User:Zero Linden/Office Hours/2008 August 12

From Second Life Wiki
< User:Zero Linden/Office Hours
Revision as of 13:35, 12 August 2008 by Saijanai Kuhn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • [13:00] JayR Cela:  :_)
  • [13:00] Mirt Tenk: greetings
  • [13:01] Gina Jewell: hello
  • [13:01] Dahlia Trimble: Hi :)
  • [13:01] Tao Takashi: Hi there
  • [13:01] Bartholomew Kleiber: Hi all
  • [13:01] Infinity Linden: hoa
  • [13:01] Infinity Linden: hola
  • [13:01] Infinity Linden: that is
  • [13:01] Rex Cronon: hi everyboyd
  • [13:01] Gina Jewell: hello
  • [13:01] Rex Cronon: everybody*
  • [13:02] Random Person: welcome
  • [13:02] JayR Cela: hi Rex :+_
  • [13:02] Rex Cronon: hii
  • [13:03] Infinity Linden: god i hope i didn't just sit on someone
  • [13:03] Random Person: lol
  • [13:03] Infinity Linden: i'm on the other end of a very slow network connection
  • [13:03] Infinity Linden: and it's taking forever for peeps to rez
  • [13:04] Random Person: oh I see
  • [13:04] Tao Takashi: Infinity: change the sides!
  • [13:04] Tao Takashi:  :)
  • [13:04] Rex Cronon: i quite certain that i landed on somebodys head, so i have to applogise:)
  • [13:04] Infinity Linden: yes... i've secretly been a double-agent
  • [13:04] Infinity Linden: working for the forces of the North East
  • [13:04] Bartholomew Kleiber: lol
  • [13:05] Bartholomew Kleiber: this ... is a joke, right?
  • [13:05] Infinity Linden: hmm.. maybe we could add the "landing on someone's head exclusion clause" to the protocol
  • [13:05] Oz Larg: Hello :D
  • [13:05] Rex Cronon: lol
  • [13:05] Tao Takashi: just removed the Head Landing Protocol
  • [13:06] Infinity Linden: well.. it can't be as bad as BGP.. I spent the morning reviewing the literature on BGP attacks
  • [13:06] Random Person:  :/
  • [13:06] Rex Cronon: bgp?
  • [13:06] Infinity Linden: and i'm ready to say we all should move to IPv6 with IPSec and DNSSec
  • [13:06] Infinity Linden: BGP == Border Gateway Protocol
  • [13:07] Rex Cronon: ok
  • [13:07] Tao Takashi: a routing protocol
  • [13:07] Infinity Linden: it's how the "big routers in the sky" figure out where different IP address ranges should be routed
  • [13:07] Infinity Linden: and
  • [13:07] Infinity Linden: it was made nearly completely without security concerns
  • [13:07] Infinity Linden: back in the days of teh ARPANet when everyone was a model citizen
  • [13:08] Saijanai Kuhn: aside from the flame wzarz...
  • [13:08] Saijanai Kuhn: warz
  • [13:08] Rex Cronon: for a sec i thought it was a group name, like PN
  • [13:08] Tao Takashi: today it would come with a CCTV attached ;-)
  • [13:08] Mirt Tenk: hmm
  • [13:08] Mirt Tenk: this is a major issue for us
  • [13:08] Infinity Linden: lol... actually... i already hacked the IP based camera at the burning man gate
  • [13:08] Bert Sinatra: I use bgp for my meta-ssl-vpn net, and it works quite well is you have good actors...
  • [13:09] Infinity Linden: yeah... BGP works well for what it does
  • [13:09] Infinity Linden: but security was bolted onto the side
  • [13:09] Infinity Linden: so you get things like alternet
  • [13:09] Infinity Linden: and so forth
  • [13:10] Infinity Linden: and it seems that all the big ISPs use slightly different techniques to ensure the security of their part of the IP address space
  • [13:10] Lillie Yifu: trudges out of the water doing a remarkable drowned rate impersonation.
  • [13:10] Infinity Linden: hmm...
