IETF Logo Mail Archive

Re: [ogpx] VWRAP Draft Charter - 2009 09 01

Morgaine <morgaine.dinova@googlemail.com> Sat, 03 October 2009 05:13 UTC

Return-Path: <morgaine.dinova@googlemail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4275F28C0CE for <ogpx@core3.amsl.com>; Fri, 2 Oct 2009 22:13:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.538
X-Spam-Level:
X-Spam-Status: No, score=-1.538 tagged_above=-999 required=5 tests=[AWL=0.438, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQncwhNsc0vx for <ogpx@core3.amsl.com>; Fri, 2 Oct 2009 22:13:50 -0700 (PDT)
Received: from mail-ew0-f228.google.com (mail-ew0-f228.google.com [209.85.219.228]) by core3.amsl.com (Postfix) with ESMTP id 4BDB23A6839 for <ogpx@ietf.org>; Fri, 2 Oct 2009 22:13:49 -0700 (PDT)
Received: by ewy28 with SMTP id 28so2110525ewy.42 for <ogpx@ietf.org>; Fri, 02 Oct 2009 22:15:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=oC0YnoK2oWODsfkeTrLbXiEAfr0/uSyMDFQlNUSJqUE=; b=M9h3B31PTpQSZFqnH4mzob35gBed30ALdJRnGlLeAUUrz7Is1Xb+2908ZR3bzvkfzp TGbC1xXP6CbX9Y5I1DVWYWekHIkVaZWOulR5mCTFJTfaBnuep2kjS/xUN66NyHY5B6gH 9runX2SMksFxensQyTbZsyadGgVZjngmqs8Qw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=YT3BuMF3FD3/CHTpi1cNMfK8d+H4wQeYvq5wuroA+8yVXjzumq+nuEHR6X4obeqFN8 ipYqNJpzGy8ZNXlLUYKh1UcyI/Gei8+VF4jJIRnNY6eZvwNKFxjSX6Jz1U9TtYECAOyB tcxvLgDwsB2pUkeoHCr5FcjtAHRNIIddrLzJY=
MIME-Version: 1.0
Received: by 10.211.145.15 with SMTP id x15mr4299214ebn.6.1254546915804; Fri, 02 Oct 2009 22:15:15 -0700 (PDT)
In-Reply-To: <OFBDE64925.B257B8B0-ON85257642.007957C9-85257642.007B2CA5@us.ibm.com>
References: <3a880e2c0909011549n504111ebi2729273631cdee74@mail.gmail.com> <20090904195822.GA15341@alinoe.com> <e0b04bba0909132243r10730a3fq275f8143087807c6@mail.gmail.com> <20090914084420.GA25580@alinoe.com> <9b8a8de40909291316i19c79a96h111d88e73a64cc79@mail.gmail.com> <e0b04bba0909291751g157d2043g1c15e8d8ac417ccf@mail.gmail.com> <f72742de0909300910t23131532i1719d2c86423fa41@mail.gmail.com> <e0b04bba0910011434i13f890bfodd22cd15eef17697@mail.gmail.com> <f72742de0910011457o5e757135rd9db7fc7f4a1389@mail.gmail.com> <OFBDE64925.B257B8B0-ON85257642.007957C9-85257642.007B2CA5@us.ibm.com>
Date: Sat, 03 Oct 2009 06:15:15 +0100
Message-ID: <e0b04bba0910022215w666ee389kbfdadac74aa0e77e@mail.gmail.com>
From: Morgaine <morgaine.dinova@googlemail.com>
To: David W Levine <dwl@us.ibm.com>
Content-Type: multipart/alternative; boundary="00504502c3ec45476a047500f7dd"
Cc: ogpx@ietf.org
Subject: Re: [ogpx] VWRAP Draft Charter - 2009 09 01
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2009 05:13:52 -0000

IMO, this post of David's is one of the most important ones in the thread,
in particular its opening paragraph:

On Thu, Oct 1, 2009 at 11:25 PM, David W Levine <dwl@us.ibm.com> wrote:

>
> One.. I think its very important to keep in mind that services are going to
> manage policy, not the domains they reside in. This is important, because it
> highlights the fact that what's going to happen when different people deploy
> this stuff in different deployments is going to vary.  I think we need to be
> very careful to focus not on any one deployment pattern, but the broader set
> of possible deployment patterns we are attempting to enable.
>


It's important firstly because it provides us with a clear path towards
implementation, and it seeks to reduce the focus on "domains" that has
caused so much trouble --- services are so much easier to understand and to
implement and to discuss.

And it's important secondly because it underlines the massive and overriding
power of the Agent Domain, because an AD provides caps that give access to
services, and therefore it has more power in dictating policy than any
service to which it gives access.  This places a mammoth constraint upon
David's first statement that "services are going to manage policy", because
there will be no access to those services *at all* unless an AD allows it.

(It's also worth pointing out that the AD's power to provide caps is in
direct conflict with the 2nd part of David's sentence (highlighted):  "services
are going to manage policy, *not the domains they reside in*".  The AD
clearly is managing policy, *in a major way*, by providing caps that allow
access to services.)

Fortunately, the way out of this dilemma has already been provided by
Joshua, namely limiting the scope of the AD to agent-related services only,
while RDs control region-related services thus allowing DDP, in much the way
that Carlo desired many weeks ago. :-)

If ADs are limited to agent-only services such as authentication, then there
are no significant problems.  For example, if ADs provides only
authentication, then AD2 doesn't need to be consulted when agent A1
teleports from RD1 to RD2, since A1 is already authenticated with AD1 and
additional authentication with AD2 is not required.

