[ogpx] Globally unique authentication token versus Firstname Lastname [Was: Re: Global Agent Domain Registry [Was: Re: OpenID and OGP : beginning the discussion ...]
Carlo Wood <carlo@alinoe.com> Mon, 29 June 2009 11:34 UTC
Return-Path: <carlo@alinoe.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 9651F3A6D9C for <ogpx@core3.amsl.com>;
Mon, 29 Jun 2009 04:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.97
X-Spam-Level:
X-Spam-Status: No, score=-0.97 tagged_above=-999 required=5 tests=[AWL=-0.270,
BAYES_00=-2.599, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745, J_CHICKENPOX_54=0.6,
SARE_RMML_Stock10=0.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oz4xLqDCwZZX for
<ogpx@core3.amsl.com>; Mon, 29 Jun 2009 04:34:41 -0700 (PDT)
Received: from viefep18-int.chello.at (viefep18-int.chello.at [62.179.121.38])
by core3.amsl.com (Postfix) with ESMTP id 25B733A6D97 for <ogpx@ietf.org>;
Mon, 29 Jun 2009 04:34:40 -0700 (PDT)
Received: from edge04.upc.biz ([192.168.13.239]) by viefep18-int.chello.at
(InterMail vM.7.09.01.00 201-2219-108-20080618) with ESMTP id
<20090629113459.MPKA3332.viefep18-int.chello.at@edge04.upc.biz>;
Mon, 29 Jun 2009 13:34:59 +0200
Received: from mail9.alinoe.com ([77.250.43.12]) by edge04.upc.biz with edge
id 9nak1c02D0FlQed04nali6; Mon, 29 Jun 2009 13:34:59 +0200
X-SourceIP: 77.250.43.12
Received: from carlo by mail9.alinoe.com with local (Exim 4.69) (envelope-from
<carlo@alinoe.com>) id 1MLF8Q-0000uE-Lu; Mon, 29 Jun 2009 13:34:54 +0200
Date: Mon, 29 Jun 2009 13:34:54 +0200
From: Carlo Wood <carlo@alinoe.com>
To: Infinity Linden <infinity@lindenlab.com>
Message-ID: <20090629113454.GB1053@alinoe.com>
References: <3a880e2c0906280906if8f9791h89a9bc13a7170b53@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3a880e2c0906280906if8f9791h89a9bc13a7170b53@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: ogpx@ietf.org
Subject: [ogpx] Globally unique authentication token versus Firstname
Lastname [Was: Re: Global Agent Domain Registry [Was: Re: OpenID and OGP :
beginning the discussion ...]
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2009 11:34:42 -0000
On Sun, Jun 28, 2009 at 09:06:31AM -0700, Infinity Linden wrote: > okay... so it seems like you're actually asking... "how do we maintain > global avatar name uniqueness if avatar first and last name are used > as primary keys for logging in?" Yes. Because, it *WILL* become a problem if two people can use (steal) the name of someone else. And therefore we need to garantee uniqueness of the identifier that is visible even (the tag!), and also, we need one central database to garantee this uniqueness if the keys itself ARE the first+last name. This is a very serious problem. > there was some discussion about a global avatar name registry last > year in the SL Architecture Working Group, though i don't think there > were any definitive results. > > i think we're punting on the problem with respect to protocol > development. that is, i don't think the protocol specifications will > say anything about the expectation that an agent name be globally > unique across grids. Well, it will have to; I am convinced that if we ignore this problem now, it will turn out to require such a drastic protocol change in the future that you can never solve it anymore (ake, IRC). > deploying such a service would be quite an effort in terms of community buy-in. > > that being said, there's no reason it can't be done in the future or > as a project of a non-IETF group. > > for the time being, we can use account identifiers to guarantee > uniqueness; or at least that's my sense given the lack of radical > agreement in the topic. I wrote another article about this topic (again, for IRC) in the past; that is - I have already put a lot of thinking into this subject. I don't think ignoring the problem is going to make it go away. > in other words, i think it's a topic that will lead to wailing and > gnashing of teeth and would only serve to delay production of > standards that people _do_ agree on. Not at all necessary, I have a solution :) But, like the protocol negotiation one, it turns out that most people are not ready to grasp the concepts involved and rather just ignore it :/ Ok,... here it goes, I'll try to be extremely short, which won't make it more understandable, but please ask any questions until things are completely clear. ---------------------------------- * Uniqueness Some token can ONLY be unique if it is *generated* by an authority. Unless we use ONE global authority, the generated token must include a sub-token that was assigned to that particular authority that is globally unique for that authority. Example; say there are three authorities. Each get assigned a unique token: A, B and C. Upon request they generate a locally unique token (for example an integer that is incremented every time) and prepend their own token to make it globally unique (ie, A1, A2, .. B1, B2, .. etc). * Human readable identifiers Because the authentication token have to be generated, they cannot be human readable without creating a major problem. I am convinced that it is near impossible to generate globally unique and human readable Firstname Lastname for -say- 100,000,000 people, without getting such long and unreadable last names that impersonations are still possible (in the least!) Hence, the human readable identifier will have to be separated from the really (globally) unique authentication token. The reason that this can work in most cases is simply because everyone only meets a limited number of people in their lives. This number, especially if you don't count people that just walk one once, but only look at people you interact with, is almost a constant: you cannot have infinite number of friends. For example, every user will have to do with at most 1000 others, independent of the total number of users of all virtual worlds together. * Solving namespace collisions It will happen (by coincidence or deliberate) that two people with the same name will run into eachother and/or have interactions with the same people. How to solve this? My solution for this is as follows: Each agent has separated their authentication token (something like a UUID, only used internally) and their human readable "tag". The "tag" exists of a Firstname, a Lastname and a postfix. If an agent meets someone for the first time, it will receive their authentication token. The user (the viewer) will store this authentication token along with the a chosen postfix. If the Firstname Lastname of the new avatar is unique within the scope of the viewer, it will automatically assign an empty postfix (although the user is allowed to edit it). If another authentication token already exists with the same Firstname Lastname, then the viewer will warn the user and require him to choose a (locally) unique postfix. Because the user can choose, it will be not only human readable but also easy to remember. For example, I know a Paul Mastermind that looks like kid and is my friend. Must later I run into an other avatar with the same name Paul Mastermind; my viewer assigns a postfix '2' to it, so that I see in the tag: "Paul Mastermind 2". Of course, this Paul looks totally different: it's a man that can play chess very well, and he offers me to teach me chess. I edit his postfix and change it into "Chess master", so now I see: "Paul Mastermind Chess master". My viewer accepts this because it is unique within the two Paul Mastermind's that is known. Later I meet a Paul Mastermind 2 that looks exactly like the Paul Mastermind that I know. I talk with him and he convinces me quickly that it's an ALT of the real Paul Mastermind. I edit his postfix and change the '2' into "ALT". The point being: the protocol needs a DRASTICAL change for this to be possible that we need to take into account NOW. Namely: everyone should be identified by some separate, and in practise impossibly human readable indentifier. The protocol can be designed by just saying that this identifier exists and is some string, and we'll take care of it's uniqueness later. But really, it has to be something different from the human readable Firstname Lastname. Therefore we cannot postpone this discussion. -- Carlo Wood <carlo@alinoe.com>
- [ogpx] Global Agent Domain Registry [Was: Re: Ope… Infinity Linden
- [ogpx] Globally unique authentication token versu… Carlo Wood
- Re: [ogpx] Global Agent Domain Registry [Was: Re:… Kajikawa Jeremy