Re: [vwrap] New Revisions of VWRAP Internet Drafts Published
Meadhbh Hamrick <ohmeadhbh@gmail.com> Tue, 06 July 2010 18:34 UTC
Return-Path: <ohmeadhbh@gmail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 9FA723A6834 for <vwrap@core3.amsl.com>;
Tue, 6 Jul 2010 11:34:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EUXZqAZx7L3w for
<vwrap@core3.amsl.com>; Tue, 6 Jul 2010 11:34:13 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com
[74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id F208D3A6452 for
<vwrap@ietf.org>; Tue, 6 Jul 2010 11:34:12 -0700 (PDT)
Received: by gwb10 with SMTP id 10so3538009gwb.31 for <vwrap@ietf.org>;
Tue, 06 Jul 2010 11:34:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:received:mime-version:received:in-reply-to
:references:from:date:message-id:subject:to:cc:content-type
:content-transfer-encoding; bh=kqp+e8oOJjFFBlxaopTw3yYygjAPeEyLX1km/u/xGq8=;
b=UOg/xtNdq4zP32UCtIAacpjpMEGpuoOLGPiMEnM/UwdgO08TS9aeiDR8c946dfD5S7
Vh5IKCR1+KzVuzVgLaBgMzS84beKPyaAEQMbP0pvhJ0EA+AwcFHWR1yxc4LhI07TrT7W
mEDhM70RcvUR1x3pMNbzbmAjJK+42KVptbUzA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc:content-type:content-transfer-encoding;
b=M55uk/TyaBwTMa+JLdAZqOw8RrZUzpF0Cl6zfcQWbCrpu0PKk2n32qzCtZdhHcjzxk
7H9CD0ZSTOq2416FxEoNLgLGSolJvlr0dxs3GeQsqZeOQe9wTwRsaDs44v7buyy2G5CD
d+nRsVvDR/dlZQspKU4MNx1IbbCg3wHwBB3W0=
Received: by 10.229.215.12 with SMTP id hc12mr2967310qcb.19.1278441251119;
Tue, 06 Jul 2010 11:34:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.185.73 with HTTP; Tue, 6 Jul 2010 11:33:51 -0700 (PDT)
In-Reply-To: <62BFE5680C037E4DA0B0A08946C0933DDA75DE93@rrsmsx506.amr.corp.intel.com>
References: <AANLkTik4tJfXL5fDEwfRLwG9J4KdKWfaq8560v5sbcTq@mail.gmail.com>
<4C3354A0.2070304@stpeter.im>
<62BFE5680C037E4DA0B0A08946C0933DDA75DE93@rrsmsx506.amr.corp.intel.com>
From: Meadhbh Hamrick <ohmeadhbh@gmail.com>
Date: Tue, 6 Jul 2010 11:33:51 -0700
Message-ID: <AANLkTil5sufp-WerLWEBeeoMRODJRftJwOYarOgb3F99@mail.gmail.com>
To: "Hurliman, John" <john.hurliman@intel.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "vwrap@ietf.org" <vwrap@ietf.org>
Subject: Re: [vwrap] New Revisions of VWRAP Internet Drafts Published
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group
<vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 18:34:15 -0000
yay! comments!
a couple comments:
1. didn't we say we wanted to drop the legacy "agent login" and only
go with "account login" ? there was a back and forth where i was all
about "oh noes! SL will break if we don't do agent login?" and then
someone (morgaine?) said "it's okay, SL will cope!" and then josh
said, "yeah, SL will cope without agent login in VWRAP, we can login
with a single account string."
so the most recent auth spec DOESN'T have a first + last agent login
option. it only has an account_name string in the auth request.
it doesn't sound like this change will cause heartburn for you, john.
your thoughts?
2. we had previously said (roughly) "if the &authenticator map is not
present in the agent_login message, the auth service will figure out
what to do on it's own." so the current draft calls out two options
for why the auth service may not see an &authenticator: 1. it's been
pre-authenticated or 2. auth info is present in the transport session
(either by a TLS client cert or HTTP digest auth.)
but... i think i like your way better, john. so, i propose the
following new types for authenticators:
{ "type": "capability" } - as described below
{ "type": "transport" } - the service should check the transport for
either a HTTP digest auth header or a TLS client side cert.
--
meadhbh hamrick * it's pronounced "maeve"
@OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com
On Tue, Jul 6, 2010 at 10:29 AM, Hurliman, John <john.hurliman@intel.com> wrote:
> Now that the CALM draft is alive and kicking again let's see how I can break it :-). One issue I ran into while implementing my launcher app was the need to distinguish between capability login URLs and unauthenticated login URLs. Here are our use cases:
>
> a) A user visits sciencesim.com, creates an account and/or logs in, goes to their start page (let's say sciencesim.com/account/) and clicks a Launch button that points to a CALM document with a login capability. The launcher app knows to start the viewer in "pre-authenticated" mode where it skips the username/password entry form and tries to log directly in-world.
>
> b) A user wants to login to sciencesim.com using the username/password entry form built into the viewer, without doing a web authentication first. They have sciencesim.com/launch/ bookmarked which returns a CALM document containing the unauthenticated login url for sciencesim. This instructs the launcher to open the viewer in "username/password prompt mode".
>
> To achieve both of these use cases I added a new &authenticator that contains { "type": "capability" } to distinguish a pre-authenticated URL from the regular variety. I also added a bit of code to look for either "name" or merge "first_name" + "last_name" into a Name field. The full CALM parsing code for the launcher is in SVN at <http://code.google.com/p/openmetaverse/source/browse/trunk/Launcher/LaunchDocument.cs>. You'll notice a couple of non-standard extensions ("welcomeurl", "economyurl", "abouturl", "registerurl", "helpurl", "passwordurl") that are not part of the spec, but used in the launcher app since we're using CALM documents as the hopeful successor to GridInfo documents (http://opensimulator.org/wiki/GridInfo).
>
> John
>
>
> On 7/5/10 4:28 PM, Meadhbh Hamrick wrote:
>> from http://blog.meadhbh.org/2010/07/new-vwrap-internet-drafts-published.html :
>>
>> hey peeps! this is just a quick note to let you know that i just
>> pushed out several new versions of the following VWRAP Internet
>> Drafts:
>>
>> VWRAP : Introduction and Goals
>> https://datatracker.ietf.org/doc/draft-ietf-vwrap-intro/
>>
>> this is the draft that's intended to be a "gentle introduction" to our
>> kind of virtual world, the protocol and the documents. i believe it is
>> "very close" to being fully baked. based on feedback from the mailing
>> list and face to face meetings, i added a section on deployment
>> patterns (without using the terms "Second Life" or "OpenSim",) removed
>> the archaic concepts of agent and region domains, added a document
>> roadmap and added a few terms in the glossary. also, i fixed up the
>> references in the back so they *should* be pointing to the most recent
>> revisions of things.
>>
>> VWRAP : Abstract Type System for the Transmission of Dynamic
>> Structured Data
>> https://datatracker.ietf.org/doc/draft-ietf-vwrap-type-system/
>>
>> this one still needs a little bit of work and is essentially the same
>> as the version published last february. however, we seemed to be
>> hurtling towards consensus on this one.
>>
>> VWRAP : Trust Model and User Authentication
>> https://datatracker.ietf.org/doc/draft-ietf-vwrap-authentication/
>>
>> i added references to the CALM draft, and removed the legacy bit about
>> agent id's. it's now all account ids, which is what i think we all
>> said we wanted. MD5 is still in the draft 'cause i wasn't completely
>> sure we all agreed to remove it. i need to add some more verbiage
>> about the "trust model," and possibly remove the MD5 references if
>> that's what the working group wants to do.
>>
>> VWRAP : Client Application Launch Message
>> https://datatracker.ietf.org/doc/draft-ietf-vwrap-launch/
>>
>> this is the draft that describes how we send a message from a web site
>> to the viewer to launch the viewer. it's intended to support web-based
>> auth schemes like OpenID and OAuth. i added a little more verbiage
>> regarding the use of a web capability as the location for an
>> agent_login resource and tried to make sure the references were
>> pointing to the right place.
>>
>> so... i encourage everyone to take a look at these docs and let me
>> know if you see anything wrong with them.
>>
>> cheers!
>> meadhbh
>> --
>> meadhbh hamrick * it's pronounced "maeve"
>> @OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com
>> _______________________________________________
>> vwrap mailing list
>> vwrap@ietf.org
>> https://www.ietf.org/mailman/listinfo/vwrap
>
> _______________________________________________
> vwrap mailing list
> vwrap@ietf.org
> https://www.ietf.org/mailman/listinfo/vwrap
>
- [vwrap] New Revisions of VWRAP Internet Drafts Pu… Meadhbh Hamrick
- Re: [vwrap] New Revisions of VWRAP Internet Draft… Peter Saint-Andre
- Re: [vwrap] New Revisions of VWRAP Internet Draft… Hurliman, John
- Re: [vwrap] New Revisions of VWRAP Internet Draft… Meadhbh Hamrick
- Re: [vwrap] New Revisions of VWRAP Internet Draft… Hurliman, John