[ogpx] Protocol for permitting policy decisions
Magnus Zeisig <magnus.zeisig@iis.se> Mon, 05 October 2009 08:53 UTC
Return-Path: <magnus.zeisig@iis.se>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC6343A6774 for <ogpx@core3.amsl.com>; Mon, 5 Oct 2009 01:53:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.905
X-Spam-Level:
X-Spam-Status: No, score=-4.905 tagged_above=-999 required=5 tests=[AWL=-1.257, BAYES_50=0.001, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O+iWoN1havs9 for <ogpx@core3.amsl.com>; Mon, 5 Oct 2009 01:53:50 -0700 (PDT)
Received: from cleaner.prod.iis.se (cleaner.prod.iis.se [212.247.7.212]) by core3.amsl.com (Postfix) with ESMTP id 01AE83A6892 for <ogpx@ietf.org>; Mon, 5 Oct 2009 01:53:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by cleaner.prod.iis.se (Postfix) with ESMTP id 4B930A801D; Mon, 5 Oct 2009 08:55:20 +0000 (UTC)
Received: from cleaner.prod.iis.se ([127.0.0.1]) by localhost (cleaner.prod.iis.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03939-01; Mon, 5 Oct 2009 08:55:14 +0000 (UTC)
Received: from pgpkeys.office.nic.se (pgpkeys.office.nic.se [212.247.204.14]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by cleaner.prod.iis.se (Postfix) with ESMTP id 8EB22A8017 for <ogpx@ietf.org>; Mon, 5 Oct 2009 08:55:14 +0000 (UTC)
Received: from EXCH2K7HUB-BRG.office.nic.se ([212.247.3.5]) by pgpkeys.office.nic.se (PGP Universal service); Mon, 05 Oct 2009 10:55:14 +0200
X-PGP-Universal: processed; by pgpkeys.office.nic.se on Mon, 05 Oct 2009 10:55:14 +0200
Received: from Exchange2k7.office.nic.se ([169.254.1.222]) by EXCH2K7HUB-BRG.office.nic.se ([212.247.3.5]) with mapi; Mon, 5 Oct 2009 10:55:13 +0200
From: Magnus Zeisig <magnus.zeisig@iis.se>
To: "ogpx@ietf.org" <ogpx@ietf.org>
Date: Mon, 05 Oct 2009 10:55:12 +0200
Thread-Topic: Protocol for permitting policy decisions
Thread-Index: AcpFmYY7rtB6bOoDTWi+fAneeDEo7Q==
Message-ID: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se>
Accept-Language: sv-SE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-pgp-encoding-version: 2.0.2
x-pgp-mapi-encoding-version: 2.5.0
x-pgp-encoding-format: Partitioned
x-pgp-universal-saved-content-codepage: utf-8
acceptlanguage: sv-SE
MIME-Version: 1.0
Content-Language: sv-SE
Content-Type: multipart/alternative; boundary="_000_983F17705339E24699AA251B458249B50CC48CAEBFEXCHANGE2K7of_"
X-Virus-Scanned: Debian amavisd-new at cleaner.prod.iis.se
Subject: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2009 08:53:51 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 If I register with an agent domain, or authentication service, whichever should be the proper name for it, I will most probably hand them some pieces of information about myself that I don't want disseminated to anyone. Therefore, I think the protocol for granting access to regions and other services should not include such information explicitly, but rather let the agent domain/authentication service just answer questions from the other domain/service if the parameters are within acceptable range. Instead of the revealing (meta-handshake): Agent domain: request access for user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org age: 18 gender: male sexuality: bi country: pt languages: pt, es, en, de length: 1.82 weight: 122 color of socks: blue Region domain: access granted for user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org The handshake should instead be: Agent domain: request access for user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org Region domain: require parameter values languages: es AND (de OR hb OR ru) length: [1.21-2.42] color of socks: pink OR blue OR black hairdo: shaved OR ponytail Agent domain: required parameter values languages: yes length: yes color of socks: yes hairdo: n/a After which the region domain might decide that the missing hairdo parameter is not crucial and grant access, or refuse access because of it: Region domain: access denied for user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org This has the benefit of permitting service providers to require what user parameters they think are important, be it age or color of socks, but the disadvantage of some extra overhead and the risk of balkanization because of requirements of "odd" parameters only supported by few services. The latter, however, I believe will become self-eliminating, because such services will probably not find many users. Either way, I don't think the protocol in itself should require any particular parameters, like age or color of socks, just provide the means to communicate any parameters, and perhaps suggest a list of possible, but not required, parameters and formats for values, like options, ranges and enumerations. The same kind of handshake could also be used when requesting access to asset services and the like, even if parameters like "object types" and "ip agreements" may be more important than "color of socks" there. Best regards, Magnus -----BEGIN PGP SIGNATURE----- Version: 9.8.3 (Build 4028) Charset: utf-8 wsBVAwUBSsm0cO5MlU9XyaiSAQgEgAgAiNiznZa4fJN+iIm4Lul4iUpPNytexn9g rJWLZ4oevewngvSCOwhslseXKN+OTCUpSPq0vGxRIl58n+u9P56q0X4pYBZ5wsqc YAPdd6zGtQpR+21XQ8oWM948LEdGxba8mNO1gDygqtIyx0suBYkvYUWyYitwlDpu ofvDew+JT140ApmX/d1dTyglxyYv6qnDf8iDsHsNiWYI1ImB5a/hvPK0TkCVFvzr vLXfL5BfCXK0I3tJbLpv/OoUFEn5/emzehu3uavuQfQqQM0uBpw8WVSQGXqZziKb 6i8YpDvBrIkNL4syGhmAs7ZLUqpZEfoWq2LbGasqhVMmDCBkakrPpg== =H2Fj -----END PGP SIGNATURE-----
- [ogpx] Protocol for permitting policy decisions Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Siobhan
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Joshua Bell
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- [ogpx] VWRAP future (mostly out of protocol rambl… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Joshua Bell
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] VWRAP future (mostly out of protocol r… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca