Re: [ogpx] (no subject)
Kari Lippert <kari.lippert@gmail.com> Sun, 11 October 2009 23:30 UTC
Return-Path: <kari.lippert@gmail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 5ECF53A6827 for <ogpx@core3.amsl.com>;
Sun, 11 Oct 2009 16:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1w6z-bbSXfiZ for
<ogpx@core3.amsl.com>; Sun, 11 Oct 2009 16:30:41 -0700 (PDT)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27])
by core3.amsl.com (Postfix) with ESMTP id 8FF053A67F3 for <ogpx@ietf.org>;
Sun, 11 Oct 2009 16:30:40 -0700 (PDT)
Received: by ey-out-2122.google.com with SMTP id 4so528899eyf.5 for
<ogpx@ietf.org>; Sun, 11 Oct 2009 16:30:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding;
bh=1ZXqcwwSVljEgHlwtPSbPUOjAvdp4Oz36I/ISR+Vt6c=;
b=t4J2a4xfuxnOKcFKyEdDz6Rf0sLYJP6/ye79k3zsiB18Lg6jWCM7kAkwDm7oqoeD0R
NPqoZQeKvXl+cZJ0/T+85T9332Yb2Y4Qz6vMoPk0lqaoWDQjhp2/cFKjG/hms7VHIfMx
cHEG8ermVmSxCyyY/ZdSYF4YGmx656fsp511U=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type:content-transfer-encoding;
b=XcwGo/Vbh6r47BtG7L0MFIot/icbtUlv0yPPcNxlNNC7AFSa2yRCYkerx3rHBrylQ6
KFBvhWRwRBUPeUyecE6jFecvWVQeulrpstdpzrLtyOB2gh8Apj+NKV+c5f9L8oJSUlYM
JvyVcqpUmlVMnKaMILZfsW0n4ltnVH+nV3v1c=
MIME-Version: 1.0
Received: by 10.216.86.17 with SMTP id v17mr1705841wee.192.1255303837076;
Sun, 11 Oct 2009 16:30:37 -0700 (PDT)
In-Reply-To: <9b8a8de40910111555y76f7685fo248395cc9ef1cc61@mail.gmail.com>
References: <e0b04bba0910050530x6e85e4e9va71dabab678af23b@mail.gmail.com>
<3a880e2c0910052217r187e2ccdiab34e39dcd80af1@mail.gmail.com>
<e0b04bba0910060929m6f218e8bw39a0b09dc58f8e75@mail.gmail.com>
<f72742de0910061032n486601e9y99b15fd619da9831@mail.gmail.com>
<4646639E08F58B42836FAC24C94624DD771A156C3E@GVW0433EXB.americas.hpqcorp.net>
<3a880e2c0910061144o66c609cbw1e649e91f7fd0cdb@mail.gmail.com>
<4646639E08F58B42836FAC24C94624DD771A156D0E@GVW0433EXB.americas.hpqcorp.net>
<f72742de0910061306u5535232fx8a1d05cb2330bce1@mail.gmail.com>
<OFC69C61CF.F2BCE649-ON85257647.00774F20-85257647.00777DDF@us.ibm.com>
<9b8a8de40910111555y76f7685fo248395cc9ef1cc61@mail.gmail.com>
Date: Sun, 11 Oct 2009 19:30:37 -0400
Message-ID: <382d73da0910111630p4a66d73dr29c24b8539eacc74@mail.gmail.com>
From: Kari Lippert <kari.lippert@gmail.com>
To: Vaughn Deluca <vaughn.deluca@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] (no subject)
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Oct 2009 23:30:42 -0000
Any service request, invocation, message delivery, or other type of communication attempt with either an AD or an RD will likely require the presentation of some sort of credential. Policy is outside the protocol as it is an implementation detail, but the protocol needs to indicate what would be (minimal) credentials. Clearly we need more than a notional idea of what that information entails. The policies that determine how (or even if) the domain uses that information is clearly up to the domain implementation and beyond the scope of the protocol. While we need to consider the types of things the domains might do so that the protocol supports the transmittal of the appropriate information, we are only specifying a format for communicating information between the domains. Unless I've missed some critical point somewhere, I believe we can largely treat the domains as black boxes and not worry their implementation or how they will use the information they receive. We only need to understand what information a domain would require to accept or react to a communication. True? Kari On Sun, Oct 11, 2009 at 6:55 PM, Vaughn Deluca <vaughn.deluca@gmail.com> wrote: > I realise now I have been confused about the meaning of the Region Domain, > but your post clears up a lot for me. > Some of this has been voiced by others already, but here is my personal > view. > I think the notion of RD is very useful as a tool to specify *common* policy > for some regions. > Looking at the TP draft, its absolutely clear that the region is the > endpoint, and a rez cap will also point to the region. Yet, as you already > mentioned *behind* that interface, the region can get some of its policy > from a region domain "service". Viewed like this the RD becomes a lookup > service for information that otherwise has to be duplicated in possibly a > lot if regions. The RD is not a *front*end containing the regions, but its a > *back* end service *used* by the regions, and the fact that some regions do > use this particular service places them de-facto *in* a that RD. > Since policy it outside the protocol, it is not needed to specify how the > regions consults the RD policy "service". All of that interaction is hidden > behind the interface to the region, and it is up to the deployer of the > region to decide how to deal with this problem. However, if somebody feels > the need, I have no objection to formalising the interaction in *optional* > protocol steps, that the region can take to help it making policy decisions. > -Vaughn > On Tue, Oct 6, 2009 at 11:45 PM, David W Levine <dwl@us.ibm.com> wrote: >> >> From this mornings AWGroupies discussion, I want to try and pin down >> some terminology: >> >> I've been saying "Policy happens at services." I think I need to make >> this more precise, so: >> >> The current model grounds out in Web Services and streams of "events" >> (Notionally delivered in UDP or