IETF Logo Mail Archive

Re: [ogpx] VWRAP Draft Charter - 2009 09 01

David W Levine <dwl@us.ibm.com> Thu, 01 October 2009 22:25 UTC

Return-Path: <dwl@us.ibm.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C34843A67B3; Thu, 1 Oct 2009 15:25:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.746
X-Spam-Level:
X-Spam-Status: No, score=-5.746 tagged_above=-999 required=5 tests=[AWL=0.852, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QeVizlc6agx6; Thu, 1 Oct 2009 15:25:40 -0700 (PDT)
Received: from e3.ny.us.ibm.com (e3.ny.us.ibm.com [32.97.182.143]) by core3.amsl.com (Postfix) with ESMTP id BDA623A695A; Thu, 1 Oct 2009 15:24:11 -0700 (PDT)
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e3.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id n91MI0qf021852; Thu, 1 Oct 2009 18:18:00 -0400
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n91MPTTa207076; Thu, 1 Oct 2009 18:25:31 -0400
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n91MPSQS010030; Thu, 1 Oct 2009 18:25:28 -0400
Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av04.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n91MPSgl010027; Thu, 1 Oct 2009 18:25:28 -0400
In-Reply-To: <f72742de0910011457o5e757135rd9db7fc7f4a1389@mail.gmail.com>
References: <3a880e2c0909011549n504111ebi2729273631cdee74@mail.gmail.com> <20090902230338.GC6652@alinoe.com> <e0b04bba0909022028g68227199t86212294fe6faefc@mail.gmail.com> <20090904195822.GA15341@alinoe.com> <e0b04bba0909132243r10730a3fq275f8143087807c6@mail.gmail.com> <20090914084420.GA25580@alinoe.com> <9b8a8de40909291316i19c79a96h111d88e73a64cc79@mail.gmail.com> <e0b04bba0909291751g157d2043g1c15e8d8ac417ccf@mail.gmail.com> <f72742de0909300910t23131532i1719d2c86423fa41@mail.gmail.com> <e0b04bba0910011434i13f890bfodd22cd15eef17697@mail.gmail.com> <f72742de0910011457o5e757135rd9db7fc7f4a1389@mail.gmail.com>
To: Joshua Bell <josh@lindenlab.com>
MIME-Version: 1.0
X-KeepSent: BDE64925:B257B8B0-85257642:007957C9; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
Message-ID: <OFBDE64925.B257B8B0-ON85257642.007957C9-85257642.007B2CA5@us.ibm.com>
From: David W Levine <dwl@us.ibm.com>
Date: Thu, 01 Oct 2009 18:25:22 -0400
X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Build V851_07072009|July 07, 2009) at 10/01/2009 18:25:27, Serialize complete at 10/01/2009 18:25:27
Content-Type: multipart/alternative; boundary="=_alternative 007B2CA285257642_="
Cc: ogpx-bounces@ietf.org, ogpx@ietf.org
Subject: Re: [ogpx] VWRAP Draft Charter - 2009 09 01
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2009 22:25:41 -0000

One.. I think its very important to keep in mind that services are going 
to manage policy, not the domains they reside in. This is important, 
because it highlights the fact that what's going to happen when different 
people deploy this stuff in different deployments is going to vary.  I 
think we need to be very careful to focus not on any one deployment 
pattern, but the broader set of possible deployment patterns we are 
attempting to enable. This goes hand in glove with Joshua's comments 
below. 

This leads to 

Two.. I *think* the correct model is "All the services involved may have 
policies they bring to the table."  The set of actions which are possible 
between an arbitrary service inside of one deployment and an arbitrary 
service inside another is going to be
dictated by the policies those two services follow.  This is especially 
likely when looking at things like asset permissions.  Consider the case 
of a region attempting to pass a prim to an asset store for storage. The 
Region may have policies about which
asset stores it is willing to deliver assets to. The Asset store may have 
policies about which regions it is willing to accept assets from. If the 
user's agent domain holds his inventory (One, but not the only possible 
deployment pattern) it may have policies about
the asset servers it interacts with. Its possible to imagine cases where 
the only role the ADs play in this policy decision is that they have 
authenticated the user, 

We need to be careful, when looking at this stuff to strike a balance 
between focusing on the current deployed clusterings, and turning 
everything into soup. That said, the actual deployed systems which 
implement these specifications are only going to be able
to enforce policy at the interfaces we define, and these interfaces are on 
services, not domains.  In fact, as I've argued several times, I think, in 
general, the notion of a domain emerges from the policies of the deployed 
services, not the other way around. Infinity's made a very nice case for 
describing the key distinctions as being "Agent domains include the auth 
service" and "Region Domains include the presence service"  If we keep 
this in mind, I think it helps us move away from thinking purely in terms 
of the split that Linden Labs has focused on. To circle back to the 
question of soup, simply focusing on the services risks describing stuff 
that's falls into the HLA/DIS trap of having deployments which are each 
"conforming" but vary so much in assumption as to not actually 
interoperate. 

- David
~Zha






Joshua Bell <josh@lindenlab.com> 
Sent by: ogpx-bounces@ietf.org
10/01/2009 05:57 PM

To
ogpx@ietf.org
cc

Subject
Re: [ogpx] VWRAP Draft Charter - 2009 09 01







On Thu, Oct 1, 2009 at 2:34 PM, Morgaine <morgaine.dinova@googlemail.com> 
wrote:

Your next step is to realize that, for two structurally identical worlds, 
if the seat of policy of one lies in its AD, then the seat of policy of 
the other also lies in its AD.  Therefore your statement needs to be 
modified to the following:

IMHO, it should be apparent that both the AD of the source world and the 
RD and AD of the destination world all need to make policy decisions.

 
I don't agree with this at all.

A VW service provider could operate a region domain with no agent domain. 
I believe this is VERY LOOSELY equivalent to running an OpenSim instance 
in Grid mode today (but I can't state that definitively) the person 
running the sim is basically running just the region, and relying on 
someone else's agent domain (agent-centric services).

Similarly, BigGiantCo could operate an agent domain for their employs (as 
a bolt-on to their enterprise LDAP server, say) with no region domain. 

A BigGiantCo employee can visit the RD-only VW - the AD talks to the RD to 
place the agent in a region. There aren't necessarily any other RDs or ADs 
involved at all. This is where protocol and policy come into play - the AD 
needs to communicate with and trust the RD and vice versa (even if that's 
nil-trust).
_______________________________________________
ogpx mailing list
ogpx@ietf.org
https://www.ietf.org/mailman/listinfo/ogpx

v2.23.0 | Report a Bug | By Email