap!  :-)


>
> Indeed, but fortunately it hasn't been proposed that asset services be part
>> of the agent service in VWRAP.  The legacy SL model of assets and
>> inventories clearly doesn't apply in our extended scenarios, and the OGP
>> documents never covered asset services at all, so we're defining the asset
>> services and inventory model of VWRAP as we speak. :-)
>>
>
> Be careful about blurring the use of "asset services" between "stuff in
> regions" and "stuff I have". I think there is a big intersection - and may
> have the same characteristics and/or protocols, but I also think they are
> are distinct. I would guess that there will be asset services associated
> with both agents and regions - off the top of my head:
>
> Uses of an agent-associated "asset" service:
> * content to client app (inspect your inventory)
> * content from client app (upload/import to inventory)
> * content to region (rez something)
> * content from region (buy/take something)
> * content to agent (give something)
> * content from agent (receive something)
>
> Uses of an region-associated "asset" service:
> * content to client app (see the world)
> * content from client app (upload/import to region)
> * content to region (during teleport/region crossing)
> * content from region (during teleport/region crossing)
> * content to agent (buy/take something)
> * content from agent (rez something)
>
> I'm using "asset" in quotes since that term may be overloaded. "Content"
> might be a better term.



This is a great analysis, which we hadn't approached previously.  I think
your list could be used directly to drive our use case analysis to be sure
that we're covering all the bases.

Note that at this stage I'm considering all resources to be accessible
through caps, not only for symmetry and simplicity but because we haven't
defined any other access mechanism yet, so my reference to "assets" was
intended to apply to all "content" in the widest sense.  This broad use of
the word "asset" stems from our choice of phrase "asset service" --- if we
don't use the broad meaning then we're precluding storage of data such as
objects and terrain on asset services, which would be a bad idea as we'd
have to invent yet another type of storage service.

I think this hints at the problem caused by using SL-defined terms in our
wider setting.  Perhaps we should spend a week revising the terminology that
applies to VWRAP.  (We did this at the start of AWG to create an AWG
Glossary, and it was very illuminating.)


Morgaine.




=============================================

On Fri, Oct 30, 2009 at 5:23 PM, Joshua Bell <josh@lindenlab.com> wrote:

> On Fri, Oct 30, 2009 at 12:29 AM, Morgaine <morgaine.dinova@googlemail.com
> > wrote:
>
>>
>> This directly implies that asset services must be quite separate from
>> ADs.  Although we haven't spelled it out, clients must have access to an
>> arbitrary list of asset services, because as agents travel around the
>> VWRAP-compatible metaverse, the regions they visit will contain objects from
>> an arbitrary number of asset service providers.
>>
>> *Without access to these asset services, the visited regions would not be
>> visualizable at all.  And denying visualization is no business of the AD's.
>>  * This makes it clear that access to asset services should not be
>> mediated by the AD at all --- the AD's role should be limited to allowing or
>> denying entrance to a region.  Once inside a region, it is the region that
>> offers capabilities for access to the asset services of assets within the
>> region.
>>
>
> After reading this a few times, I agree with the high level sentiment - but
> be careful regarding the terminology, as specific wording tripped me up the
> first few times through.
>
> In the SL protocol today, clients only ever communicate with a region. It's
> the region's responsibility to provide the data for what the agent sees.
> This occurs both for items that would be considered aspects of the region
> (chairs, buildings, trees, waterfalls) and "transient" items (other avatars
> with attachments). The region exposes a data source (today, the
> byte-efficient but fairly grotesque family of UDP packets) of the
> description of objects (prims, textures, sourds, animations, ...) which the
> client consumes.
>
> Behind the scenes, the region may be pulling those object definitions from
> an asset service, or they may be present in the region definition itself.
> The client is unaware of this - it's hidden behind the services the region
> exposes.
>
> Now for the terminology bit: we can call the services the region is
> exposing "asset services" but these could be quite distinct from the sorts
> of things present in an agent's inventory. One phrase that's potentially
> confusing is "the regions they visit will contain objects from an arbitrary
> number of asset service providers" - while I agree with the high-level
> interpretation of that statement, I think it paints a picture that as you're
> exploring a region, the client is *necessarily* going off and making
> connections to a variety of asset servers to fetch the data.
>
> I don't think VWRAP should *preclude* that (I imagine it's only sensible
> for things like textures to be referenced by URLs which could be coming off
> of any old place), but my initial reading of your text was that the client
> would necessarily be fetching things from external asset services. For
> example, if I buy a chair on FooGrid and drop it on BarGrid, when you visit
> BarGrid you're having to ask FooGrid's asset service for the description.
> Again, I think that's *conceivable*, but shouldn't be *necessary*. (And I
> don't think you're claiming that - but my first read-through came away with
> that impression.)
>
> And, of course, one can conceive of clients that implement a policy of not
> trusting FooGrid for anything and wouldn't make such a connection - FooGrid
> could be blacklisted by some large search company, my ISP, or perhaps my AD.
>
>
> Indeed, but fortunately it hasn't been proposed that asset services be part
>> of the agent service in VWRAP.  The legacy SL model of assets and
>> inventories clearly doesn't apply in our extended scenarios, and the OGP
>> documents never covered asset services at all, so we're defining the asset
>> services and inventory model of VWRAP as we speak. :-)
>>
>
> Be careful about blurring the use of "asset services" between "stuff in
> regions" and "stuff I have". I think there is a big intersection - and may
> have the same characteristics and/or protocols, but I also think they are
> are distinct. I would guess that there will be asset services associated
> with both agents and regions - off the top of my head:
>
> Uses of an agent-associated "asset" service:
> * content to client app (inspect your inventory)
> * content from client app (upload/import to inventory)
> * content to region (rez something)
> * content from region (buy/take something)
> * content to agent (give something)
> * content from agent (receive something)
>
> Uses of an region-associated "asset" service:
> * content to client app (see the world)
> * content from client app (upload/import to region)
> * content to region (during teleport/region crossing)
> * content from region (during teleport/region crossing)
> * content to agent (buy/take something)
> * content from agent (rez something)
>
> I'm using "asset" in quotes since that term may be overloaded. "Content"
> might be a better term.
>
>
>
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>

v2.8.7 | Report a Bug | By Email