IETF Logo Mail Archive

Re: [ogpx] Protocol for permitting policy decisions

David W Levine <dwl@us.ibm.com> Mon, 05 October 2009 20:32 UTC

Return-Path: <dwl@us.ibm.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 17C763A6A36; Mon, 5 Oct 2009 13:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.794
X-Spam-Level:
X-Spam-Status: No, score=-5.794 tagged_above=-999 required=5 tests=[AWL=0.804, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FcgsygYiAIqk; Mon, 5 Oct 2009 13:32:05 -0700 (PDT)
Received: from e4.ny.us.ibm.com (e4.ny.us.ibm.com [32.97.182.144]) by core3.amsl.com (Postfix) with ESMTP id 3C67B3A6A34; Mon, 5 Oct 2009 13:32:05 -0700 (PDT)
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e4.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id n95KQGlV013891; Mon, 5 Oct 2009 16:26:16 -0400
Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n95KXe5h189980; Mon, 5 Oct 2009 16:33:40 -0400
Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n95KXdsn013036; Mon, 5 Oct 2009 16:33:39 -0400
Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av01.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n95KXdco013027; Mon, 5 Oct 2009 16:33:39 -0400
In-Reply-To: <3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se> <3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com>
To: Infinity Linden <infinity@lindenlab.com>
MIME-Version: 1.0
X-KeepSent: E55CFEA3:6AD0DA74-85257646:006FC774; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
Message-ID: <OFE55CFEA3.6AD0DA74-ON85257646.006FC774-85257646.0070F176@us.ibm.com>
From: David W Levine <dwl@us.ibm.com>
Date: Mon, 05 Oct 2009 16:33:38 -0400
X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Build V851_08302009|August 30, 2009) at 10/05/2009 16:33:39, Serialize complete at 10/05/2009 16:33:39
Content-Type: multipart/alternative; boundary="=_alternative 0070F17685257646_="
Cc: ogpx-bounces@ietf.org, "ogpx@ietf.org" <ogpx@ietf.org>, Magnus Zeisig <magnus.zeisig@iis.se>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2009 20:32:07 -0000

I want to point out an important related concept for much of this 
discussion. 

If one's goal is to *know* that someone actually is following a policy one 
has, especially a policy with real world implications, the process has to 
ground out in provable statements. 
In fact, for cases where the policy covers legal liabilities, it has to 
ground out in legally meaningful stuff. I studied distributed systems, not 
law, so don't take any of this as a legal pronouncement,
but.. If I'm going to trust a third party Agent Domain to tell me 
something that has legal consequences, I'm probably going to want that 
statement tied down with a digital signature or similar
proof, that links to a real world document. 

So.. My personal suspicion is that what we'll see comes much closer to 
this:

"In order to have rights beyond "guest" on this region, you, or your agent 
domain, on your behalf, needs to have signed the TOS document. I will 
demand a digitally signed proof of this, as metadata when you 
request acess to my region."

- David
~ Zha






Infinity Linden <infinity@lindenlab.com> 
Sent by: ogpx-bounces@ietf.org
10/05/2009 03:39 PM

To
Magnus Zeisig <magnus.zeisig@iis.se>
cc
"ogpx@ietf.org" <ogpx@ietf.org>
Subject
Re: [ogpx] Protocol for permitting policy decisions






right. this is similar to what i was talking about in one of the
previously mentioned options. i mentioned that the region might need
to call back into the agent domain to get more information about a
particular agent. to me it looks like you're suggesting a two-message
handshake instead of the region turning around and querying the agent
domain.

lemme draw some diagrams:

"name" and "age" are bits of data that, like you might expect, are an
account identifier and the account holder's age. "rez cap" is the
capability used to establish the agent's presence in that region. "age
> X? cap" is a capability granted to the agent domain that's supposed
to be used by the agent domain only if the agent domain agrees that
the account holder is older than X.

option 1: information push

AD ------------ ( name, age ) ---------> RD
AD <------------- (rez cap) ------------ RD

option 2: RD queries the AD

AD --------------- (name) -------------> RD
AD <----- (is name older than X?) ------ RD
AD -------------- (yes/no) ------------> RD
AD <------------ (rez cap) ------------- RD

option 3: multi-message handshake

AD --------------- (name) -------------> RD
AD <-------- (X, age > X? cap) --------- RD

AD ------------------------------------> RD (age > X? cap)
AD <------------ (rez cap) ------------- RD


option 3 here is my attempt to model what magnus is talking about, but
with a RESTful capability system.

