IETF Logo Mail Archive

Re: [ogpx] Protocol for permitting policy decisions

Infinity Linden <infinity@lindenlab.com> Mon, 05 October 2009 18:57 UTC

Return-Path: <infinity@lindenlab.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A037728C0F1 for <ogpx@core3.amsl.com>; Mon, 5 Oct 2009 11:57:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.794
X-Spam-Level:
X-Spam-Status: No, score=-1.794 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnD7VAZ4CiKL for <ogpx@core3.amsl.com>; Mon, 5 Oct 2009 11:57:47 -0700 (PDT)
Received: from mail-px0-f176.google.com (mail-px0-f176.google.com [209.85.216.176]) by core3.amsl.com (Postfix) with ESMTP id 1EF7D3A6A30 for <ogpx@ietf.org>; Mon, 5 Oct 2009 11:57:47 -0700 (PDT)
Received: by pxi6 with SMTP id 6so3758875pxi.32 for <ogpx@ietf.org>; Mon, 05 Oct 2009 11:59:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.66.15 with SMTP id o15mr31337wfa.145.1254769159990; Mon, 05 Oct 2009 11:59:19 -0700 (PDT)
In-Reply-To: <e0b04bba0910051054h2a20845ga968486f8532bff3@mail.gmail.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se> <4646639E08F58B42836FAC24C94624DD771A0D8521@GVW0433EXB.americas.hpqcorp.net> <e0b04bba0910051054h2a20845ga968486f8532bff3@mail.gmail.com>
Date: Mon, 5 Oct 2009 11:59:19 -0700
Message-ID: <3a880e2c0910051159o77ca380qc5e9534e01f444b1@mail.gmail.com>
From: Infinity Linden <infinity@lindenlab.com>
To: Morgaine <morgaine.dinova@googlemail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Cc: "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2009 18:57:48 -0000

On Mon, Oct 5, 2009 at 10:54 AM, Morgaine
<morgaine.dinova@googlemail.com> wrote:
> You're opening up a can of worms of biblical proportions here, Mike.
>
> What in hell's teeth is an "Adult only region"?

an adult only region is a region which contains content that may be
considered adult in nature. but again, this is a matter of policy, not
a matter of protocol. the protocol should be able to carry tags
protocol consumers can use to identify regions as having an "adult
nature."

> Who gets to define it?

probably a lawyer familiar with the case history of accessing adult
content on the internet. but again, this is a matter of policy, not a
matter of protocol. the protocol should be able to carry tags protocol
consumers can use to identify regions as having an "adult nature."

> Under what rules?

probably under rules radically similar to the ones currently used to
define operator's policies. VWRAP is a protocol, not a product. the
creation of a new protocol to carry information about virtual places
does not change international legal frameworks. but again, this is a
matter of policy, not a matter of protocol. the protocol should be
able to carry tags protocol consumers can use to identify regions as
having an "adult nature."

> In what legal jurisdiction?

probably under jurisdictions radically similar to the ones currently
used to define operator's policies. but again, this is a matter of
policy, not a matter of protocol. the protocol should be able to carry
tags protocol consumers can use to identify regions as having an
"adult nature."

> And those are just the
> simplest questions, pertaining to worlds that are merely reflections of the
> physical world.  What about virtual worlds that intentionally maintain
> separation from RL, bearing in mind the recent augmentism versus
> immersionism thread?

in many jurisdictions, the intent of the service operator is not
material to cases related to the distribution of adult content. but
again, this is a matter of policy, not a matter of protocol. the
protocol should be able to carry tags protocol consumers can use to
identify regions as having an "adult nature."

> Each immersionist's world is separate from all others,
> and your value judgements from elsewhere are not importable to those
> worlds.  What about fantasy worlds?

in many jurisdictions, the intent of the service operator is not
material to cases related to the distribution of adult content. but
again, this is a matter of policy, not a matter of protocol. the
protocol should be able to carry tags protocol consumers can use to
identify regions as having an "adult nature."

