Re: [vwrap] [Opensim-dev] Global identifiers
diva@metaverseink.com Tue, 31 August 2010 17:56 UTC
Return-Path: <diva@metaverseink.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 0B1083A68C8 for <vwrap@core3.amsl.com>;
Tue, 31 Aug 2010 10:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.456
X-Spam-Level:
X-Spam-Status: No, score=-2.456 tagged_above=-999 required=5 tests=[AWL=0.143,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNX484TCqbSJ for
<vwrap@core3.amsl.com>; Tue, 31 Aug 2010 10:56:28 -0700 (PDT)
Received: from smtp.techcoastworks.com (techcoastworks.com [206.82.208.116])
by core3.amsl.com (Postfix) with ESMTP id EBEC73A68DF for <vwrap@ietf.org>;
Tue, 31 Aug 2010 10:56:27 -0700 (PDT)
Received: from [192.168.1.105] (adsl-75-34-226-217.dsl.irvnca.sbcglobal.net
[75.34.226.217]) (authenticated bits=0) by smtp.techcoastworks.com
(8.12.11.20060308/8.12.11) with ESMTP id o7VHdf2Z017619 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 Aug 2010 10:39:42 -0700
Message-ID: <4C7D4264.6080008@metaverseink.com>
Date: Tue, 31 Aug 2010 10:56:52 -0700
From: diva@metaverseink.com
Organization: Metaverse Ink
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: opensim-dev@lists.berlios.de, "vwrap@ietf.org" <vwrap@ietf.org>
References: <mailman.911.1283209790.1474.opensim-dev@lists.berlios.de> <4c7cba86.0e28e30a.7473.4a51@mx.google.com> <AC93134509B64A2DAED849E278D42354@TWEEDY64> <1283261970.16697.10.camel@mdickson-linux> <4C7D0B9A.3030904@t-data.com> <4C7D1AE8.1090301@metaverseink.com>
<4C7D21F6.6020105@metaverseink.com>
In-Reply-To: <4C7D21F6.6020105@metaverseink.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [vwrap] [Opensim-dev] Global identifiers
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: diva@metaverseink.com
List-Id: Virtual World Region Agent Protocol - IETF working group
<vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2010 17:56:30 -0000
One last thing, possibly of interest to the folks in VWRAP: Another thing that happened to OpenSim as it reached 0.7 was the reconceptualization of the software itself. As a consequence of this reconceptualization, interoperability architectures such as the Hypergrid are built as optional components that don't affect the core of the walled-garden code. As such, for those who don't like the Hypergrid for whatever reason, you can experiment with your own ideas of interoperability without having to tip toe around it. I suggest you understand HG1.5 first, as not to reimplement it again. Then, if what you want to do is really different, and not just a layer of *policy* above HG1.5 (policy specifications will be supported soon), follow the same philosophy of modularizing things properly, as that will give your architecture a chance for people to use as plugin. If you run into a missing hook, just let me know. Bottom line wrt interop, two major things happened: 1) the hypergrid 1.5, a system-to-system (S2S) architecture with the trust/security model explained below; and 2) the clean up of the framework, allowing anyone to experiment with interop. diva@metaverseink.com wrote: > One more thing, a bit less important than the others, as the others > pertain to grid-level content, and this one pertains to user-level content: > > - WRT to the user agent itself (i.e. name, appearance, etc.), the user's > user agent service (a grid-level service) is the party responsible for > creating user agents that are launched at foreign grids. As such, that > component is the authority that defines what agent data to send. If the > user agent service of one grid so wishes, all of its users' agents can > be anonymized and stripped off their clothes before going out. > > - HG 1.5 has another, symmetric, grid-level component called the > Gatekeeper which has the role of deciding what comes in to its grid. So > if the Gatekeeper so wishes, it can anonymize all foreign user agents > and strip them off their clothes before allowing them in. > > In other words, the user agent service and the gatekeeper service are > the yin and yang of the Hypergrid. > > diva@metaverseink.com wrote: >> [unrelated to the narrow issue at hand, but since people want to know, >> here