Re: [ogpx] Protocol for permitting policy decisions
Meadhbh Hamrick <meadhbh.siobhan@gmail.com> Wed, 07 October 2009 20:56 UTC
Return-Path: <meadhbh.siobhan@gmail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 547AF28C0D9 for <ogpx@core3.amsl.com>;
Wed, 7 Oct 2009 13:56:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.533
X-Spam-Level:
X-Spam-Status: No, score=-2.533 tagged_above=-999 required=5 tests=[AWL=0.066,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMMjGt8ULtza for
<ogpx@core3.amsl.com>; Wed, 7 Oct 2009 13:56:35 -0700 (PDT)
Received: from mail-pz0-f174.google.com (mail-pz0-f174.google.com
[209.85.222.174]) by core3.amsl.com (Postfix) with ESMTP id 5AF8428C0F0 for
<ogpx@ietf.org>; Wed, 7 Oct 2009 13:56:35 -0700 (PDT)
Received: by pzk4 with SMTP id 4so1662861pzk.32 for <ogpx@ietf.org>;
Wed, 07 Oct 2009 13:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:cc:content-type;
bh=mflA4enIJ4gPQ3TyFNvDseF5eNKMpsnLLfUc62jGAnk=;
b=RxirIBI2oHQVzTA6RolLQCD0JNhnQTQKj3nNu0zoPSpYLslgcyXf6HcTfgVfm8uF/s
COo/+jFpquUwmirETSSPbB5OO2+XIwM0pW1lv/1Nc97g0cPsO1m7rDp00xD3KerfRx4v
rgiJHxiY3Y6G0T3npOXTR6gDuDbrUw0jbtZKQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
b=AT2L7Qam5EO23NGnSUcgfbER5dJay4+0vhtXR2kAr1omjLtgz2Jiu2jlN+gC4fe0vJ
BvOJEJRDJb7AA7zgH6yhk7T+P4JTjlTrqTvP6jcuYxgw9tCbmRLwtmdZE2s16p7ZfPsS
3BJSYxNJaGkg4EqayCwrqReskCBKx2yjjqyNA=
MIME-Version: 1.0
Received: by 10.115.117.13 with SMTP id u13mr601290wam.150.1254949093452;
Wed, 07 Oct 2009 13:58:13 -0700 (PDT)
In-Reply-To: <20091007203535.GA13882@alinoe.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se>
<3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com>
<20091007203535.GA13882@alinoe.com>
Date: Wed, 7 Oct 2009 13:58:13 -0700
Message-ID: <b8ef0a220910071358x17b14245k671d5d41ebdf9ac7@mail.gmail.com>
From: Meadhbh Hamrick <meadhbh.siobhan@gmail.com>
To: Carlo Wood <carlo@alinoe.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Infinity Linden <infinity@lindenlab.com>, "ogpx@ietf.org" <ogpx@ietf.org>,
Magnus Zeisig <magnus.zeisig@iis.se>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 20:56:36 -0000
hmm.. okay. i like where we're headed here. carlo, what you're recommending is similar enough to the use of a seed capability we could almost call it the same design pattern. i like the idea of the AD tell the RD something like, "hey... here's a list of keywords describing concepts i'm concerned about." then having the RD respond, "oh! you're concerned about <FOO>, well lemme tell you about <FOO>." and then having the AD decide whether or not the RD's values for FOO violate it's policy. however. i'm not entirely certain we (linden) would use it all the time, and here's why. the model we've been proposing is that AD's would negotiate deals with RD providers and specify requirements and policies in excruciating detail in legal documents. we would then use the name (domain name or subject name from the client cert) to lookup what we think the policy would be, and then act on it. but... i still like this scheme because a) it's really similar to the way seed caps work, b) it adds flexibility to our system(s), and c) it does what i was hoping... gives the AD the ability to make policy decisions (like am i going to let this 15 year old user access material that may land me in hot water with the local authorities.) so... what we could do is make the request optional, but the response manditory. this would mean we could still use the deployment model listed above, but the "tourist" model can use the request. (i'm using the term "tourist model" to mean where someone's AD attempts to place an avatar in a region the AD does not have a previous trust relationship with.) On Wed, Oct 7, 2009 at 1:35 PM, Carlo Wood <carlo@alinoe.com> wrote: > On Mon, Oct 05, 2009 at 12:39:32PM -0700, Infinity Linden wrote: >> option 3: multi-message handshake >> >> AD --------------- (name) -------------> RD >> AD <-------- (X, age > X? cap) --------- RD >> >> AD ------------------------------------> RD (age > X? cap) >> AD <------------ (rez cap) ------------- RD > > Note, again, the need for a flexible protocol negotiation: > we can't know, already, what all will be needed. > > Nevertheless, the more flexibility the better imho. > I'd prefer to see this: > > AD ------(name, <list with keywords>) -----------> RD > AD <-----(name, <list with keywords + ranges>) --- RD > AD ------(name, yes/no)--------------------------> RD > AD <-----(rez cap) ------------------------------- RD > > Where VWRAP will not define what keywords are possible. > > However, implementers might, for example, choose to use 'AGE' as keyword > with an integer range, leading to a msg exchange like > > AD ------(name, (AGE)) -----------> RD > AD <-----(name, (AGE, 21)) -------- RD > AD ------(name, yes)--------------> RD > AD <-----(rez cap) ---------------- RD > > or some might implement > > AD ------(name, (AGE, LIKES_BUNNIES)) -----------> RD > AD <-----(name, (AGE, 13), YES) ------------------ RD > AD ------(name, yes, yes)------------------------> RD > AD <-----(rez cap) ------------------------------- RD > > For privacy reasons, I think it would suffice to > just send the AND of all 'yes's, thus: > > AD ------(name, (AGE, LIKES_BUNNIES)) -----------> RD > AD <-----(name, (AGE, 13), YES) ------------------ RD > AD ------(name, yes)-----------------------------> RD > AD <-----(rez cap) ------------------------------- RD > > or, > > AD ------(name, (AGE, LIKES_BUNNIES)) -----------> RD > AD <-----(name, (AGE, 13), DONTCARE) ------------- RD > AD ------(name, yes)-----------------------------> RD > AD <-----(rez cap) ------------------------------- RD > > Again, neither 'AGE' nor 'LIKES_BUNNIES', would be defined by us, > but we would define how to handle integer ranges, booleans, > don't cares, string literals, and perhaps regular expressions. > > -- > Carlo Wood <carlo@alinoe.com> > _______________________________________________ > ogpx mailing list > ogpx@ietf.org > https://www.ietf.org/mailman/listinfo/ogpx >
- [ogpx] Protocol for permitting policy decisions Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Siobhan
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Joshua Bell
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- [ogpx] VWRAP future (mostly out of protocol rambl… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Joshua Bell
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] VWRAP future (mostly out of protocol r… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca