[ogpx] Unique identities (was: Names, Identity and Protocol elements)

[Carlo Wood <carlo@alinoe.com>]

Uniqueness in general
---------------------

The generation of unique IDs is quite interesting by itself.
And quite a few unique IDs are needed in a good VWRAP protocol. 
The approach taken by LL is generating number so huge that
they are unique by chance. This has two disadvantages: it
increases bandwidth usage and it requires to look up those
ID's in huge trees, because these ID's cannot contain information
in itself. Finally, it is not always possible to have untrusted
parties (ie, the viewer) generate UUID's, because they can
be set to anything and therefore deliberately still match
another already existing UUID.

Another approach to generate unique ID's is to devide Unique
ID's over "Authorities" that can generate such ID's (these
would be servers). Each Authority would need a unique ID
by itself, and can then generate an arbitrary number of other
unique ID's by appending a locally unique number to it's
own ID. Likewise, the authorities ID could exist of an ID
unique for the administration running the server plus a
number unique within that administration and assigned by
that administration. This is, for example, the approach
that hardware vendors are using to identify hardware being
plugged into a PC. The ID itself contains a part that shows
one that the chip is made by nvidia (for example).
The advantage of that is, apart from that the ID's can be
much smaller, that each ID immediately contains a part
that reveals who is the authority, which then can be used
for routing the message to that authority, etc.

Authorities are very important concept as well. In order
to avoid collisions (making incompatible changes to the same
thing in different places on the network, after which
re-synchronization becomes a nightmare), it is necessary
to route all messages regarding 'X', to a single authority,
the authority of X. Changing 'X' then exists of requests to
change it, and the authority will inform the requester if
this succeeded or not. For example, if on a given grid
someone creates a new chat group, then the viewer sends
a request to the authority of that chat group name (which
can be distributed by using the first character(s) of
the name to assign it's authority). That way, if two
people try to create the same group at the same time,
only one will succeed.

Another reason that makes using authority-generated ID's
an advantage is that they are robust: it makes it impossible
to have a viewer generate an ID (see security problem above)
by accident; and it certainly makes it impossible to use
ID's in the protocol that also have the function of being
human readable! A mistake made many times in the current
protocol of SL: avatar names, region names, group names,
... all of them are not only the human readable texts that
we want to see, they are ALSO the ID's of themselves by
which they are recognized in the protocol :(. As a result,
it is impossible to change them. Human readable text should
be nothing more than meta data. Hell, you could even give
a region more than one name, depending on the language
of the one visiting it. All protocol should use authority-
generated ID's, which by nature cannot be human readable.
The server would include human readable meta data for each
ID that represents something in-world, and the viewer would
do ID <--> human readable name mapping back and forwards
locally. Changing the name of something would be as easy
as sending a request to the ID authority to change the
name (resulting in a message with the new meta data to
everyone using it, without the slightest risk of a desync
during that update. You could even just wait till the
next login before providing the new meta data).

-- 
Carlo Wood <carlo@alinoe.com>