goes] >> >> HG 1.5 has a trust/security model. The base case is one where grids >> are peers, and the traveling of one user agent from his home grid to >> another establishes the *base trust* in the following manner: >> >> - Everything that the agent references from his home grid is made >> available to the foreign grid where the user is. In other words, the >> user is the driver of trust. >> >> - Everything else that is not referenced by the visiting agent is out >> of reach. "Out of reach" is a soft security model, i.e. the resources >> are available on the internet, but you need to know their identifiers >> in order to get them. Their identifiers behave as capabilities. This >> is the part that still needs work, as Melanie thinks 'soft' is not >> enough. >> >> This trust model is the base upon which trust policies can be defined. >> In other words, we now have the basis to add additional grid-level >> specifications that overwrite the user's actions. >> >> Melanie wrote: >>> Hi, >>> >>> HG 1.5 doesn't address these concerns. Also, please remember that >>> assets need to be freely available to all, else they can't be >>> displayed. The observer gets a copy, too. >>> >>> Animations, textures, sounds, etc. need to be given to all observers. >>> >>> Melanie >>> >>> Mike Dickson wrote: >>>> Right. I think some of the use cases related to how content is shared >>>> have been glossed over. In a completely open model which is what has >>>> been discussed this is all pretty straightforward. But if I'm running >>>> an asset service (as part of a grid or separately) I might want to >>>> provide access controls as part of that service. The same with user >>>> services. I may have a trust relationship with one agent service and >>>> allow content to be transferred to agents that service represents. But >>>> for another agent service for which no such relationship exists I'd >>>> like >>>> to deny access to content. And even in the transfer case does the new >>>> user get a new copy or a reference. That concept isn't supported now >>>> but >>>> in a distributed grid its an important distinction. I might wish to >>>> know >>>> that copies of objects rezzed in a simulator always come from a >>>> specific >>>> asset service. >>>> >>>> In short I think how the security model works is way more important >>>> than >>>> a caching optimization being applied to a URI/URL. Its important to >>>> understand what levels of trust between services are supported and >>>> under >>>> what conditions an access is supported. As an Agent Service I may >>>> consider even the "Names" of my users to be confidential and only to be >>>> revealed to services for which a trust relationship exists. >>>> >>>> Mike >>>> >>>> On Tue, 2010-08-31 at 13:23 +0000, mysticaldemina@xrgrid.com wrote: >>>>> Hi, >>>>> >>>>> As a content creator this concerns me. I believe if I license my >>>>> content to >>>>> an avatar, and then they go to another grid that any content pulled >>>>> should >>>>> be from the grid that I have the content loaded into. I think I >>>>> should be >>>>> in control of my content. I also think I should be able to block >>>>> grids that >>>>> my content is being accessed from. If you don't always maintain the >>>>> original content location there will be no control. If I give >>>>> someone a >>>>> copy of my content, then that is something else, they are now the >>>>> owner of >>>>> it and are free to do as they please with it, at least within any >>>>> license I >>>>> give them. But that is a legal stuff not a technically programmed >>>>> one. At >>>>> least I don't expect all situations to be programmed. >>>>> >>>>> Also when asset services start happening this will become more of >>>>> an issue. >>>>> I will have XRMarketplace.com live soon and plan to start selling >>>>> content >>>>> and provide that content as an asset server. How will I maintain >>>>> any kind >>>>> of control over the use of my content if people don't have to pull >>>>> copies >>>>> from me? >>>>> >>>>> I also think, and haven't seen in the new hypergrid, if someone >>>>> goes to a >>>>> new grid I may not allow any of my content to go there unless that >>>>> avatars >>>>> gets an authorization from me which should be attached to his proxy >>>>> profile >>>>> for access into my grid/asset server. >>>>> >>>>> The other thing to think about is how updates or corrections are >>>>> propagated. >>>>> SL has a terrible system of only supporting copies so any updates >>>>> or copies >>>>> have to be sent to everyone. Seems content replacement needs to be >>>>> supported and if content is all over the place this will get even >>>>> crazier. >>>>> Also to support dynamic content there needs to be a ways to refresh or >>>>> update content. I suggest there needs to be an expiration date on the >>>>> content just like how images and HTML pages on the web work so that >>>>> cached >>>>> content will know to pull a new copy. And if the expiration date >>>>> is 0, at >>>>> the time it was pulled, it will always get refreshed. >>>>> >>>>> This is maybe should have its own discussion thread but seems to be >>>>> part of >>>>> how this is all going to work. >>>>> >>>>> M. >>>>> >>>>> -----Original Message----- >>>>> From: opensim-dev-bounces@lists.berlios.de >>>>> [mailto:opensim-dev-bounces@lists.berlios.de] On Behalf Of Ai Austin >>>>> Sent: Tuesday, August 31, 2010 4:17 AM >>>>> To: opensim-dev@lists.berlios.de >>>>> Subject: Re: [Opensim-dev] Global identifiers >>>>> >>>>> myticaldemina makes a lot of good points... one thing that could be >>>>> problematic though relates to this comment... >>>>> >>>>>> From: <mysticaldemina@xrgrid.com> >>>>>> ...I would suggest any >>>>>> proxies would give the external system and identifier and not >>>>>> chain proxy >>>>> to >>>>>> proxy unless there is a reason to do it, and the assets should be >>>>>> copied >>>>> >from the original source. >>>>> >>>>> >>>>> I agree with the first half... no chains, just hand over the >>>>> external system "authority" and its given identifier pair for the >>>>> identity involved. >>>>> >>>>> But I don't agree at all with the idea that you then have to get >>>>> the asset from that original authority. The permissions could have >>>>> changed, corruptions could have occurred or much more likely the >>>>> authority simply will no longer be there. The asset "as is" (with >>>>> its textures, scripted content and what not) should be provided to >>>>> the destination location/grid if the object permissions allow it, >>>>> with proper transfer of the permissions to next owner exactly as if >>>>> an avatar to avatar transfer or rez in world took place on the >>>>> local grid, without trying to reload the asset from an original >>>>> source. >>>>> . >>>>> >>>>> >>>>> _______________________________________________ >>>>> Opensim-dev mailing list >>>>> Opensim-dev@lists.berlios.de >>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev >>>>> >>>>> _______________________________________________ >>>>> Opensim-dev mailing list >>>>> Opensim-dev@lists.berlios.de >>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev >>>> >>>> _______________________________________________ >>>> Opensim-dev mailing list >>>> Opensim-dev@lists.berlios.de >>>> https://lists.berlios.de/mailman/listinfo/opensim-dev >>>> >>>> >>> _______________________________________________ >>> Opensim-dev mailing list >>> Opensim-dev@lists.berlios.de >>> https://lists.berlios.de/mailman/listinfo/opensim-dev >>> >> _______________________________________________ >> Opensim-dev mailing list >> Opensim-dev@lists.berlios.de >> https://lists.berlios.de/mailman/listinfo/opensim-dev >> > _______________________________________________ > Opensim-dev mailing list > Opensim-dev@lists.berlios.de > https://lists.berlios.de/mailman/listinfo/opensim-dev >
- Re: [vwrap] [Opensim-dev] Global identifiers Hurliman, John
- Re: [vwrap] [Opensim-dev] Global identifiers Hurliman, John
- Re: [vwrap] [Opensim-dev] Global identifiers Melanie
- Re: [vwrap] [Opensim-dev] Global identifiers Hurliman, John
- Re: [vwrap] [Opensim-dev] Global identifiers diva
- Re: [vwrap] [Opensim-dev] Global identifiers diva
- Re: [vwrap] [Opensim-dev] Global identifiers mysticaldemina
- Re: [vwrap] [Opensim-dev] Global identifiers diva
- Re: [vwrap] [Opensim-dev] Global identifiers Joshua Bell