-cheers
-meadhbh

On Mon, Oct 5, 2009 at 1:55 AM, Magnus Zeisig <magnus.zeisig@iis.se> 
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> If I register with an agent domain, or authentication service, whichever
> should be the proper name for it, I will most probably hand them some 
pieces
> of information about myself that I don't want disseminated to anyone.
> Therefore, I think the protocol for granting access to regions and other
> services should not include such information explicitly, but rather let 
the
> agent domain/authentication service just answer questions from the other
> domain/service if the parameters are within acceptable range.
>
> Instead of the revealing (meta-handshake):
>
> Agent domain:
> request access for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
> age: 18
> gender: male
> sexuality: bi
> country: pt
> languages: pt, es, en, de
> length: 1.82
> weight: 122
> color of socks: blue
>
> Region domain:
> access granted for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
> The handshake should instead be:
>
> Agent domain:
> request access for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
> Region domain:
> require parameter values
> languages: es AND (de OR hb OR ru)
> length: [1.21-2.42]
> color of socks: pink OR blue OR black
> hairdo: shaved OR ponytail
>
> Agent domain:
> required parameter values
> languages: yes
> length: yes
> color of socks: yes
> hairdo: n/a
>
> After which the region domain might decide that the missing hairdo 
parameter
> is not crucial and grant access, or refuse access because of it:
>
> Region domain:
> access denied for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
> This has the benefit of permitting service providers to require what 
user
> parameters they think are important, be it age or color of socks, but 
the
> disadvantage of some extra overhead and the risk of balkanization 
because of
> requirements of "odd" parameters only supported by few services. The 
latter,
> however, I believe will become self-eliminating, because such services 
will
> probably not find many users. Either way, I don't think the protocol in
> itself should require any particular parameters, like age or color of 
socks,
> just provide the means to communicate any parameters, and perhaps 
suggest a
> list of possible, but not required, parameters and formats for values, 
like
> options, ranges and enumerations. The same kind of handshake could also 
be
> used when requesting access to asset services and the like, even if
> parameters like "object types" and "ip agreements" may be more important
> than "color of socks" there.
>
> Best regards,
>
> Magnus
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 9.8.3 (Build 4028)
> Charset: utf-8
>
> wsBVAwUBSsm0cO5MlU9XyaiSAQgEgAgAiNiznZa4fJN+iIm4Lul4iUpPNytexn9g
> rJWLZ4oevewngvSCOwhslseXKN+OTCUpSPq0vGxRIl58n+u9P56q0X4pYBZ5wsqc
> YAPdd6zGtQpR+21XQ8oWM948LEdGxba8mNO1gDygqtIyx0suBYkvYUWyYitwlDpu
> ofvDew+JT140ApmX/d1dTyglxyYv6qnDf8iDsHsNiWYI1ImB5a/hvPK0TkCVFvzr
> vLXfL5BfCXK0I3tJbLpv/OoUFEn5/emzehu3uavuQfQqQM0uBpw8WVSQGXqZziKb
> 6i8YpDvBrIkNL4syGhmAs7ZLUqpZEfoWq2LbGasqhVMmDCBkakrPpg==
> =H2Fj
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>
_______________________________________________
ogpx mailing list
ogpx@ietf.org
https://www.ietf.org/mailman/listinfo/ogpx

v2.23.0 | Report a Bug | By Email