Re: [ogpx] Protocol for permitting policy decisions

David W Levine <dwl@us.ibm.com> Thu, 08 October 2009 17:29 UTC

Return-Path: <dwl@us.ibm.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8ECB428C1B0; Thu, 8 Oct 2009 10:29:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.807
X-Spam-Level:
X-Spam-Status: No, score=-3.807 tagged_above=-999 required=5 tests=[AWL=-1.209, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UCZuud3tIab; Thu, 8 Oct 2009 10:29:39 -0700 (PDT)
Received: from e7.ny.us.ibm.com (e7.ny.us.ibm.com [32.97.182.137]) by core3.amsl.com (Postfix) with ESMTP id 40DB83A6868; Thu, 8 Oct 2009 10:29:38 -0700 (PDT)
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e7.ny.us.ibm.com (8.14.3/8.13.1) with ESMTP id n98HSVrC028954; Thu, 8 Oct 2009 13:28:31 -0400
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n98HVEAu242802; Thu, 8 Oct 2009 13:31:14 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n98HVDIT023839; Thu, 8 Oct 2009 13:31:13 -0400
Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av03.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n98HVDi7023777; Thu, 8 Oct 2009 13:31:13 -0400
In-Reply-To: <f72742de0910080945g4751a66ex593cb7f6eb73e04a@mail.gmail.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se> <3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com> <OFE55CFEA3.6AD0DA74-ON85257646.006FC774-85257646.0070F176@us.ibm.com> <3a880e2c0910051638p393b20d1vc12763b59ae17e00@mail.gmail.com> <983F17705339E24699AA251B458249B50CC48CB1CB@EXCHANGE2K7.office.nic.se> <20091007204917.GB13882@alinoe.com> <b8ef0a220910071407w14040de4ka198375a70896b@mail.gmail.com> <f72742de0910071513o4630fa9s87b333702c84c697@mail.gmail.com> <e0b04bba0910072034q104ac26fq6a4dbb8dd9198bba@mail.gmail.com> <f72742de0910080945g4751a66ex593cb7f6eb73e04a@mail.gmail.com>
To: Joshua Bell <josh@lindenlab.com>
MIME-Version: 1.0
X-KeepSent: 2B289B05:EDF5C989-85257649:005F3FA2; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
Message-ID: <OF2B289B05.EDF5C989-ON85257649.005F3FA2-85257649.00603D76@us.ibm.com>
From: David W Levine <dwl@us.ibm.com>
Date: Thu, 8 Oct 2009 13:31:12 -0400
X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Build V851_08302009|August 30, 2009) at 10/08/2009 13:31:13, Serialize complete at 10/08/2009 13:31:13
Content-Type: multipart/alternative; boundary="=_alternative 00603D7385257649_="
Cc: ogpx-bounces@ietf.org, ogpx <ogpx@ietf.org>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 17:29:41 -0000

ogpx-bounces@ietf.org wrote on 10/08/2009 12:45:56 PM:

[snip]
>
> :) Honestly, I was trying to riff on the thread (AD and RD sharing 
> information about agents to make policy decisions), rather than 
> propose anything. I think an attempt to define a global set of 
> characteristics about users that enable all policy decisions is 
> hopeless - cultures, laws, and individuals are too varied and rich. 
> That leaves pair-wise negotiation and/or trust networks, which IMHO 
> needs to happen *if* there are to be service-level distinctions for 
> most cases anyway.
> 
> What I forgot to say is: on the Web, as you move between sites you 
> accept various terms of service. Attempts to have your browser 
> automatically negotiate with sites over content have been extremely 
> limited - things like the defunct PICS (you tell your browser to 
> allow a third party site to rate the site you intend to visit), or 
> Google's features which block malware/phishing sites (and I believe 
> are used by current browsers as well when you just type a URL). Your
> user-agent (Web browser) does *not* have a built-in lawyer that 
> agrees to a TOS on your behalf, however. (I'm having flashbacks of 
> "Diamond Age" here - is that the right novel?)
> 
> In the VWRAP space, I don't believe your VW agent domain will be 
> capable of doing that in a totally generalized, automated way 
> either... so either it will have some a priori knowledge of the RD 
> via some manner (pair-wise negotiation, trust network, etc), defer 
> to the user to accept the TOS, or simply block access.
> 
> In other words: "Just like the web, except where it's different" once 
again.

> I'm leaning ever more strongly towards David's position that only 
> services should carry expressions of policy, not domains, because in
> the direction in which this discussion is heading there will be no 
> widespread interop at all.
> 
> I need to re-read Meadhbh's drafts to internalize the formal 
> terminology (yeah, my bad), but in my head a "domain" is a 
> deployment model for a set of conceptually related services, but 
> it's the service end-points that exist at the protocol level. We 
> talk about domains as clusters of conceptually related services as a
> crutch so we don't have to enumerate the specific services in each 
> conversation.
> 

I think this last is of the essence. Domains seem to be artifacts which
arise out of deployment patterns and how people may administrate deployed
systems. The clustering of services, the shared policies have very little 
to
do with protocol and a lot to do with how the endpoints implementing the
protocol are deployed. 

I am thinking that the overall model is very much that the protocols are 
the
mechanisms to ensure that the endpoints encoding common services work in 
the
same way, and the policies that specific endpoints apply will define 
bounds
on how the mechanisms are used. I would argue that what we need, therefore
(Once again sounding like a looping mp3) is to ensure we have the right
mechanisms defined in the protocols to permit the range of policies for 
which
we have use cases. 

I also think this ties to why I am pushing back a bit on how we are 
slinging
the phrase "domain" around. If domains actually are reflections of 
deployment patterns, then to a large extent, you need to describe
domains in a way that is closely coupled to specific deployments. If I
assume one deployment pattern and you another, and we each say "agent 
domain"
we end up talking at cross purposes, because our deployment assumptions 
create
domains which have different properties, which we paper over in the 
language 



- David Levine
~ Zha Ewwy