IETF Logo Mail Archive

Re: [vwrap] [wvrap] Simulation consistency

Morgaine <morgaine.dinova@googlemail.com> Sat, 02 April 2011 03:54 UTC

Return-Path: <morgaine.dinova@googlemail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 02A5F28C12B for <vwrap@core3.amsl.com>; Fri, 1 Apr 2011 20:54:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.433
X-Spam-Level:
X-Spam-Status: No, score=-2.433 tagged_above=-999 required=5 tests=[AWL=-0.357, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_LOW=-1, SARE_WEOFFER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJd7f6Wdq2i4 for <vwrap@core3.amsl.com>; Fri, 1 Apr 2011 20:54:02 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id 248EC28C107 for <vwrap@ietf.org>; Fri, 1 Apr 2011 20:54:02 -0700 (PDT)
Received: by qyk7 with SMTP id 7so2698892qyk.10 for <vwrap@ietf.org>; Fri, 01 Apr 2011 20:55:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Gj+TC7h0RrOHVd5MwDrsokS248yv5srUNkUsOQkHplo=; b=Ob6lVXgzQPcrrZoT1SyLDrDsf/pdx9gXudzlp7yPTcjFtcLKaPROQzjOBcuqwIO1f3 B5uIP2JGaio7ZDvj+izDWl6SmGvYTbFWyK7F70mmfbc7bxbgx/K897nL7vJyGA4OW+dS IW0XtUklcEy74nEUifYoiEQ5rIkxmq2bhEZN0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=T+gImwTxD0sTuxlsbDi6P8wwLhoGg40mNmJGMNR5xtcw4uJontgLRn7HlYjlM7WDkQ uCpBVpzw1vVYclg9j5Ps9arQ6aCxLTpl9qAVGO1VPFTaT7wTNurCzMJV4rsAxEzqZikg OYGZwcjxu09NMmXDXYBSKVe+qBDwOhXazFPyY=
MIME-Version: 1.0
Received: by 10.229.124.145 with SMTP id u17mr4105832qcr.71.1301716540840; Fri, 01 Apr 2011 20:55:40 -0700 (PDT)
Received: by 10.229.211.84 with HTTP; Fri, 1 Apr 2011 20:55:40 -0700 (PDT)
In-Reply-To: <BANLkTint6CiMRZWj59sEYM2j7VoKgz4-Bw@mail.gmail.com>
References: <BANLkTint6CiMRZWj59sEYM2j7VoKgz4-Bw@mail.gmail.com>
Date: Sat, 02 Apr 2011 04:55:40 +0100
Message-ID: <AANLkTimuVubm5Becx8cg_Uq2Gdj8EjHL7maMyqWOeYCJ@mail.gmail.com>
From: Morgaine <morgaine.dinova@googlemail.com>
To: vwrap@ietf.org
Content-Type: multipart/alternative; boundary="000e0cd25cae03db68049fe78051"
Subject: Re: [vwrap] [wvrap] Simulation consistency
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Apr 2011 03:54:04 -0000

Every design choice results in a trade-off, Vaughn, improving one thing at
the expense of something else.  If every time we offered a service we had to
inform its users about the downsides of all the trade-offs we have made,
they would have an awful lot to read. ;-)

The specific trade-off that you are discussing is no different.  A region
that proxies all content has the "benefit" of acquiring control from the
asset servers over the items in the region, so that it can ensure that
everyone in the region not only obtains the items but obtains the
*same*items as everyone else.  That does indeed provide a greater
guarantee of
consistency than a deployment in which the region only passes asset URIs to
clients who then fetch the items from asset services separately.  As always
though, it's a trade-off, since the proxied design has very poor scalability
compared to the distributed one.

If we're going to warn users of the potential for inconsistency in the
distributed deployment as you suggest, are we also going to warn them of
non-scalability in the proxied one?  I really don't see much merit in the
idea of warning about design choices.  Many such choices are technical, and
the issues are quite likely to be of little interest to non-technical users
anyway.  In any case, the better services are likely to provide such
information in their online documentation, I would guess.

