Re: [ogpx] Cable Beach + VWRAP update
David W Levine <dwl@us.ibm.com> Mon, 18 January 2010 18:13 UTC
Return-Path: <dwl@us.ibm.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 562FC3A6820; Mon, 18 Jan 2010 10:13:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.668
X-Spam-Level:
X-Spam-Status: No, score=-5.668 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GwySr1O6z3wv; Mon, 18 Jan 2010 10:13:34 -0800 (PST)
Received: from e3.ny.us.ibm.com (e3.ny.us.ibm.com [32.97.182.143]) by core3.amsl.com (Postfix) with ESMTP id 4F7683A68F8; Mon, 18 Jan 2010 10:13:29 -0800 (PST)
Received: from d01relay05.pok.ibm.com (d01relay05.pok.ibm.com [9.56.227.237]) by e3.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id o0II3M1h021452; Mon, 18 Jan 2010 13:03:22 -0500
Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay05.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o0IIDOWU112856; Mon, 18 Jan 2010 13:13:24 -0500
Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id o0IIDOh3007031; Mon, 18 Jan 2010 13:13:24 -0500
Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av01.pok.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id o0IIDL82006797; Mon, 18 Jan 2010 13:13:21 -0500
In-Reply-To: <e0b04bba1001152009k5885cb07r9108626237d9f5ea@mail.gmail.com>
References: <62BFE5680C037E4DA0B0A08946C0933DC4A74D40@rrsmsx506.amr.corp.intel.com> <e0b04bba1001152009k5885cb07r9108626237d9f5ea@mail.gmail.com>
To: Morgaine <morgaine.dinova@googlemail.com>
MIME-Version: 1.0
X-KeepSent: DFA05603:517E9F75-852576AF:0062AE14; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
Message-ID: <OFDFA05603.517E9F75-ON852576AF.0062AE14-852576AF.006416D6@us.ibm.com>
From: David W Levine <dwl@us.ibm.com>
Date: Mon, 18 Jan 2010 13:13:15 -0500
X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Release 8.5.1HF41 | October 22, 2009) at 01/18/2010 13:13:20, Serialize complete at 01/18/2010 13:13:20
Content-Type: multipart/alternative; boundary="=_alternative 006416D6852576AF_="
Cc: ogpx-bounces@ietf.org, "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Cable Beach + VWRAP update
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2010 18:13:37 -0000
I read John's post as "This is what we have built, how it works, and how you can think about it mapping onto the OGPX/VWRAP design. I certainly don't read it as "We should all build and deploy this." Policy Enforcement Points are where you find them. I actually think that having one or many inventory services per avatar is not a control point. Inventory is a list of references to virtual goods. The control point is not when you you say "Jacob Smith has Item 7896, which is hosted on the BlueDragonsHosting Asset Server, with URI " https://BlueDragonsHosting.Assets.net/private_scheme_for_reference/asset.foo " Whether that inventory pointer sits on a local hard drive, in the only Inventory Service Jacob choses to use, or in a list in one of several services matters not at all. What is going to matter is what various services do with the URI and credentials Jacob presents when he wishes to use the asset. That decision isn't going to happen in the inventory service. It isn't going to happen in the Agent Domain. That decision is going be the subject of policies which affect the interaction between the services Jacob which to invoke and the Asset server holding the asset. My personal expectation is that we will have many asset servers, and most people will have one, or a few inventory services associated with their avatar. Since the inventory is nothing more than a list of asset pointers, Splitting it across multiple servers feels similar to splitting one's bookmark file. One could do it. (And one might well put a backup copy someplace) but. the bookmarks file has no impact on the services I invoke. No matter where I get a URL, the server hosting the web page gets to determine if I see it, and if I need to pass it credentials to fetch it. I don't see Regions, or Agent Domains as unique gatekeepers to asset server seedcaps. I fully expect that virtual world hosters will create convenient paths between their regions and any asset services they host. I also expect that for assets hosted outside of their span of trust, seedcaps will be granted by the asset host, as it sees fit. The place where all of this plays out is in the protocols to permit a user to rez an item from a third party asset server, and the policies which influence the use of those protocols. - David ~ Zha From: Morgaine <morgaine.dinova@googlemail.com> To: "ogpx@ietf.org" <ogpx@ietf.org> Date: 01/15/2010 11:09 PM Subject: Re: [ogpx] Cable Beach + VWRAP update Sent by: ogpx-bounces@ietf.org I spoke at length with John about his blog post. Unfortunately, it seems that his model has some serious