> Is a naked orc "Adult content"?

ugh. unfortunately, we won't know that until someone raises a legal
challenge which is either successfully defended against or
successfully prosecuted. some jurisdictions may simply restrict access
to content they do not like. but again, this is a matter of policy,
not a matter of protocol. the protocol should be able to carry tags
protocol consumers can use to identify regions as having an "adult
nature."

> How do you judge "Adult only" in a virtual world set in our distant future?

you don't. because we're talking about a protocol that can be used in
the near future. the distant future can take care of itself. but
again, this is a matter of policy, not a matter of protocol. the
protocol should be able to carry tags protocol consumers can use to
identify regions as having an "adult nature."

> How do you judge "Adult only" in a virtual world of aliens?

ugh. unfortunately, we won't know that until someone raises a legal
challenge which is either successfully defended against or
successfully prosecuted. some jurisdictions may simply restrict access
to content they do not like. but again, this is a matter of policy,
not a matter of protocol. the protocol should be able to carry tags
protocol consumers can use to identify regions as having an "adult
nature."

>What about in a  virtual world of classic art recreations in all their naked and educational
> glory?

ugh. unfortunately, we won't know that until someone raises a legal
challenge which is either successfully defended against or
successfully prosecuted. some jurisdictions may simply restrict access
to content they do not like. but again, this is a matter of policy,
not a matter of protocol. the protocol should be able to carry tags
protocol consumers can use to identify regions as having an "adult
nature."

> And there are probably another 500 questions like this one.

it's okay. bits are cheap.

> It's not just a can of worms.  It's totally unworkable, nothing more than
> theater, and verging on farce or comedy.  I bet that some readers here who
> are not exposed to recent events in Second Life may be wondering why this
> topic has even appeared in these discussions.

 the fact of the matter is that laws and regulations covering access
of "adult" material is a patchwork and is frequently difficult to
navigate. saying "it's difficult" and ignoring it (like you
recommended we do with security in the MMOX discussions) is not an
option. there are many people who want to use this protocol that want
a tool to help limit their exposure to legal liability.

> One particular world provider has implemented a ratings system within its
> own walled garden, and this has been confused with the requirements of
> interop outside of a walled garden.  Such ratings systems may be workable
> within a single managed domain in which the provider has total control over
> region spaces and asset services and can sanction individuals who break the
> rules, but it does not extrapolate to multiple worlds with separate Terms
> and Conditions, different jurisdictions, or varying cultures, even when
> they're all mirrors of the physical world.  Even less can it work or apply
> in the general case of immersionist virtual worlds.

very well then. how do you recommend virtual world operators shield
themselves from legal liability?

>
> This is extremely poorly considered, on numerous fronts.
>
> Authentication is more than enough for coarsely segregating highly
> restricted enclaves from the general mass of virtual worlds.  Going beyond
> that is simply unworkable across multiple separate virtual virtual worlds,
> when you look at the implications.
>
>
> Morgaine.
>
>
>
>
>
> ==================================
>
> On Mon, Oct 5, 2009 at 3:48 PM, Dickson, Mike (ISS Software)
> <mike.dickson@hp.com> wrote:
>>
>> I think Magnus’ message is a good synopsis of the requirements, IMO.  I
>> see a need to negotiate *both* capabilities and constraints in the protocol
>> where both should be ideally attributes in an extensible list (that is the
>> list isn’t hard coded in the protocol definition).  So, IMO, authentication
>> isn’t enough.  Beyond authenticating there’s an exchange around caps and
>> constraints that needs to take place.  I’d use that mechanism to handle
>> “Adult only” regions, membership in a group where the group is defined
>> outside the scope of the protocol, etc.
>>
>>
>>
>> Mike
>>
>>
>>
>> From: ogpx-bounces@ietf.org [mailto:ogpx-bounces@ietf.org] On Behalf Of
>> Magnus Zeisig
>> Sent: Monday, October 05, 2009 3:55 AM
>> To: ogpx@ietf.org
>> Subject: [ogpx] Protocol for permitting policy decisions
>>
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> Hash: SHA256
>>
>>
>>
>> If I register with an agent domain, or authentication service, whichever
>> should be the proper name for it, I will most probably hand them some pieces
>> of information about myself that I don't want disseminated to anyone.
>> Therefore, I think the protocol for granting access to regions and other
>> services should not include such information explicitly, but rather let the
>> agent domain/authentication service just answer questions from the other
>> domain/service if the parameters are within acceptable range.
>>
>>
>>
>> Instead of the revealing (meta-handshake):
>>
>>
>>
>> Agent domain:
>>
>> request access for
>>
>> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>>
>> age: 18
>>
>> gender: male
>>
>> sexuality: bi
>>
>> country: pt
>>
>> languages: pt, es, en, de
>>
>> length: 1.82
>>
>> weight: 122
>>
>> color of socks: blue
>>
>>
>>
>> Region domain:
>>
>> access granted for
>>
>> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>>
>>
>>
>> The handshake should instead be:
>>
>>
>>
>> Agent domain:
>>
>> request access for
>>
>> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>>
>>
>>
>> Region domain:
>>
>> require parameter values
>>
>> languages: es AND (de OR hb OR ru)
>>
>> length: [1.21-2.42]
>>
>> color of socks: pink OR blue OR black
>>
>> hairdo: shaved OR ponytail
>>
>>
>>
>> Agent domain:
>>
>> required parameter values
>>
>> languages: yes
>>
>> length: yes
>>
>> color of socks: yes
>>
>> hairdo: n/a
>>
>>
>>
>> After which the region domain might decide that the missing hairdo
>> parameter is not crucial and grant access, or refuse access because of it:
>>
>>
>>
>> Region domain:
>>
>> access denied for
>>
>> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>>
>>
>>
>> This has the benefit of permitting service providers to require what user
>> parameters they think are important, be it age or color of socks, but the
>> disadvantage of some extra overhead and the risk of balkanization because of
>> requirements of "odd" parameters only supported by few services. The latter,
>> however, I believe will become self-eliminating, because such services will
>> probably not find many users. Either way, I don't think the protocol in
>> itself should require any particular parameters, like age or color of socks,
>> just provide the means to communicate any parameters, and perhaps suggest a
>> list of possible, but not required, parameters and formats for values, like
>> options, ranges and enumerations. The same kind of handshake could also be
>> used when requesting access to asset services and the like, even if
>> parameters like "object types" and "ip agreements" may be more important
>> than "color of socks" there.
>>
>>
>>
>> Best regards,
>>
>>
>>
>> Magnus
>>
>>
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>>
>> Version: 9.8.3 (Build 4028)
>>
>> Charset: utf-8
>>
>>
>>
>> wsBVAwUBSsm0cO5MlU9XyaiSAQgEgAgAiNiznZa4fJN+iIm4Lul4iUpPNytexn9g
>>
>> rJWLZ4oevewngvSCOwhslseXKN+OTCUpSPq0vGxRIl58n+u9P56q0X4pYBZ5wsqc
>>
>> YAPdd6zGtQpR+21XQ8oWM948LEdGxba8mNO1gDygqtIyx0suBYkvYUWyYitwlDpu
>>
>> ofvDew+JT140ApmX/d1dTyglxyYv6qnDf8iDsHsNiWYI1ImB5a/hvPK0TkCVFvzr
>>
>> vLXfL5BfCXK0I3tJbLpv/OoUFEn5/emzehu3uavuQfQqQM0uBpw8WVSQGXqZziKb
>>
>> 6i8YpDvBrIkNL4syGhmAs7ZLUqpZEfoWq2LbGasqhVMmDCBkakrPpg==
>>
>> =H2Fj
>>
>> -----END PGP SIGNATURE-----
>>
>>
>>
>>
>>
>> _______________________________________________
>> ogpx mailing list
>> ogpx@ietf.org
>> https://www.ietf.org/mailman/listinfo/ogpx
>>
>
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>

v2.8.7 | Report a Bug | By Email