You mentioned users "voting with their feet" or choosing to accept the risk
of inconsistency.  Well that will happen anyway, when services fail and
users get annoyed.  If some asset services refuse to send the requested
items to some users, those services will get a bad reputation and people
will choose different asset services instead.  Likewise, if a world service
proxies everything and so it can't handle a large number of assets or of
people, users will get annoyed at the lag and will go elsewhere.  This user
evaluation and "voting with their feet" happens already with online services
all over the Internet, and I am sure that this human process will continue
to work when the services are asset and region services.

Back in September 2010, I wrote this post which proposes that we use in
VWRAP a form of asset addressing that provides massive scalability at the
same time as a very high degree of resilience --
http://www.ietf.org/mail-archive/web/vwrap/current/msg00463.html .  It is
based on the concept of the URI containing a host part and a hash part,
where the hash is generated (once, at the time of storage to the asset
service) using a specified digest algorithm over the content of the asset
being referenced.  You may wish to note that if this design were used, the
failure of an asset service to deliver a requested item would result in a
failover request for the item to one or more backup services, using the same
hash part but with a different host address.

This can go some way towards overcoming the problem that you think might
occur when assets are fetched by clients from asset services directly.
Although it won't help when the missing item is available from only a single
asset service, it will help in many other cases, and it will compensate for
service failures and network outages automatically at the same time.

PS. This design for hash-based asset addressing is already being tested by
Mojito Sorbet in her experimental world and client.  It would give
VWRAP-based worlds an improved level of service availability, so I think it
should be a core feature of our protocol.


Morgaine.




===========================

On Fri, Apr 1, 2011 at 11:17 PM, Vaughn Deluca <vaughn.deluca@gmail.com>wrote:

> This is a question i discussed with Morgaine off-list a while ago (I
> intended to send it to the list but pushed the wrong button...) I
> think we need to address this problem, and decide how to deal with it.
>
>  In Davids deployment draft, section 7.3.1.1 an overview is given van
> ways to deliver content to the region. One way is only passing a
> capability that allows access to (part of) the resource:
>
>           7.3.1.1.  Content delivery models
>           A range of possible represenations can be passed to a region for
>           simulation. [...] The other end of the delivery spectrum involves
> passing
>           only a URI or capability used to access the rendering
> information and a
>           collision mesh,and related data for physical simulation.
>           In such a model, the client is responsible for fetching the
> additional
>           information needed to render the item's visual presence from a
> separate
>           service.  This fetch can be done *under the credentials of the
> end user*
>           viewing the material [my emphasis--VD] , and divorces the
> simulation from
>           the trust chain needed to manage content.  Any automation
> is done on a
>           separate host which the content creator or owner trusts,
> interacting with the
>           object through remoted interfaces.
>
>  I can see the need for such a setup, however, i feel we are
> unpleasantly close to a situation were the coherence of the simulation
> falls apart.
> In this deployment pattern the region advertises the presence of the
> asset, and *some* clients will be able to get it as expected, while
> -based on the arbitrary whims of the asset service- others might not.
>
> My hope would be that after the asset server provides the region with
> the capability to get the asset, it gives up control. That would mean
> that if the client finds the inventory server is unwilling to serve
> the content - in spire of the region saying it is present-, the client
> should be able to turn around ask the *region* for the asset, (and get
> is after all).
>
>  If that is not the case, -and there are probably good reasons for the
> deployment pattern as described-  shouldn't we *warn* clients that the
> region might be inconsistent, so the users behind the client can vote
> with their feet, (or take the risk)?
>
> --Vaughn
> _______________________________________________
> vwrap mailing list
> vwrap@ietf.org
> https://www.ietf.org/mailman/listinfo/vwrap
>

v2.23.0 | Report a Bug | By Email