[ogpx] Policy between services
David W Levine <dwl@us.ibm.com> Sun, 04 October 2009 21:25 UTC
Return-Path: <dwl@us.ibm.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03E3F3A67A3; Sun, 4 Oct 2009 14:25:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.667
X-Spam-Level:
X-Spam-Status: No, score=-2.667 tagged_above=-999 required=5 tests=[AWL=-2.483, BAYES_40=-0.185, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZEQ6cmzTspY; Sun, 4 Oct 2009 14:25:32 -0700 (PDT)
Received: from e7.ny.us.ibm.com (e7.ny.us.ibm.com [32.97.182.137]) by core3.amsl.com (Postfix) with ESMTP id B8CF93A677E; Sun, 4 Oct 2009 14:25:31 -0700 (PDT)
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e7.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id n94LOM9F018407; Sun, 4 Oct 2009 17:24:22 -0400
Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n94LQvKu245900; Sun, 4 Oct 2009 17:26:57 -0400
Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n94LNatN025914; Sun, 4 Oct 2009 17:23:36 -0400
Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av02.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n94LNafj025911; Sun, 4 Oct 2009 17:23:36 -0400
In-Reply-To: <e0b04bba0910041234m281838jdf9fbb1b0c138008@mail.gmail.com>
References: <e0b04bba0909291751g157d2043g1c15e8d8ac417ccf@mail.gmail.com> <3a880e2c0910020932t5995c477qb0d798de1c2653f6@mail.gmail.com> <20091003192159.GA7474@alinoe.com> <e0b04bba0910031452o2a497effi57c4e92f8902b5df@mail.gmail.com> <20091003222118.GA16290@alinoe.com> <e0b04bba0910031633k2127d996v5ef5d3f356623a69@mail.gmail.com> <4646639E08F58B42836FAC24C94624DD771A0D8236@GVW0433EXB.americas.hpqcorp.net> <9b8a8de40910040421y41314922o4c5242c77941af4c@mail.gmail.com> <6.2.5.6.2.20091004072856.031ac940@resistor.net> <9b8a8de40910041146h4c8e8bbdt2176ee143ec6656b@mail.gmail.com> <e0b04bba0910041234m281838jdf9fbb1b0c138008@mail.gmail.com>
To: Morgaine <morgaine.dinova@googlemail.com>
MIME-Version: 1.0
X-KeepSent: 4CD5B4C5:5E22B3C8-85257645:006F25DB; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
Message-ID: <OF4CD5B4C5.5E22B3C8-ON85257645.006F25DB-85257645.0075D2ED@us.ibm.com>
From: David W Levine <dwl@us.ibm.com>
Date: Sun, 04 Oct 2009 17:26:57 -0400
X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Build V851_08302009|August 30, 2009) at 10/04/2009 17:26:57, Serialize complete at 10/04/2009 17:26:57
Content-Type: multipart/alternative; boundary="=_alternative 0075D2EA85257645_="
Cc: ogpx-bounces@ietf.org, ogpx@ietf.org
Subject: [ogpx] Policy between services
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2009 21:25:33 -0000
I've changed the subject, because the thread drift has become brutal I want to make a couple of points, one of, something akin to etiquette. Lets start there. I don't think it advances our technical agenda when we start dragging in philosophical, political and cultural issues around some of the use cases people are advancing. One persons abhorred policy is another's legally required to stay in business use case. We also need to be careful to separate the use cases, such as "I don't want people who haven't passed some form of age verification accessing some virtual spaces" from possible mechanisms for achieving those use cases. It is also worth keeping in mind the limitations of what we can express in a protocol and what mechanisms we have for allowing services to express and manage policy. At the end of the day the policy enforcement points are primarily when either: 1) first contact is made with a cluster of services, where meta-data is included in the request, and based on this, and policy, caps are granted (or not) and meta-data is associated with those caps. This is one of the nice bits of a cap grant, it permits a policy decision to be made once, and encapsulated in the cap(s) granted. 2) at invocation of a cap, mediated by meta-data associated with the request. This is notably more expensive, as it requires the check to be made in all cases, but it provides a finer grained policy enforcement scheme. Also note protocol is unlikely to directly encode complex, "semantic" concepts such as "age-verified." They are far more likely to permit set of deploys to define mechanisms for making (and possibly in some cases verifying) properties of the users they represent This is rather like the point made by several people, a distinction between having the spots to carry the information, and mandating the contents of those slots. The nice thing about LLSD protocol elements is that they are easily extensible. if we say "Here is where a set of properties that the authenticating service vouches for about the user go" we can stop there, and allow the community to define the properties they care about. We also need to recognize the limits of any specification. We describe mechanisms to enable interoperability. We cannot mandate how people extend those mechanisms nor deployment choices they make, nor policy choices they make which are beyond those defined in the specifications. Lastly, for better or worse, some of the use cases involved in policy effectively are about linking a real world legal contract with the use of services. We're not going to flow protocol elements which are legal contracts, but.. we may well end up using things like PKI to prove the a given end user or service is in procession of a proof token for having signed a specific legal document . In this case, less a matter of defining the mechanisms as much as leveraging existing ones. - David Levine ~ Zha Ewry
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Kari Lippert
- [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Charles Krinke
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- [ogpx] Fwd: VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] Fwd: VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] Fwd: VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] Fwd: VWRAP Draft Charter - 2009 09 01 Meadhbh Siobhan
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Charles Krinke
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Charles Krinke
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 David W Levine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 David W Levine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Charles Krinke
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Joshua Bell
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Dickson, Mike (ISS Software)
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Dickson, Mike (ISS Software)
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 SM
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Dickson, Mike (ISS Software)
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Dickson, Mike (ISS Software)
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Vaughn Deluca
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- [ogpx] Policy between services David W Levine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 SM
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Infinity Linden
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Morgaine
- Re: [ogpx] VWRAP Draft Charter - 2009 09 01 Carlo Wood