Re: [ogpx] Protocol for permitting policy decisions
Carlo Wood <carlo@alinoe.com> Thu, 08 October 2009 23:53 UTC
Return-Path: <carlo@alinoe.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 8BE9B3A69E5 for <ogpx@core3.amsl.com>;
Thu, 8 Oct 2009 16:53:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Level:
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[AWL=0.211,
BAYES_00=-2.599, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZR7mlfRJmE3n for
<ogpx@core3.amsl.com>; Thu, 8 Oct 2009 16:53:35 -0700 (PDT)
Received: from viefep18-int.chello.at (viefep18-int.chello.at [62.179.121.38])
by core3.amsl.com (Postfix) with ESMTP id 0B74F3A69AD for <ogpx@ietf.org>;
Thu, 8 Oct 2009 16:53:33 -0700 (PDT)
Received: from edge03.upc.biz ([192.168.13.238]) by viefep18-int.chello.at
(InterMail vM.7.09.01.00 201-2219-108-20080618) with ESMTP id
<20091008235515.QFLG13402.viefep18-int.chello.at@edge03.upc.biz>;
Fri, 9 Oct 2009 01:55:15 +0200
Received: from mail9.alinoe.com ([77.250.43.12]) by edge03.upc.biz with edge
id qPvD1c02V0FlQed03PvEoR; Fri, 09 Oct 2009 01:55:14 +0200
X-SourceIP: 77.250.43.12
Received: from carlo by mail9.alinoe.com with local (Exim 4.69) (envelope-from
<carlo@alinoe.com>) id 1Mw2qc-000704-Mt; Fri, 09 Oct 2009 01:56:38 +0200
Date: Fri, 9 Oct 2009 01:56:38 +0200
From: Carlo Wood <carlo@alinoe.com>
To: Morgaine <morgaine.dinova@googlemail.com>
Message-ID: <20091008235638.GE13882@alinoe.com>
References: <983F17705339E24699AA251B458249B50CC48CAEBF@EXCHANGE2K7.office.nic.se>
<3a880e2c0910051239t3dcae895x4f6d5f4bf5d64cd@mail.gmail.com>
<20091007203535.GA13882@alinoe.com>
<983F17705339E24699AA251B458249B50CC48CB683@EXCHANGE2K7.office.nic.se>
<e0b04bba0910080241x548b6ff9tbc558aaa069b15be@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <e0b04bba0910080241x548b6ff9tbc558aaa069b15be@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: "ogpx@ietf.org" <ogpx@ietf.org>, Magnus Zeisig <magnus.zeisig@iis.se>
Subject: Re: [ogpx] Protocol for permitting policy decisions
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>,
<mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 23:53:36 -0000
On Thu, Oct 08, 2009 at 10:41:54AM +0100, Morgaine wrote: > Magnus, > > If ADs are involved in region policy, then in the multi-world deployment > pattern, AD2 will have to be consulted when agent A1 teleports from RD1 to RD2, > because AD2 will be involved in region policy too. It's symmetric with AD1. Morgaine, I'm pretty sure nobody on this list wants AD2 to be involved in anyway. I'm also convinced that there is some misunderstanding involved here, and it would be good to correct that... The following isn't consensus yet, but I feel it's basically the truth, and written down here as such because at least it is simple: In the end there are only services. Services can be grouped as 'domain' to make clear they are run by the same authority and therefore likely will have use the same policies, but for the sake of the protocol you can ignore that. There are several types of services, so far we only concentrated on two types: 1) A region (R1, R2, ...) 2) An authentication service (A1, A2, ...) in principle, every service can be run by a different authority and thus have different policies. One user only uses a single authentication service at a time, every other authentication service is not relevant (for that user). If a user wants to teleport from R1 to R2, while using A3, only A3 and R2 have a say in this. The only say that A3 has is true or false: yes or no allow the user to go to R2. Once the user gets into R2, no policy of A3 matters anymore. It makes no sense whatsoever to group A's with R's for the sake of understanding or designing the protocol. For a teleport decision (or initial connect) only ONE Agent service and ONE region are involved. Almost every policy (of both parties) can be negotiated out of band, yet some of us (including me) are arguing that we need to keep the possibility open for a region to change some abstract policies (based on trusted information from the agent service) more real-time. Here trust is needed in both directions: the region must trust the agent service to answer it's questions correctly and the agent service must trust the region not to fool it into allowing users in that the agent service based on it's own policy doesn't want to allow in. -- Carlo Wood <carlo@alinoe.com>
- [ogpx] Protocol for permitting policy decisions Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Siobhan
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Joshua Bell
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Meadhbh Hamrick
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- [ogpx] VWRAP future (mostly out of protocol rambl… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Joshua Bell
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… Dickson, Mike (ISS Software)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Magnus Zeisig
- Re: [ogpx] VWRAP future (mostly out of protocol r… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Infinity Linden (Meadhbh Hamrick)
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca
- Re: [ogpx] Protocol for permitting policy decisio… Carlo Wood
- Re: [ogpx] Protocol for permitting policy decisio… David W Levine
- Re: [ogpx] Protocol for permitting policy decisio… Morgaine
- Re: [ogpx] Protocol for permitting policy decisio… Vaughn Deluca