IETF Logo Mail Archive

Re: [ogpx] Protocol for permitting policy decisions

Carlo Wood <carlo@alinoe.com> Wed, 07 October 2009 20:46 UTC

Return-Path: <carlo@alinoe.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A0C13A6991; Wed, 7 Oct 2009 13:46:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.202
X-Spam-Level:
X-Spam-Status: No, score=-1.202 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b-ob+5wRL3bm; Wed, 7 Oct 2009 13:46:19 -0700 (PDT)
Received: from viefep14-int.chello.at (viefep14-int.chello.at [62.179.121.34]) by core3.amsl.com (Postfix) with ESMTP id 9C5CC3A67F3; Wed, 7 Oct 2009 13:46:18 -0700 (PDT)
Received: from edge01.upc.biz ([192.168.13.236]) by viefep14-int.chello.at (InterMail vM.7.09.01.00 201-2219-108-20080618) with ESMTP id <20091007204758.YFPB20477.viefep14-int.chello.at@edge01.upc.biz>; Wed, 7 Oct 2009 22:47:58 +0200
Received: from mail9.alinoe.com ([77.250.43.12]) by edge01.upc.biz with edge id pwnv1c06b0FlQed01wnxgX; Wed, 07 Oct 2009 22:47:58 +0200
X-SourceIP: 77.250.43.12
Received: from carlo by mail9.alinoe.com with local (Exim 4.69) (envelope-from <carlo@alinoe.com>) id 1MvdRl-0002S7-Gm; Wed, 07 Oct 2009 22:49:17 +0200
Date: Wed, 7 Oct 2009 22:49:17 +0200
From: Carlo Wood <carlo@alinoe.com>
To: Magnus Zeisig <magnus.zeisig@iis.se>
Message-ID: <20091007204917.GB13882@alinoe.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se> <3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com> <OFE55CFEA3.6AD0DA74-ON85257646.006FC774-85257646.0070F176@us.ibm.com> <3a880e2c0910051638p393b20d1vc12763b59ae17e00@mail.gmail.com> <983F17705339E24699AA251B458249B50CC48CB1CB@EXCHANGE2K7.office.nic.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <983F17705339E24699AA251B458249B50CC48CB1CB@EXCHANGE2K7.office.nic.se>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: Infinity Linden <infinity@lindenlab.com>, "ogpx-bounces@ietf.org" <ogpx-bounces@ietf.org>, "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 20:46:20 -0000

I think this would require too much detail of 'filtering' parameters
to go into the actual protocol.

On Tue, Oct 06, 2009 at 12:02:09PM +0200, Magnus Zeisig wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>  
> I try to follow the philosophical discussions on this list, but I must admit
> I'm probably a too much down to earth tech guy to fully appreciate them.
> Therefore, it's possible I miss some of the fine nuances or problems in them.
> My basic interest is trying to translate the problems I see into (meta)
> protocol. Exact nomenclature and syntax, e.g. "domain" or "service", "access"
> or "caps", I prefer leaving to those better called to define it. I hope this
> doesn't cause too much confusion.
>  
> My basic suggestion of a handshake protocol permitting policy decisions (http:/
> /www.ietf.org/mail-archive/web/ogpx/current/msg00475.html) could (strictly
> technically) handle the debated issues of authentication, "adult content" and
> TOSes:
>  
> Agent domain:
> request access for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>  
> Region domain:
> require parameter values for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
> authentication: PASSPORT OR USSSN OR EUID OR JPVER
> accept adult content: YES
> accept nudity: YES
> accept sexual acts: YES
> accept profane language: YES
> terms of service: ((FRLAWINFO2006:128 AND EULAWIP2008:2) OR USLAWTELECOM2005:1)
> AND (VWTOS1.2 OR MVTOS2.3 OR MYTOS1.0)
> user signature: TOKEN
>  
> Agent domain:
> required parameter values for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
> authentication: yes
> accept adult content: yes
> accept nudity: yes
> accept sexual acts: yes
> accept profane language: no
> terms of service: yes
> user signature: 238158-2356257-238658-23596
>  
> Region domain:
> access denied for
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
> (outside protocol: since not accepting profane language)
>  
> Using this method, one could decide to let the agent domain manage the
> acceptance of "adult content" entirely, by the region domain not asking for age
> but let the agent domain automatically set accept for e.g. "adult content",
> "nudity", "sexual acts" and "profane language" to NO for those underage and as
> options YES/NO for those of age. One could also either ask for acceptance of
> "adult content" in general or for more specific parameters often associated
> with "adult content", giving great flexibility in policy making. But once
> again, that is policy outside protocol level.

but what is the mature age is a function of country, and thus region,
not agent domain. Adding to the protocol the notion of 'adult', so that
the RD can ask the AD 'is this person an adult?' won't work for that
reason.

Better to ask the AD, 'does the age of the person fall in this range?',
and even better to not define 'age' in the protocol, but just describe
how the RD can ask for 'does X falls into this range', where the AD
first tells the RD that it supports X (see my previous post).

>  
> Best regards,
>  
> Magnus
>  
> - -----Ursprungligt meddelande-----
> Från: Infinity Linden [mailto:infinity@lindenlab.com]
> Skickat: den 6 oktober 2009 01:39
> Till: David W Levine
> Kopia: Magnus Zeisig; ogpx@ietf.org; ogpx-bounces@ietf.org
> Ämne: Re: [ogpx] Protocol for permitting policy decisions
>  
> On Mon, Oct 5, 2009 at 1:33 PM, David W Levine <dwl@us.ibm.com> wrote:
>  
>  
>  
>         "In order to have rights beyond "guest" on this region, you, or your
> agent domain, on your behalf, needs to have signed the TOS document. I will
> demand a digitally signed proof of this, as metadata when you
>         request acess to my region."
>        
>         - David
>         ~ Zha
>        
>        
>  
>  
> i think i grok what you're trying to say here, but i would also add... "a given
> agent domain MAY choose to deny you ANY service (including anonymous or guest
> access) if you don't provide some form of authenticator and assert that you
> have read and understand the domains terms of use."
>  
> - -cheers
> - -meadhbh
>  
>  
> -----BEGIN PGP SIGNATURE-----
> Version: 9.8.3 (Build 4028)
> Charset: utf-8
>  
> wsBVAwUBSssVoe5MlU9XyaiSAQjgswgApysemtDE8npKhTSCUGHMxFnGxsdUvJfs
> /4z6Iribd7w2lmD20cx8xUB1/ojV5ABEEArCRdJmWbf5aGHBeF8nrv8cxlFOxWYB
> 37cZmEY7zAwbY6XNGB0NIpG2rnZWSW9sGJUOwVs4lW/DJKcDmuqgywtwtl5705u8
> W3G8y06I4sek/oukgGczqBBIG2Zny1qgbP/fr2AsewrHXYfYlMN2HnmzxQR60vry
> wJuV+gBe8RVC/ppHH+carOLMTmwZP8jbGnCy3+wUwI5H8+QbUuptdYNnJ8Fw0F/u
> yC2IesKerMmIlF0Z2Q93GyzGo02mn4dviLINYZ0M9kNYXhEe3OkypQ==
> =S0LC
> -----END PGP SIGNATURE-----
>  
>  

> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx


-- 
Carlo Wood <carlo@alinoe.com>

v2.8.7 | Report a Bug | By Email