Re: [ogpx] Limits to interoperability of scripted objects
Joshua Bell <josh@lindenlab.com> Tue, 10 November 2009 17:19 UTC
Return-Path: <josh@lindenlab.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 3D5163A6B2B for <ogpx@core3.amsl.com>;
Tue, 10 Nov 2009 09:19:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.661
X-Spam-Level:
X-Spam-Status: No, score=-1.661 tagged_above=-999 required=5 tests=[AWL=0.315,
BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UYKRkwn1AZC8 for
<ogpx@core3.amsl.com>; Tue, 10 Nov 2009 09:19:10 -0800 (PST)
Received: from mail-iw0-f186.google.com (mail-iw0-f186.google.com
[209.85.223.186]) by core3.amsl.com (Postfix) with ESMTP id 2C8473A6B1A for
<ogpx@ietf.org>; Tue, 10 Nov 2009 09:19:10 -0800 (PST)
Received: by iwn16 with SMTP id 16so199562iwn.29 for <ogpx@ietf.org>;
Tue, 10 Nov 2009 09:19:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.168.131 with SMTP id u3mr532550iby.26.1257873573274;
Tue, 10 Nov 2009 09:19:33 -0800 (PST)
In-Reply-To: <4AF8ECDE.2010900@cox.net>
References: <e0b04bba0910262215td0cf125lb3129947e8f81891@mail.gmail.com>
<f72742de0910270951x6b4536d8wef165e850ba16ef8@mail.gmail.com>
<e0b04bba0911091956j5edc4840pd5a32d98eff3776e@mail.gmail.com>
<4AF8ECDE.2010900@cox.net>
Date: Tue, 10 Nov 2009 09:19:33 -0800
Message-ID: <f72742de0911100919r76c337b6i980736db91f7f53c@mail.gmail.com>
From: Joshua Bell <josh@lindenlab.com>
To: lenglish5@cox.net
Content-Type: multipart/alternative; boundary=001636b1451381e5310478078371
Cc: ogpx@ietf.org
Subject: Re: [ogpx] Limits to interoperability of scripted objects
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 17:19:11 -0000
On Mon, Nov 9, 2009 at 8:32 PM, Lawson English <lenglish5@cox.net> wrote: > Morgaine has seen me hype this many types, but perhaps Joshua and others > have not not: > > http://wiki.secondlife.com/wiki/User:Saijanai_Kuhn/Plugins_discussion ... > > Nifty stuff. What do you think needs to be exposed at a protocol level to enable these scenarios, and do you think that fits into any of the currently sketched out drafts or forms a part of an as-yet unidentified draft? It sounds like much of it is captured by the use case: clients are able to manipulate simulation state for avatars and other objects. At the other end is the Croquet/Cobalt case where clients act as servers > for their own private worlds that are, in principle, P2P in nature. While > the VWRAP scenario assumes more Second Life-ish scenarios, there's plenty of > room for more Croquet-like situations, IMHO. No disagreement. It's also interesting to think about stretching the VWRAP model towards P2P scenarios. The model dictates that there is an authoritative service for a region, but it's conceivable that if I invite you to my space, I have a single application on my personal host that is providing both the agent services and region services, and negotiates with your personal host's agent service. > There's no reason to assume ANY limitations save those required for > security/trust issues, and those will need to be applied on the server side > for any realistically secure scenario (assuming that the client-side > plug-ins are trustworthy for the end-user's purposes, of course) > ...which points out there are at least two scenarios for client-side dynamic code: stuff that runs with effectively full trust of the user (basically has unfettered access to agent and region services on the user's behalf) and stuff that must be sandboxed. The former category would include the client application itself as well as "Greasemonkey"-style extensions. The latter would include content from arbitrary objects, much like JavaScript within a web page running within the browser security context. Intriguing... it seems like the Same Origin Policy from the web could apply directly to any set of VWRAP services as well, although if the logic is coming from user-generated content rather than the region authority itself, this runs into the same exciting world that Google and others face with advertisement-hosted scripts which need to be further sandboxed so that ads can't monkey with your account, despite being served from the same domain.
- [ogpx] Limits to interoperability of scripted obj… Morgaine
- Re: [ogpx] Limits to interoperability of scripted… Joshua Bell
- Re: [ogpx] Limits to interoperability of scripted… Morgaine
- Re: [ogpx] Limits to interoperability of scripted… Lawson English
- Re: [ogpx] Limits to interoperability of scripted… Joshua Bell
- Re: [ogpx] Limits to interoperability of scripted… Carlo Wood
- [ogpx] Synchronization of gestures (was: Limits t… Carlo Wood
- Re: [ogpx] Limits to interoperability of scripted… Morgaine
- Re: [ogpx] Synchronization of gestures (was: Limi… Carlo Wood
- Re: [ogpx] Synchronization of gestures (was: Limi… Han Sontse
- Re: [ogpx] Synchronization of gestures (was: Limi… Carlo Wood
- Re: [ogpx] Synchronization of gestures (was: Limi… Carlo Wood
- Re: [ogpx] Synchronization of gestures Lawson English
- Re: [ogpx] Synchronization of gestures Carlo Wood
- Re: [ogpx] Synchronization of gestures (was: Limi… Nexii Malthus
- Re: [ogpx] Synchronization of gestures (was: Limi… Carlo Wood