IETF Logo Mail Archive

Re: [ogpx] Protocol for permitting policy decisions

David W Levine <dwl@us.ibm.com> Fri, 09 October 2009 04:15 UTC

Return-Path: <dwl@us.ibm.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC55728C1B1; Thu, 8 Oct 2009 21:15:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.72
X-Spam-Level:
X-Spam-Status: No, score=-5.72 tagged_above=-999 required=5 tests=[AWL=0.878, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXbqFA23Nss7; Thu, 8 Oct 2009 21:15:08 -0700 (PDT)
Received: from e6.ny.us.ibm.com (e6.ny.us.ibm.com [32.97.182.146]) by core3.amsl.com (Postfix) with ESMTP id 1B83128C1B0; Thu, 8 Oct 2009 21:15:08 -0700 (PDT)
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e6.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id n994LfhQ002705; Fri, 9 Oct 2009 00:21:41 -0400
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n994GjuO250318; Fri, 9 Oct 2009 00:16:45 -0400
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n994Gi6S029340; Fri, 9 Oct 2009 00:16:44 -0400
Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av04.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n994GipF029335; Fri, 9 Oct 2009 00:16:44 -0400
In-Reply-To: <e0b04bba0910082110r120148e7ua6975a110890651a@mail.gmail.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se> <3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com> <20091007203535.GA13882@alinoe.com> <983F17705339E24699AA251B458249B50CC48CB683@EXCHANGE2K7.office.nic.se> <e0b04bba0910080241x548b6ff9tbc558aaa069b15be@mail.gmail.com> <20091008235638.GE13882@alinoe.com> <e0b04bba0910082110r120148e7ua6975a110890651a@mail.gmail.com>
To: Morgaine <morgaine.dinova@googlemail.com>
MIME-Version: 1.0
X-KeepSent: AF7E773D:828624D6-8525764A:001736F4; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
Message-ID: <OFAF7E773D.828624D6-ON8525764A.001736F4-8525764A.0017813A@us.ibm.com>
From: David W Levine <dwl@us.ibm.com>
Date: Fri, 9 Oct 2009 00:16:44 -0400
X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Build V851_08302009|August 30, 2009) at 10/09/2009 00:16:44, Serialize complete at 10/09/2009 00:16:44
Content-Type: multipart/alternative; boundary="=_alternative 001781368525764A_="
Cc: ogpx-bounces@ietf.org, "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 04:15:09 -0000

I actually kind of defy anyone to impose a policy on a separately hosted 
remote service. Policy is enforced locally, Attempting to make other 
software components obey a
policy you have is pretty much a non starter. You can request they do 
things, and you can insist they exhibit certain properties when choosing 
to interact with them, but
you get no say in their workings.  (Yes, there are systems with remote 
policy execution engines and such, but they still don't impose the 
policies on the services which use
them, the services chose to invoke them)

- David
~ Zha






Morgaine <morgaine.dinova@googlemail.com> 
Sent by: ogpx-bounces@ietf.org
10/09/2009 12:10 AM

To
"ogpx@ietf.org" <ogpx@ietf.org>
cc

Subject
Re: [ogpx] Protocol for permitting policy decisions






On Fri, Oct 9, 2009 at 12:56 AM, Carlo Wood <carlo@alinoe.com> wrote:

Morgaine,

I'm pretty sure nobody on this list wants AD2 to be involved in anyway.


Yes, I think that everybody agrees with this, which is why I'm making sure 
that the implications are understood.

I am highlighting this point of logic very strongly so that it is clear to 
everyone that if we don't want AD2 to be consulted, then AD1 cannot be 
allowed to express region policy.  AT ALL.  EVER.  UNDER ANY 
CIRCUMSTANCES.

Because if AD1 is allowed to, then so is AD2, and hence AD2 will have to 
be consulted, :-)

I hope we can end this here with total agreement. :-)

I will however be referring back to this point if someone tries to give 
AD1 the power to set region policy over RD2.  If that happens, then we're 
back to consulting AD2, no alternative, because W2 is not in any way 
inferior to W1.

It's a crucial point, because it establishes a limit to the power of an AD
.  Think of it as a mini Constitution. ;-)


Morgaine.








===================================


On Fri, Oct 9, 2009 at 12:56 AM, Carlo Wood <carlo@alinoe.com> wrote:
On Thu, Oct 08, 2009 at 10:41:54AM +0100, Morgaine wrote:
> Magnus,
>
> If ADs are involved in region policy, then in the multi-world deployment
> pattern, AD2 will have to be consulted when agent A1 teleports from RD1 
to RD2,
> because AD2 will be involved in region policy too.  It's symmetric with 
AD1.

Morgaine,

I'm pretty sure nobody on this list wants AD2 to be involved in anyway.
I'm also convinced that there is some misunderstanding involved here,
and it would be good to correct that...

The following isn't consensus yet, but I feel it's basically the truth,
and written down here as such because at least it is simple:

In the end there are only services. Services can be grouped as 'domain'
to make clear they are run by the same authority and therefore likely
will have use the same policies, but for the sake of the protocol you
can ignore that.

There are several types of services, so far we only concentrated on two
types:

1) A region (R1, R2, ...)
2) An authentication service (A1, A2, ...)

in principle, every service can be run by a different authority and thus
have different policies.

One user only uses a single authentication service at a time, every other
authentication service is not relevant (for that user).

If a user wants to teleport from R1 to R2, while using A3, only A3 and R2
have a say in this.

The only say that A3 has is true or false: yes or no allow the user to go
to R2. Once the user gets into R2, no policy of A3 matters anymore.

It makes no sense whatsoever to group A's with R's for the sake of 
understanding
or designing the protocol.

For a teleport decision (or initial connect) only ONE Agent service and 
ONE
region are involved.

Almost every policy (of both parties) can be negotiated out of band,
yet some of us (including me) are arguing that we need to keep the 
possibility
open for a region to change some abstract policies (based on trusted 
information
from the agent service) more real-time. Here trust is needed in both 
directions:
the region must trust the agent service to answer it's questions correctly
and the agent service must trust the region not to fool it into allowing
users in that the agent service based on it's own policy doesn't want to
allow in.

--
Carlo Wood <carlo@alinoe.com>
_______________________________________________
ogpx mailing list
ogpx@ietf.org
https://www.ietf.org/mailman/listinfo/ogpx

v2.8.7 | Report a Bug | By Email