IETF Logo Mail Archive

Re: [ogpx] Protocol for permitting policy decisions

Morgaine <morgaine.dinova@googlemail.com> Mon, 05 October 2009 17:52 UTC

Return-Path: <morgaine.dinova@googlemail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7BE613A6947 for <ogpx@core3.amsl.com>; Mon, 5 Oct 2009 10:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.541
X-Spam-Level:
X-Spam-Status: No, score=-1.541 tagged_above=-999 required=5 tests=[AWL=0.435, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UaqN7t6+mms8 for <ogpx@core3.amsl.com>; Mon, 5 Oct 2009 10:52:48 -0700 (PDT)
Received: from mail-ew0-f214.google.com (mail-ew0-f214.google.com [209.85.219.214]) by core3.amsl.com (Postfix) with ESMTP id 78F6628C1CD for <ogpx@ietf.org>; Mon, 5 Oct 2009 10:52:47 -0700 (PDT)
Received: by ewy10 with SMTP id 10so3307501ewy.9 for <ogpx@ietf.org>; Mon, 05 Oct 2009 10:54:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=vmvXUWGLV6Fau9PoX0iG3dWO0sQZGWQhnV0++YCNedo=; b=BZu6ik5H2WlV4YjKuP8QI7+rXp6DyrRVS5PiKk8LO8s5MIkQrSIwXMKUA6u1U5oQ9j VuDcXU4NX7A2SWzdtc/njs/Yoql7WARKhiCuX7zkuyESYhPppbqxMYuOMkAeWeEvJuR5 U8MvYZKMcSraO3z7+5+/O6F+sHssTIKZc3bJw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=MHGqXejFMT2Cl2/x0LyZ2lSbtcEpTrXcz6LXxTphGJrTEblQ7WJsHkg0oefO//wN5Z hBjXHH/gDxNoS7U66ePy1P1dEuoDBVspUQzZzuKp+rznCK+bS+CzANtAC0lWi3xwPTuT Dm1fn1boZWCfjRbIhXK1QspQ0QcqK1Nzq6fbc=
MIME-Version: 1.0
Received: by 10.210.7.23 with SMTP id 23mr355777ebg.27.1254765258617; Mon, 05 Oct 2009 10:54:18 -0700 (PDT)
In-Reply-To: <4646639E08F58B42836FAC24C94624DD771A0D8521@GVW0433EXB.americas.hpqcorp.net>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se> <4646639E08F58B42836FAC24C94624DD771A0D8521@GVW0433EXB.americas.hpqcorp.net>
Date: Mon, 5 Oct 2009 18:54:18 +0100
Message-ID: <e0b04bba0910051054h2a20845ga968486f8532bff3@mail.gmail.com>
From: Morgaine <morgaine.dinova@googlemail.com>
To: "Dickson, Mike (ISS Software)" <mike.dickson@hp.com>
Content-Type: multipart/alternative; boundary=000e0cdfd7e68433c9047533cd6c
Cc: "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2009 17:52:50 -0000

You're opening up a can of worms of biblical proportions here, Mike.

What in hell's teeth is an "Adult only region"?  Who gets to define it?
Under what rules?  In what legal jurisdiction?  And those are just the
simplest questions, pertaining to worlds that are merely reflections of the
physical world.  What about virtual worlds that intentionally maintain
separation from RL, bearing in mind the recent augmentism versus
immersionism thread?  Each immersionist's world is separate from all others,
and your value judgements from elsewhere are not importable to those
worlds.  What about fantasy worlds?  Is a naked orc "Adult content"?  How do
you judge "Adult only" in a virtual world set in our distant future?  How do
you judge "Adult only" in a virtual world of aliens?  What about in a
virtual world of classic art recreations in all their naked and educational
glory?  And there are probably another 500 questions like this one.

It's not just a can of worms.  It's totally unworkable, nothing more than
theater, and verging on farce or comedy.  I bet that some readers here who
are not exposed to recent events in Second Life may be wondering why this
topic has even appeared in these discussions.

One particular world provider has implemented a ratings system within its
own walled garden, and this has been confused with the requirements of
interop outside of a walled garden.  Such ratings systems may be workable
within a single managed domain in which the provider has total control over
region spaces and asset services and can sanction individuals who break the
rules, but it does not extrapolate to multiple worlds with separate Terms
and Conditions, different jurisdictions, or varying cultures, even when
they're all mirrors of the physical world.  Even less can it work or apply
in the general case of immersionist virtual worlds.

This is extremely poorly considered, on numerous fronts.

Authentication is more than enough for coarsely segregating highly
restricted enclaves from the general mass of virtual worlds.  Going beyond
that is simply unworkable across multiple separate virtual virtual worlds,
when you look at the implications.