over an event queue in the current >> discussions) So.. From the bottom up: >> >> Web Services End point (URI + the LLIDL (encoded on LLSD, Binary, or >> JSON) which defines a web service capability A set of "events" which >> are notionally short, asynchronous and delivered quickly.. (How much, >> content flows in this form is at yet unclear) >> >> Web service endpoints cluster into set of services, which describe the >> bulk of the functionality in the specifications. (Loosely, this tends >> to be the Authentication Services, Region Service, Inventory services, >> Asset Services and IM services) There is nothing in this model which >> dictates how to implement or deploy these services behind the defined >> interfaces >> >> Laid over this lose description we have had the notion of "domains" in >> particular, the Agent and Region domains. The current (somewhat >> backlevel) intro document says: >> >> The Open Grid Protocol assumes a division between systems offering >> user / avatar oriented services and systems offering virtual world >> simulation services. OGP was designed to support the case where the >> administrative authority for agent services is distinct from the >> authority providing simulation and object persistence services. The >> administrative authority of the former group is termed the "agent >> domain" while the latter is termed the "region domain." The protocol >> allows the agent domain and region domain to be distinct; in other >> words, a user's identity may be managed by one person or organization >> while the virtual world they inhabit may be simulated by hosts owned >> by a completely different organization. >> >> Over the past few weeks, there has been a lot of discussion about the >> possible deployment patterns people will support, and the last >> definition of the split I have seen on the lists seems to be >> >> that if it holds the Authentication and Agent ID services its an agent >> domain, and if it holds the Virtual Presence services its a region >> domain. This seems quite reasonable. >> >> There is also the notion, that domains represent administrative >> spans of control, and that services within a domain share policy. >> >> At the same time.. actual policy is mediated by service end >> points. This is to say the moment we can actually apply policy is >> when a remote service requests a capability, or invokes a capability >> or (possibly) delivers an event or message to us on an asynchronous >> connection. >> >> I see two or possibly three bits of confusion here. I'm going to start >> with the basic one, which has come up over the past week. >> >> People keep saying "Region Domain Decides" or "Agent Domain Decides" >> or "The service consults the Agent Domain" I think this muddies stuff >> because it promotes the domain to an active element, when the real >> behavior is "A service endpoint is called, possibly with some special >> tokens, >> possibly, with a negotiation ensuing and the service endpoint acts >> according to its policy." >> >> Now, the service endpoint may well reside inside an administrative >> domain, and may have its policy dictated by its deployer. But without >> an active element, I don't think the domain "participates" >> >> The second thing which concerns me is that we're sort of conflating >> two useful ideas here. One, the split between authenticator and >> holders of agents, and virtual spaces, and the other, a pattern of >> common use in deploying services. I think this becomes increasingly >> strained, as you look at regions interacting with multiple services, >> and with services which fall outside of the agent/region split, and >> yet belong to one or more administrative domains. >> >> So.. I am not suggesting we throw away these concepts, I am suggesting >> that we look carefully at how we are tossing the word around, whether >> we are overloading it, and whether we could better serve our >> developing a shared understanding by being more rigorous, and more >> careful about how we attack some of these concepts >> >> - David Levine >> ~ Zha Ewry >> >> _______________________________________________ >> ogpx mailing list >> ogpx@ietf.org >> https://www.ietf.org/mailman/listinfo/ogpx >> > > > _______________________________________________ > ogpx mailing list > ogpx@ietf.org > https://www.ietf.org/mailman/listinfo/ogpx > >
- [ogpx] Virtual worlds versus the real world Morgaine
- Re: [ogpx] Virtual worlds versus the real world Dickson, Mike (ISS Software)
- Re: [ogpx] Virtual worlds versus the real world Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Virtual worlds versus the real world Morgaine
- Re: [ogpx] Virtual worlds versus the real world Joshua Bell
- [ogpx] Reference material Dickson, Mike (ISS Software)
- Re: [ogpx] Reference material Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Reference material Dickson, Mike (ISS Software)
- Re: [ogpx] Virtual worlds versus the real world Morgaine
- Re: [ogpx] Reference material Joshua Bell
- [ogpx] (no subject) David W Levine
- Re: [ogpx] Reference material Vaughn Deluca
- Re: [ogpx] Reference material Vaughn Deluca
- Re: [ogpx] Reference material Morgaine
- Re: [ogpx] (no subject) Vaughn Deluca
- Re: [ogpx] (no subject) Kari Lippert
- Re: [ogpx] (no subject) Vaughn Deluca
- Re: [ogpx] (no subject) Kari Lippert