restrictions as a result of hardwired service coupling, with only a single deployment model being allowed. This is a deployment in which the AD dictates region asset policies to RDs or regions through central inventory policy. This appears to be much less flexible than the multiple deployment models that we have been discussing here, where we gained much flexibility by using multiple asset services and keeping agent and region policies separate. In addition, the model adds communication between ADs, whereas in our VWRAP discussions there was no communication with AD2 when an agent from AD1 teleported from RD1 to RD2. Ie. we needed no prior federation, whereas John's model does. In effect this proposal just extends the world controlled by AD1 with additional regions that have no say in local asset policy, as in the original OGP. We've gone beyond that in VWRAP to allow for tourism between worlds with different region policies, in which only the agent identity and multi-world assets are common. Also, in John's model there are no independent asset services, instead you can use only a single inventory service which is tightly coupled to the Agent Domain with which you have authenticated. All your assets are accessed through this centralized inventory service, which means that your AD controls the region asset policy of the regions you visit, since whether you are allowed to acquire objects from the foreign RD2 is dictated by AD1 instead of by RD2. In other words, there can be no useful cross-world tourism for your agent except with worlds that have assets allowed by your AD. To a first degree then (and bearing in mind that I've already discussed this extensively with John so this understanding is at least partially correct), this appears to be just the original "let's grow SL" OGP protocol but with OpenID added. It doesn't appear to offer the cross-world interop that we've been working towards in VWRAP, since that requires Destination Determines (Local) Policy, just like in the real world. I'll have to see the model in action to understand it fully, but at first glance this is a recipe for creating walled gardens with no interop at all except to federated worlds. There is no deployment option in it to do any more, whereas we've been talking about many more deployment options because of the independence of VWRAP services. As a footnote, this really highlights why such things should be discussed here on this list first before being added to a draft spec --- I'm very glad to see John doing that here and giving us the opportunity for comments prior to spec time. PS. The above problems are "fixable" (but awkwardly) by making John's hardwired AD inventory extensible on the client. Whenever a dictatorial AD disallows placing a foreign region's assets in its restricted inventory service, the client could automatically use a more flexible inventory service instead, extending symmetrically the user's perception of inventory contents beyond that of the AD. I don't advocate this approach though, as it's a fix to a problem that shouldn't be there. We should begin with a clean model from the start by keeping services decoupled so that a user controls which assets she references in inventory, and not her identity provider. Morgaine. ================================= On Sat, Jan 16, 2010 at 1:13 AM, Hurliman, John <john.hurliman@intel.com> wrote: My post got a bit long and includes some pictures, so I put the Cable Beach + VWRAP update in a blog post at http://www.jhurliman.org/2010/01/merging-vwrap-and-cable-beach/ The comments on that post are closed to encourage discussion to move to the appropriate IETF mailing list (OAuth-WG or VWRAP). John _______________________________________________ ogpx mailing list ogpx@ietf.org https://www.ietf.org/mailman/listinfo/ogpx _______________________________________________ ogpx mailing list ogpx@ietf.org https://www.ietf.org/mailman/listinfo/ogpx
- [ogpx] Cable Beach + VWRAP update Hurliman, John
- Re: [ogpx] Cable Beach + VWRAP update Morgaine
- Re: [ogpx] Cable Beach + VWRAP update Carlo Wood
- Re: [ogpx] Cable Beach + VWRAP update Carlo Wood
- Re: [ogpx] Cable Beach + VWRAP update Carlo Wood
- Re: [ogpx] Cable Beach + VWRAP update Suzy Deffeyes
- Re: [ogpx] Cable Beach + VWRAP update David W Levine
- Re: [ogpx] Cable Beach + VWRAP update David W Levine
- Re: [ogpx] Cable Beach + VWRAP update Hurliman, John
- Re: [ogpx] Cable Beach + VWRAP update Hurliman, John
- Re: [ogpx] Cable Beach + VWRAP update Morgaine
- Re: [ogpx] Cable Beach + VWRAP update Morgaine
- Re: [ogpx] Cable Beach + VWRAP update Carlo Wood
- Re: [ogpx] Cable Beach + VWRAP update Morgaine
- Re: [ogpx] Cable Beach + VWRAP update Carlo Wood
- Re: [ogpx] Cable Beach + VWRAP update Morgaine