IETF Logo Mail Archive

Re: [vwrap] Why are we standardizing the login handshake? (was RE: one question)

Meadhbh Hamrick <ohmeadhbh@gmail.com> Fri, 24 September 2010 23:00 UTC

Return-Path: <ohmeadhbh@gmail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 848033A6B1F for <vwrap@core3.amsl.com>; Fri, 24 Sep 2010 16:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.985
X-Spam-Level:
X-Spam-Status: No, score=-1.985 tagged_above=-999 required=5 tests=[AWL=0.614, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sZ4X2S5UkEY for <vwrap@core3.amsl.com>; Fri, 24 Sep 2010 16:00:52 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id E03843A69A4 for <vwrap@ietf.org>; Fri, 24 Sep 2010 16:00:51 -0700 (PDT)
Received: by wwd20 with SMTP id 20so11686wwd.13 for <vwrap@ietf.org>; Fri, 24 Sep 2010 16:01:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=L5ZG9TYjt/QjYPv2lVDKLKnRbNKVl5Uo5WJMFENfZFg=; b=xnUlVJNLUf68cxmyLDpRGE+4v/M9H3hComDJEBBNmxDY3MG4gVYiH/3qQqAOmqZpCw UUMWyYJNjF5upGbdZW0TMjCgvLWxsCYNKEhVsVPotdF0yKsbaVkqwFQHQBmSFNKM6mBq QIAw6lH33S0KHAhN5vqw1XPTCy0lUZUMkZhOc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=X9OPmRhUSFen8x/qc1RXLCcnqeE2H8HagK+vw9OuakNcQ43JVWO+OAzyjkqOlb99n0 EKfg3in01FqAtbUyb4uY9cq+Hhw/g5RJDzo/eCBst09Cmac3ZGu8vU5L6NGV3NpHDLdp HJYV4CiZXg9BllkumMN3u9AezX2+T2uM63RK0=
Received: by 10.216.21.204 with SMTP id r54mr3280428wer.95.1285369283868; Fri, 24 Sep 2010 16:01:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.170.82 with HTTP; Fri, 24 Sep 2010 16:01:03 -0700 (PDT)
In-Reply-To: <4C9D2903.6000404@ics.uci.edu>
References: <62BFE5680C037E4DA0B0A08946C0933D012AD7E06A@rrsmsx506.amr.corp.intel.com> <4C9D20F5.2020507@ics.uci.edu> <62BFE5680C037E4DA0B0A08946C0933D012AD7E094@rrsmsx506.amr.corp.intel.com> <4C9D2331.1090000@ics.uci.edu> <62BFE5680C037E4DA0B0A08946C0933D012AD7E0CC@rrsmsx506.amr.corp.intel.com> <4C9D2903.6000404@ics.uci.edu>
From: Meadhbh Hamrick <ohmeadhbh@gmail.com>
Date: Fri, 24 Sep 2010 16:01:03 -0700
Message-ID: <AANLkTimrCDEktypZwNf5w6FnTwjxVWLiaio_rNQ=sjui@mail.gmail.com>
To: Crista Lopes <lopes@ics.uci.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: vwrap@ietf.org
Subject: Re: [vwrap] Why are we standardizing the login handshake? (was RE: one question)
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 23:00:53 -0000

because we like capabilities for reasons described earlier this week.

i know morgaine likes to say the intro is beyond repair, but if you
actually read it, there are some interesting little nuggets.

like for instance the whole thing about wanting to support loosely
coupled collections of services. capabilities allow us to avoid (among
other things) the confused deputy problem.

as of yet, there's no other proposal for how to address this issue.

-cheers
-meadhbh
--
meadhbh hamrick * it's pronounced "maeve"
@OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com



On Fri, Sep 24, 2010 at 3:41 PM, Crista Lopes <lopes@ics.uci.edu> wrote:
> On 9/24/2010 3:36 PM, Hurliman, John wrote:
>>>
>>> -----Original Message-----
>>> From: vwrap-bounces@ietf.org [mailto:vwrap-bounces@ietf.org] On Behalf
>>> Of Crista Lopes
>>> Sent: Friday, September 24, 2010 3:16 PM
>>> To: vwrap@ietf.org
>>> Subject: Re: [vwrap] Why are we standardizing the login handshake? (was
>>> RE: one question)
>>>
>>> On 9/24/2010 3:11 PM, Hurliman, John wrote:
>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: vwrap-bounces@ietf.org [mailto:vwrap-bounces@ietf.org] On
>>>>> Behalf Of Crista Lopes
>>>>> Sent: Friday, September 24, 2010 3:07 PM
>>>>> To: vwrap@ietf.org
>>>>> Subject: Re: [vwrap] Why are we standardizing the login handshake?
>>>>> (was
>>>>> RE: one question)
>>>>>
>>>>> John,
>>>>>
>>>>> You may also want to read the intro draft.
>>>>> http://tools.ietf.org/html/draft-ietf-vwrap-intro-00
>>>>>
>>>>> This is in 4.4:
>>>>>
>>>>> "VWRAP defines formats  for describing objects and avatar shapes, but
>>>>> more importantly it
>>>>>      describes the mechanism by which those digital asset descriptions
>>>>> are
>>>>>      transferred between client applications, agent domains and region
>>>>>      domains."
>>>>> ...
>>>>> "Accessing and manipulating digital assets is  performed via
>>>>> capabilities which expose the state of the asset to an authorized
>>>>> client. "
>>>>>
>>>>> In other words, assets are fetched by the client. So if my world
>>>>> pushes them to the client, it's not VWRAP-compliant.
>>>>>
>>>>>
>>>>>
>>>>
>>>> You keep saying "if my world does X, it's not VWRAP-compliant". That's
>>>> not
>>>>
>>>
>>> correct. "If my world does not have service endpoint X, it's not VWRAP-
>>> compliant" is the correct statement here. Your world can send assets to
>>> your
>>> client in any way it wishes, but if your asset service does not expose a
>>> VWRAP asset fetch capability (regardless of whether your own client uses
>>> it
>>> or not) then it is not VWRAP-compliant.
>>>
>>>>
>>>>
>>>
>>> So what exactly does this mean? (especially the 2nd sentence, the 1st is
>>> just
>>> for context of the word "client")
>>>
>>>
>>
>> Let's say I have a blog running Wordpress. The default way to leave
>> comments on the blog is to create an account, confirm the e-mail activation,
>> login, then leave a comment. Wordpress is doing a non-standard login
>> (equivalent to "if my world does X"), which makes it neither compliant with
>> OpenID nor non-compliant with OpenID. It is completely orthogonal.
>>
>> Now I install an OpenID plugin for Wordpress that allows people to either
>> use the traditional method, or use OpenID authentication when leaving
>> comments. I've added a service endpoint for accepting OpenID authentication,
>> and my blog is now OpenID compliant.
>>
>> Pushing assets to your client does not make your world non-compliant with
>> VWRAP. Being compliant with VWRAP depends on whether you also have a service
>> endpoint that speaks the VWRAP language, in addition to whatever else your
>> system might be doing.
>>
>
> So why is this prescription in the intro document at all?
>  "Accessing and manipulating digital assets is  performed via capabilities
> which
>  expose the state of the asset to an authorized client. " (where client
> means the client application, in the context of that section)
>
> _______________________________________________
> vwrap mailing list
> vwrap@ietf.org
> https://www.ietf.org/mailman/listinfo/vwrap
>

v2.23.0 | Report a Bug | By Email