Morgaine.





==================================

On Mon, Oct 5, 2009 at 3:48 PM, Dickson, Mike (ISS Software) <
mike.dickson@hp.com> wrote:

>  I think Magnus’ message is a good synopsis of the requirements, IMO.  I
> see a need to negotiate **both** capabilities and constraints in the
> protocol where both should be ideally attributes in an extensible list (that
> is the list isn’t hard coded in the protocol definition).  So, IMO,
> authentication isn’t enough.  Beyond authenticating there’s an exchange
> around caps and constraints that needs to take place.  I’d use that
> mechanism to handle “Adult only” regions, membership in a group where the
> group is defined outside the scope of the protocol, etc.
>
>
>
> Mike
>
>
>
> *From:* ogpx-bounces@ietf.org [mailto:ogpx-bounces@ietf.org] *On Behalf Of
> *Magnus Zeisig
> *Sent:* Monday, October 05, 2009 3:55 AM
> *To:* ogpx@ietf.org
> *Subject:* [ogpx] Protocol for permitting policy decisions
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hash: SHA256
>
>
>
> If I register with an agent domain, or authentication service, whichever
> should be the proper name for it, I will most probably hand them some pieces
> of information about myself that I don't want disseminated to anyone.
> Therefore, I think the protocol for granting access to regions and other
> services should not include such information explicitly, but rather let the
> agent domain/authentication service just answer questions from the other
> domain/service if the parameters are within acceptable range.
>
>
>
> Instead of the revealing (meta-handshake):
>
>
>
> Agent domain:
>
> request access for
>
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
> age: 18
>
> gender: male
>
> sexuality: bi
>
> country: pt
>
> languages: pt, es, en, de
>
> length: 1.82
>
> weight: 122
>
> color of socks: blue
>
>
>
> Region domain:
>
> access granted for
>
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
>
>
> The handshake should instead be:
>
>
>
> Agent domain:
>
> request access for
>
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
>
>
> Region domain:
>
> require parameter values
>
> languages: es AND (de OR hb OR ru)
>
> length: [1.21-2.42]
>
> color of socks: pink OR blue OR black
>
> hairdo: shaved OR ponytail
>
>
>
> Agent domain:
>
> required parameter values
>
> languages: yes
>
> length: yes
>
> color of socks: yes
>
> hairdo: n/a
>
>
>
> After which the region domain might decide that the missing hairdo
> parameter is not crucial and grant access, or refuse access because of it:
>
>
>
> Region domain:
>
> access denied for
>
> user: Title.FirstName.Initials.LastName.ExtraSomething@agentdomain.org
>
>
>
> This has the benefit of permitting service providers to require what user
> parameters they think are important, be it age or color of socks, but the
> disadvantage of some extra overhead and the risk of balkanization because of
> requirements of "odd" parameters only supported by few services. The latter,
> however, I believe will become self-eliminating, because such services will
> probably not find many users. Either way, I don't think the protocol in
> itself should require any particular parameters, like age or color of socks,
> just provide the means to communicate any parameters, and perhaps suggest a
> list of possible, but not required, parameters and formats for values, like
> options, ranges and enumerations. The same kind of handshake could also be
> used when requesting access to asset services and the like, even if
> parameters like "object types" and "ip agreements" may be more important
> than "color of socks" there.
>
>
>
> Best regards,
>
>
>
> Magnus
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> Version: 9.8.3 (Build 4028)
>
> Charset: utf-8
>
>
>
> wsBVAwUBSsm0cO5MlU9XyaiSAQgEgAgAiNiznZa4fJN+iIm4Lul4iUpPNytexn9g
>
> rJWLZ4oevewngvSCOwhslseXKN+OTCUpSPq0vGxRIl58n+u9P56q0X4pYBZ5wsqc
>
> YAPdd6zGtQpR+21XQ8oWM948LEdGxba8mNO1gDygqtIyx0suBYkvYUWyYitwlDpu
>
> ofvDew+JT140ApmX/d1dTyglxyYv6qnDf8iDsHsNiWYI1ImB5a/hvPK0TkCVFvzr
>
> vLXfL5BfCXK0I3tJbLpv/OoUFEn5/emzehu3uavuQfQqQM0uBpw8WVSQGXqZziKb
>
> 6i8YpDvBrIkNL4syGhmAs7ZLUqpZEfoWq2LbGasqhVMmDCBkakrPpg==
>
> =H2Fj
>
> -----END PGP SIGNATURE-----
>
>
>
>
>
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>

v2.8.7 | Report a Bug | By Email