However, if ADs also provide caps to region-related services such as Asset
Services, then AD2 will need to be consulted when agent A1 teleports to RD2,
otherwise A1 won't have access to the assets of W2 that happen to reside in
RD2.

The following paragraph is crucial and its impact needs to be understood.

If ADs are allowed to provide caps to asset services *in any deployment
pattern whatsoever*, then AD2 will *always* have to be consulted if it
exists, *in all deployments*, because W1 does not know what kind of
deployment pattern is used by W2.  This affects our protocol very strongly
--- looking for an AD2 and querying it if it exists will not be optional.

Clearly we have some thinking to do about what is allowed in ADs if we wish
to avoid this.

Finally, I want to quote a sentence from David's 2nd paragraph, which I
think is quite illuminating:



> If we keep this in mind, I think it helps us move away from thinking purely
> in terms of the split that Linden Labs has focused on.



I agree entirely.  The rather coarse AD/RD split worked OK in its original
scope as an implementation mechanism for adding regions to an existing
world, but it's not very helpful now that we have started examining what
really needs to happen for interop in multi-world deployments.

If we feel a need for additional domains, let's add them --- for example, a
separate Storage Domain might be helpful to ensure that AD2 never need to be
consulted (unfortunately Asset Domain provides a conflicting abbreviation).
And if we feel the need to abandon the concept of domains entirely and just
leave services, then let's do that too.  After all, the domain model was
meant to help, not hinder.  Our work is concerned primarily with defining a
protocol --- domains are optional!  :-)


Morgaine.





=======================================

On Thu, Oct 1, 2009 at 11:25 PM, David W Levine <dwl@us.ibm.com> wrote:

>
> One.. I think its very important to keep in mind that services are going to
> manage policy, not the domains they reside in. This is important, because it
> highlights the fact that what's going to happen when different people deploy
> this stuff in different deployments is going to vary.  I think we need to be
> very careful to focus not on any one deployment pattern, but the broader set
> of possible deployment patterns we are attempting to enable. This goes hand
> in glove with Joshua's comments below.
>
> This leads to
>
> Two.. I *think* the correct model is "All the services involved may have
> policies they bring to the table."  The set of actions which are possible
> between an arbitrary service inside of one deployment and an arbitrary
> service inside another is going to be
> dictated by the policies those two services follow.  This is especially
> likely when looking at things like asset permissions.  Consider the case of
> a region attempting to pass a prim to an asset store for storage. The Region
> may have policies about which
> asset stores it is willing to deliver assets to. The Asset store may have
> policies about which regions it is willing to accept assets from. If the
> user's agent domain holds his inventory (One, but not the only possible
> deployment pattern) it may have policies about
> the asset servers it interacts with. Its possible to imagine cases where
> the only role the ADs play in this policy decision is that they have
> authenticated the user,
>
> We need to be careful, when looking at this stuff to strike a balance
> between focusing on the current deployed clusterings, and turning everything
> into soup. That said, the actual deployed systems which implement these
> specifications are only going to be able
> to enforce policy at the interfaces we define, and these interfaces are on
> services, not domains.  In fact, as I've argued several times, I think, in
> general, the notion of a domain emerges from the policies of the deployed
> services, not the other way around. Infinity's made a very nice case for
> describing the key distinctions as being "Agent domains include the auth
> service" and "Region Domains include the presence service"  If we keep this
> in mind, I think it helps us move away from thinking purely in terms of the
> split that Linden Labs has focused on. To circle back to the question of
> soup, simply focusing on the services risks describing stuff that's falls
> into the HLA/DIS trap of having deployments which are each "conforming" but
> vary so much in assumption as to not actually interoperate.
>
> - David
> ~Zha
>
>
>
>
>
>  *Joshua Bell <josh@lindenlab.com>*
> Sent by: ogpx-bounces@ietf.org
>
> 10/01/2009 05:57 PM
>   To
> ogpx@ietf.org  cc
>   Subject
> Re: [ogpx] VWRAP Draft Charter - 2009 09 01
>
>
>
>
>
> On Thu, Oct 1, 2009 at 2:34 PM, Morgaine <*morgaine.dinova@googlemail.com*<morgaine.dinova@googlemail.com>>
> wrote:
>
> Your next step is to realize that, for two structurally identical worlds,
> if the seat of policy of one lies in its AD, then the seat of policy of the
> other also lies in its AD.  Therefore your statement needs to be modified to
> the following:
>
> IMHO, it should be apparent that both the AD of the source world and the RD
> and AD of the destination world all need to make policy decisions.
>
>
> I don't agree with this at all.
>
> A VW service provider could operate a region domain with no agent domain. I
> believe this is VERY LOOSELY equivalent to running an OpenSim instance in
> Grid mode today (but I can't state that definitively) the person running the
> sim is basically running just the region, and relying on someone else's
> agent domain (agent-centric services).
>
> Similarly, BigGiantCo could operate an agent domain for their employs (as a
> bolt-on to their enterprise LDAP server, say) with no region domain.
>
> A BigGiantCo employee can visit the RD-only VW - the AD talks to the RD to
> place the agent in a region. There aren't necessarily any other RDs or ADs
> involved at all. This is where protocol and policy come into play - the AD
> needs to communicate with and trust the RD and vice versa (even if that's
> nil-trust).
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>

v2.23.0 | Report a Bug | By Email