  • [13:10] Saijanai Kuhn: drowned rate, is that like the dollar exchange rate?
  • [13:11] Saijanai Kuhn: no zero yet..
  • [13:11] Infinity Linden: it's 10 past and no zero
  • [13:11] Lillie Yifu: It's the rate at whichwork piles up faster than you cna do it.
  • [13:11] Infinity Linden: jinx!
  • [13:11] Zero Linden: Zero!
  • [13:11] Random Person: lol
  • [13:11] Infinity Linden: yay!
  • [13:11] Random Person: welcome Zero
  • [13:11] Oz Larg: Hi Zero
  • [13:11] Rex Cronon: hello zero
  • [13:11] Infinity Linden: we were jealous of your absence
  • [13:11] Zero Linden: sorry - I was trapped in a Sushi bar
  • [13:11] Bartholomew Kleiber: trapped???
  • [13:11] Mirt Tenk: life is rough
  • [13:11] Infinity Linden: and you had to eat your way out?
  • [13:11] Saijanai Kuhn: tales of the Sushi...
  • [13:11] Tao Takashi: Hey Zero
  • [13:11] Bartholomew Kleiber: he wore a dog costume
  • [13:12] Lillie Yifu: Zero to infinity, taht covers the reals,now for the imaginaries.
  • [13:12] Zero Linden: Trapped in a pleasent, tempura and avacado roll kind of way
  • [13:12] Tao Takashi: you were trapped in some sushi?
  • [13:12] JayR Cela: hi Zero
  • [13:12] Saijanai Kuhn: one of the 5 great novels of early Japanese literature
  • [13:12] Lillie Yifu: is "I Linden" taken?
  • [13:12] Bartholomew Kleiber: roled in that is
  • [13:12] Tao Takashi: trapped in a roll :)
  • [13:12] Zero Linden: Oh - and did I mention the miso soup....
  • [13:12] Zero Linden: mmmmmmmm
  • [13:12] Tao Takashi: they were probably advertising the new "Zero Roll"
  • [13:12] Saijanai Kuhn: ranks up there with Dragonball, er, Journey to the West
  • [13:12] BlueWall Slade: ZE-Roll
  • [13:12] Tao Takashi: ze Roll
  • [13:13] Zero Linden: Actually, we have to get some Linden to now be named after a surreal number...
  • [13:13] Infinity Linden: lol
  • [13:13] Infinity Linden: Hyperreal Linden?
  • [13:13] Oz Larg: I know you guys probably already an agenda, but I came to see if I might add an item to it if I may.
  • [13:13] Lillie Yifu: Which would have been a great Japanese novel if it weren't written during the Ming Dynasty in China
  • [13:13] Saijanai Kuhn: If I had gotten that job, I would have chosen WRongway LInden
  • [13:13] Infinity Linden: or {{2,3,5}|{9,17}} Linden
  • [13:13] Tao Takashi: Hyperventilating Linden
  • [13:14] Zero Linden: what infinity said!
  • [13:14] Infinity Linden: We still need One Linden and Many Linden
  • [13:14] Tao Takashi: Some Linden
  • [13:14] Zero Linden: well all
  • [13:14] Oz Larg: Omnipresent Linden?
  • [13:14] Tao Takashi: tell it Some Linden!
  • [13:14] Saijanai Kuhn: LIndy
  • [13:14] Tao Takashi: Which Linden?
  • [13:14] Infinity Linden: lol
  • [13:14] Tao Takashi: no, That Linden
  • [13:15] Infinity Linden: or "Your Imaginary Friend," Linden
  • [13:15] BlueWall Slade: NotMe Linden
  • [13:15] Tao Takashi: I guess it's time for Zero asking for agenda items ;-)
  • [13:15] Lillie Yifu: I am still waiting for Unterder
  • [13:15] Bartholomew Kleiber: Hush Linden?
  • [13:15] Zero Linden: welcome to another summer edition of Zero's office hours - also known as amateur comedy hour
  • [13:15] Oz Larg: STFU Linden lol
  • [13:15] Saijanai Kuhn: we discussed trust domains this morning. I came to a concensus that Agent Domains need the highest level of trust
  • [13:15] Infinity Linden: lol
  • [13:15] Random Person: lol
  • [13:15] Tao Takashi: maybe somebody wants to be Lame Linden
  • [13:15] Rex Cronon: could avatars that are less than 7 days be restricted from rezzing megaprims? right now one day old avatars come and grief sandboxes with megaprims
  • [13:15] Infinity Linden: and speaking of which
  • [13:15] Infinity Linden: i've been adding to the OGP Trust Model page
  • [13:16] Zero Linden: link link
  • [13:16] Infinity Linden: https://wiki.secondlife.com/wiki/User:Infinity_Linden/OGP_Trust_Model
  • [13:16] Lillie Yifu: Right now some Pn is doing Bobba spam, and that doens't need a mp to cause lots of trouble. He's up to 8 alts on ban link in one day.
  • [13:16] Zero Linden: yikes - looks like the outline of a security white paper! :-)
  • [13:16] Infinity Linden: umm... consider the source
  • [13:17] Infinity Linden: (the joke here is i used to write security white papers for the government)
  • [13:17] Infinity Linden: so
  • [13:17] Infinity Linden: i'll try to make it less white-papery
  • [13:17] Oz Larg: I hope to accelerate the subject of cross-sim ownership of items purchased to be used in SL for use in Open Sims
  • [13:17] Zero Linden: no no - I'm sure we'll need that
  • [13:17] Ewan Mureaux: put it on a yellow background
  • [13:17] Infinity Linden: and more applicable to "real world" problems
  • [13:17] Oz Larg: cross-grid I meant
  • [13:17] Tao Takashi: looks great, Infinity
  • [13:17] Zero Linden: how do you want input on that page ---
  • [13:18] Zero Linden: in the discussion sub-page?
  • [13:18] Infinity Linden: right now... yeah... discussion sub page
  • [13:18] Infinity Linden: or if you have private concerns
  • [13:18] Infinity Linden: you can email me
  • [13:18] Tao Takashi: we also had quite some discussion about this topic earlier at AWGroupies
  • [13:18] Infinity Linden: I
  • [13:18] Zero Linden: you mean, secret concerns that should stay secret?
  • [13:18] Zero Linden: just to paraphrase?
  • [13:19] Infinity Linden: I've chatted with some peeps that have concerns they want addressed, but for whatever reason don't want to broadcast
  • [13:19] Tao Takashi: like when I want to have a backdoor implemented for me? ;-)
  • [13:19] Infinity Linden: nah... it's more like...
  • [13:19] Lillie Yifu: hmmmm
  • [13:19] JayR Cela: there is allways a backdoor
  • [13:19] Infinity Linden: "my company is planning on implementing SRP over Kerberos with extended client side certificates"
  • [13:19] Zero Linden: Yes, the "LOLTAOOMG" backdoor hook will be kept secret, Tao
  • [13:19] Lillie Yifu: That's guys alright, the first thing they think of is getting n the back door once they are in the front door.
  • [13:19] JayR Cela: just depends on who ya know
  • [13:19] Infinity Linden: but I don't want to broadcast the fact
  • [13:20] Infinity Linden: so i've been asked by at least one person to be the human mix-master
  • [13:20] Random Person: lol
  • [13:21] Random Person: Infinity, theres a Hermit on your lap
  • [13:21] Infinity Linden: enh... it's probably the best thing i've had on my lap all day
  • [13:21] Random Person: hah
  • [13:21] Random Person: hello BB
  • [13:21] Random Person: welcome
  • [13:22] Tao Takashi: well, I want the backdoor to get out again ;-)
  • [13:22] Zero Linden: anyone want to sum up (in 3 sentences or less?) what the Gridnauts morning discussion yielded from this morning?
  • [13:22] Infinity Linden: blergh
  • [13:22] Zero Linden: (was it gridnauts or AWGroupies...?)
  • [13:22] Infinity Linden: sorry... no Fortezza
  • [13:22] Tao Takashi: groupies
  • [13:22] JayR Cela: Tao / first ya need to get in :_)
  • [13:23] JayR Cela: then find the way out
  • [13:23] Tao Takashi: we basically came to some sort of conclusion that most trust stuff is policy and it seems to be most important to make sure you know who you are talking to
  • [13:23] Infinity Linden: yup
  • [13:23] Tao Takashi: so you can decide on either white lists/blacklists/contract/weather what services you offer
  • [13:23] Saijanai Kuhn: Groupies meeting: my input: AD's are the most dangerous part of hte entire system and require the highest securty for even the most tirivial verson
  • [13:23] Tao Takashi: ranging from no trust = no services to full trust = full services
  • [13:24] Tao Takashi: we also were wondering in which cases this trust is needed
  • [13:24] Tao Takashi: apparently the AD needs to trust the RD to not steal things (if this is important to the AD)
  • [13:24] Infinity Linden: uh oh... i hope this conversation doesn't turn towards certification and verification of security proceedures at AD premisis
  • [13:24] Saijanai Kuhn: defacto AD's provide all services and require top security rating from any grid tey visit
  • [13:24] Saijanai Kuhn: just my 2 cents about the relative standards, not how they are implemented
  • [13:25] Tao Takashi: and the RD might as well trust the AD so that it knows it's not GriefersHeavenAD or some impersonator (which might not be that bad if the name is also marked with the AD it's comming from)
  • [13:25] Tao Takashi: well, we didn't talk that much about certs except that the usual way for doing SSL connections is needed
  • [13:25] Infinity Linden: no trust is an interesting model... it's about as useful as teh Wikipedia...
  • [13:25] Mirt Tenk: lol
  • [13:26] Infinity Linden: Yeah... TLS and maybe DTLS are good solutions
  • [13:26] Oz Larg: AD=Alternate Domain ??
  • [13:26] Saijanai Kuhn: Bob's Bargain Prims Region
  • [13:26] Infinity Linden: but it's important to remember what they provide
  • [13:26] Tao Takashi: it's also what seems to work except if certs expire ;-)
  • [13:26] Infinity Linden: yup
  • [13:26] Oz Larg: Thanx
  • [13:26] Saijanai Kuhn: Agent Domain. The thing that your avatar uses to connect to the rest of the metaverse
  • [13:26] Infinity Linden: i didn't really want to mention that
  • [13:26] Infinity Linden: but yest
  • [13:26] Oz Larg: ok
  • [13:26] Infinity Linden: it's a little known fact... certificates expire
  • [13:26] Infinity Linden: most systems today ignore an expired cert
  • [13:27] Infinity Linden: and some also ignore basic cert errors (like... I can't trace this cert to a trusted root)
  • [13:27] Tao Takashi: well, there might be the question if you trust your AD if this ignores it
  • [13:27] Zero Linden: and - how many check certificate revocation lists
  • [13:28] Infinity Linden: but... from the perspective of the protocol, it's probably not a good idea to mandate a "valid certificate"
  • [13:28] Tao Takashi: right there are issues. Questoin is if there is a better solution
  • [13:28] Infinity Linden: since everyone will likely ignore that
  • [13:28] Saijanai Kuhn: its going to be a big deal with an AD doesn't dot the i's and cross the t's
  • [13:28] Infinity Linden: this gets back to the human concept of "trust"
  • [13:28] Tao Takashi: a better solution which has a chance to get used that is
  • [13:29] Infinity Linden: as in "I trust ___ to beahve properly and renew thier certs and not steal my inventory"
  • [13:29] Saijanai Kuhn: regardless of how trust is defined, AD's MUST be the most trusted thing
  • [13:29] Tao Takashi: Infinity: right
  • [13:29] Zero Linden: so - are we saying that most of issues of trust can be decided by the operators themselves choosing what every policies they want, mechancial or by hand...
  • [13:29] Tao Takashi: well, the question might be what happens to objects which move around
  • [13:29] Zero Linden: ...if the protocol provides certainty of who you are talking with?
  • [13:30] Tao Takashi: this is something I want to think more about in terms of use cases
  • [13:30] Infinity Linden: i think the protocol should provide for a mechanism to prove your identity
  • [13:30] Tao Takashi: because this is some sort of trust on the move
  • [13:30] Mirt Tenk: I think this is necessary for large-scale support from higher ed, who have the resources to provide it
  • [13:30] Infinity Linden: but leave the details (like you need a 4096 bit RSA key in your cert, etc.) to an interoperability profile
  • [13:30] Mirt Tenk: as I think they should
  • [13:30] Infinity Linden: that is considerably more constrained than the protocol
  • [13:30] Infinity Linden: and can be updated more quickly when we finally find out that RSA has been broken
  • [13:31] Tao Takashi: for the services I think you basically need to be sure that nobody forged that URL you are talking to and it's really the endpoint it should be
  • [13:31] Tao Takashi: so it can check it's own list of permissions for it
  • [13:31] Infinity Linden: Tao: absolutely
  • [13:31] Infinity Linden: each AD should be able to maintain it's own list of "trusted peers"
  • [13:32] Tao Takashi: of course client side certs might also be useful for some applications but as you wrote they probably don't get that popular
  • [13:32] Stirling Allen: I think a better way of saying that might be to say that the system should provide mechanisms for establishing identity, and for determining how much identity has been established.
  • [13:32] Tao Takashi: information cards might also be an option
  • [13:32] Infinity Linden: covers ears
  • [13:32] Zero Linden: so - in that case is just requiring that connections be SSL and have both client and server certs enough (leaving what strength certs, and rooted where as policy decisions)?
  • [13:32] Infinity Linden: does not admit that client certs exist
  • [13:32] Tao Takashi: I used one for our intranet server once
  • [13:32] Mirt Tenk: authentication
  • [13:32] Mirt Tenk: like shibboleth
  • [13:32] Tao Takashi: but the problem is that when you need to login from somewhere you usually don't have that cert with you
  • [13:33] Infinity Linden: but seriously... client certs shoudn't be required, but allowed
  • [13:33] Infinity Linden: by protocol
  • [13:33] Tao Takashi: probably the same can happen with information card or your eye scanner
  • [13:33] Tao Takashi: yes, allowed, not required
  • [13:33] Tao Takashi: I think this might also be some optional decision of some AD implementation
  • [13:33] Infinity Linden: and then possibly have an "interoperability profile" that makes a statement one way or another about client certs
  • [13:33] Infinity Linden: yup
  • [13:34] Tao Takashi: we maybe shoud make sure the AD can promote which auth schemes it supports and we maybe don't need to define them all now
  • [13:34] Zero Linden: But, a most common case in OGP is that the Agent Domain, as a clinet of a HTTP/TLS session, contacts a Region Domain
  • [13:34] Lillie Yifu: hmmmm what about allowing the user to establish what privileges they allow their account to use when they log in various ways, and the server establish what they will let people do?
  • [13:34] Zero Linden: how does the Region Domain check the credential of the AD?
  • [13:34] Infinity Linden: and enhanced services like client side certs _could_ be linked with things like group membership
  • [13:34] Infinity Linden: but we probably don't want to go there in rev 1 of the protocol
  • [13:34] Tao Takashi: and I haven't looked at PAPE but isn't this something where you can ask which auth mechanism was used? (part of openid)
  • [13:34] Lillie Yifu: let me take an example. A user could say that they allow their account to log in without a cert, but not say, spend money.
  • [13:34] Zero Linden: wouldn't client cert be "just the thing" in this case? Couldn't the AD supply the same cert it supplies as when it is contacted as a server?
  • [13:35] Infinity Linden: Zero.. personally.. i think there should be some flexibility there... server and client certs for (D)TLS
  • [13:35] Infinity Linden: or
  • [13:35] Tao Takashi: actually Casper Bowen from Microsoft was talking quite a bit about such problems in his presentation at the identity camp
  • [13:35] Lillie Yifu: The server could establish that a uer must log in through cert if the system owners/managers/people responsible
  • [13:35] Lillie Yifu: decide that.
  • [13:35] Infinity Linden: if you want to be "old school" IP White List
  • [13:35] Zero Linden: I'm an most definitely not considering client certs for the viewer contacting the agent domain to establish authentication....
  • [13:35] Zero Linden: ....but we should allow that an agent domain may choose to require such....
  • [13:36] Mirt Tenk: agreed
  • [13:36] Tao Takashi: +1
  • [13:36] Zero Linden: But certs from server cluster to server cluster (between the domains) doesn't seem like an onus
  • [13:36] Lillie Yifu: yes, so what is really there is a list
  • [13:36] Lillie Yifu: and the most restrictive is picked off the two lists
  • [13:36] Zero Linden: looks up (D)TLS
  • [13:37] Infinity Linden: Lillie.. yeah there's a section in my doc about "expressibility" that's going to be filled out to describe situations where you might want to add capabilities based on authentication strength or trust afforded by such authentication
  • [13:37] Infinity Linden: DTLS == TLS for UDP
  • [13:37] Lillie Yifu: system says "you can log in with cert" but users says "I can't log in without cert." therefore region must either require cert or say "I don't support certs"
  • [13:38] Mirt Tenk: no cert = no access for regions requiring
  • [13:38] Infinity Linden: lol... Lillie... the question may be... do we put training wheels on the spec, or do we let people shoot themselves in the foot?
  • [13:38] Infinity Linden: Mirt.. exactly
  • [13:38] Mirt Tenk: I think you'd get exponential higher ed buyin & support w/the cert as option
  • [13:39] Lillie Yifu: let them decide if they are ina bicycle shop or a gun shop?
  • [13:39] Infinity Linden: right... remember that just because someone has a cert from Verisign doesn't mean Verisign thinks they're trustworthy
  • [13:39] Infinity Linden: it just means that VeriSign thinks they're who they say they are
  • [13:39] Tao Takashi: which should be ok for us. you should find out the rest yourself or define it with a contract
  • [13:39] Infinity Linden: in the end it's the region and agent domain operators who decide whom they trust
  • [13:39] Tao Takashi: or some TOS
  • [13:40] Tao Takashi: or intuition
  • [13:40] Lillie Yifu: hmmmm Kantia would say that this is who verisign says they are. It's synthetic not analytic.
  • [13:40] Infinity Linden: right... i'm thinking that both the Agent and Region domains will publish some form of ToS
  • [13:40] Tao Takashi: needs some example TOS ;-)
  • [13:40] Infinity Linden: with explicit agreemen to teh ToS required before access is given
  • [13:40] Infinity Linden: but
  • [13:40] Lillie Yifu: But my thought is what if what the protocol does is have a way of listing mechanisms and negotiating them? ANd thenleave the actual mechanisms to others?
  • [13:40] Infinity Linden: there's also the question of transitive trust
  • [13:41] Infinity Linden: do you want the agent domain to broker trust in the region domain
  • [13:41] Infinity Linden: i.e.
  • [13:41] Tao Takashi: and if you trust transitive trust ;-)
  • [13:41] Lillie Yifu: Then if people want client certs, they can write that and negotiate it.
  • [13:41] Infinity Linden: do you want to have a system where the agent domain trusts users
  • [13:41] Infinity Linden: and users trust agent domains
  • [13:41] Infinity Linden: and agent domains and region domains trust each other
  • [13:41] Tao Takashi: so much trust, sounds like childhood ;-)
  • [13:42] Saijanai Kuhn: seems to me, as it is currently designed, the Agent DOmain has to be trusted by everyone (to repeat myself)
  • [13:42] Infinity Linden: but users don't need to explicitly trust regions 'cause they trust the agent domain to afford trust under a reasonable scheme
  • [13:42] Zero Linden: or the banking industry...
  • [13:42] Tao Takashi: I wonder if users should be able to override the trust decision done by the agent domain
  • [13:42] Saijanai Kuhn: only to a lower level, not higher
  • [13:42] Infinity Linden: Yup.. Sai... the agent domain is in many ways our equivalent of a certifying authority
  • [13:42] Lillie Yifu: hmmmmm
  • [13:42] Infinity Linden: Tao.. that's a good idea
  • [13:42] Infinity Linden: but
  • [13:43] Tao Takashi: at least for things they can decide it, like not necessarily for objects other people created
  • [13:43] Infinity Linden: users would have to understand that some services would not be available to them if they are trusting a region domain that the agent domain does not trust
  • [13:43] Zero Linden: well, while I think some of us here could maintain our own trust lists -- and even some of those might actually do it
  • [13:43] Tao Takashi: oh, I also stressed the point at the AWGroupies meeting that the user should actually in control of his or her data and be able to decide which bits of information go where
  • [13:43] Tao Takashi: with my DataPortability hat on :)
  • [13:43] Saijanai Kuhn: thing
  • [13:43] Zero Linden: my mother just wants to trust her Agent Domain (that she picked, of course) to figger it out
  • [13:44] Infinity Linden: that's awesum that your mother has a SL account
  • [13:44] Goldie Katsu: I was thinking of a reverse scenario - that the AD trusts a RD, but the RD has some features that mean the user may not want to enter that RD
  • [13:44] Tao Takashi: Zero: sure, only as an option
  • [13:44] Tao Takashi: the default probably is to let the AD decide
  • [13:44] Infinity Linden: My mum won't upgrade from her Sun 3.60
  • [13:44] Zero Linden: someone have a horse?
  • [13:44] Goldie Katsu: lol Infinity
  • [13:44] Zero Linden: And - if there is a market for agent domains that allow their users to explictly override trust on a per region (domain) basis....
  • [13:45] Zero Linden: ...I'm sure it will be done
  • [13:45] Infinity Linden: Goldie... right now I think the option is for the user not to enter that RD
  • [13:45] Infinity Linden: though
  • [13:45] Tao Takashi: tried to install XBattle on a mac yesterday, I also wished I would still have some HPUX workstation where it ran wonderfully on ;-)
  • [13:45] Infinity Linden: and that is one of the things you're going to have to trust an agent domain to do
  • [13:46] Infinity Linden: to NOT give information about you to people (or machines or domains) that you don't want that AD to give it to
  • [13:46] Infinity Linden: so
  • [13:46] Infinity Linden: yeah
  • [13:46] Goldie Katsu: Yeah you do need to trust your AD to know if the RD doesn't meet your standards (is Uber Mature when you only go to Mature and PG sims)
  • [13:46] Infinity Linden: ideally.. we would have a system where the user could create a black-list of region domains
  • [13:46] Goldie Katsu: and info protecting, yes.
  • [13:46] Infinity Linden: but
  • [13:47] Infinity Linden: that might be a bit far off
  • [13:47] Tao Takashi: the user can always create such a list if the client or AD supports it
  • [13:47] Infinity Linden: given the current state of the protocol
  • [13:47] Tao Takashi: I don't think we need to put that into the protocol
  • [13:47] Infinity Linden: in the mean time we can simply say
  • [13:47] Infinity Linden: the agent domain shouldn't give information about an agent to a region domain the agent doesn't want
  • [13:47] Infinity Linden: but
  • [13:48] Infinity Linden: that may have consequences when we talk about IM
  • [13:48] Infinity Linden: or teleporting
  • [13:48] Infinity Linden: well
  • [13:48] Lillie Yifu: Lost you Tao, what don't you think needs to be in the protocol?
  • [13:48] Infinity Linden: tp is pretty straight forward..
  • [13:48] Infinity Linden: if you say... "i don't want to talk to this region"
  • [13:48] Infinity Linden: it's pretty obvious that that also means "I don't want to teleport to this region"
  • [13:48] Zero Linden: I'm with Tao - the protocol doesn't need to know about user provided black lists to the AD
  • [13:48] Zero Linden: that can just be between AD and user - perhpas with a HTML UI ---
  • [13:49] Saijanai Kuhn: just how to pass them around as needed...
  • [13:49] Infinity Linden: okay... out of band
  • [13:49] Goldie Katsu: privacy and data protection is hard because we want usuability and transparancy as well
  • [13:49] Lillie Yifu: That's a transperancy issue, and is way up the chain.
  • [13:49] Lillie Yifu: transparency*
  • [13:50] Infinity Linden: the concern i have is what happens when someone who is in a region domain you don't trust IMs you?
  • [13:50] Goldie Katsu: Is the IM handled by the RD or the AD?
  • [13:50] Lillie Yifu: Transmit but label it
  • [13:50] Infinity Linden: some of the information you may not want to leak includes your online status
  • [13:50] Infinity Linden: but
  • [13:50] Lillie Yifu: act conservative accept libera.
  • [13:50] Tao Takashi: thinks IM is handled by the IM Service ;-)
  • [13:50] Goldie Katsu: should the RD be involved?
  • [13:51] Goldie Katsu: If it is an agent to agent trust (even if it is an IM service.)
  • [13:51] Infinity Linden: right now we return a note saying "so and so is not online" if that user is not onine
  • [13:51] Infinity Linden: so it doesn't matter who handles it
  • [13:51] Infinity Linden: it's really just an issue of expressability
  • [13:51] Lillie Yifu: So treat it this way, send the IM, but don't send back any information. Treat it as the user is offline.
  • [13:51] Infinity Linden: you have to be able to express your preference to someone who is involved in the IM protocol
  • [13:51] Tao Takashi: Lillie: Well, IRC also does not define which people I ignore, it's done by the client.
  • [13:51] Zero Linden: well - you know, when you ring my home phone and I'm not there you get my answering machine
  • [13:51] Lillie Yifu: Since the integrity condition is "don't tell untrusted regions things"
  • [13:52] Zero Linden: (okay, bad analogy, but somethings are just social convention)
  • [13:52] Infinity Linden: but this will be a change in use semantics
  • [13:52] Saijanai Kuhn: Zha and I kicked around the idea of hte IM server sending a list of recipients of a given message to the AD and letting hte AD sort out who is online or not
  • [13:52] Tao Takashi: I think it should be up to the IM service to find out whom to answer
  • [13:52] Lillie Yifu: That's transparency, we are talking at the level of integrity
  • [13:52] Infinity Linden: currently... when you're not online... peeps sending you messages get an alert like "oh... that message you sent... I couldn't deliver it to the person"
  • [13:53] Tao Takashi: and it might optionally maybe have access to some webservice which tell it more to help with that decision
  • [13:53] Tao Takashi: like access to the AD friendlist
  • [13:53] Lillie Yifu: Ignoring a user is a transparency thing, but not trusting a region is an integritything.
  • [13:53] Goldie Katsu: ah but if we are dealing with "sharing information" then it may matter beyond the IM service.
  • [13:53] Tao Takashi: being around in the RD
  • [13:53] Tao Takashi: etc.
  • [13:53] Saijanai Kuhn: right, but with the AD, that woud be taken care of by the AD, not the central IM server
  • [13:53] Infinity Linden: ye
  • [13:53] Infinity Linden: Lillie
  • [13:53] Infinity Linden: but
  • [13:53] Saijanai Kuhn: or the AD could send that message back to the IM server
  • [13:53] Infinity Linden: if you don't trust a region
  • [13:53] Infinity Linden: you may not trust that region to interpose itself in an IM conversation
  • [13:53] Infinity Linden: or an inventory offer
  • [13:53] Lillie Yifu: Then it should get a message back which says "don't call us,we'll call you."
  • [13:54] Goldie Katsu: Does the AD or RD determine your "onlineness"
  • [13:54] Tao Takashi: I would like a structure where the IM server can be easily replaced and I could even hook up my jabber server (and modify the client to handle it) and use this for IM.. My Jabber server might have an OAuth token from my AD which gives it access to my friendslist
  • [13:54] Goldie Katsu: I would think IM's would be user@AD
  • [13:54] Infinity Linden: (though... can you pick up an item from in-world and drop it on someone's profile?)
  • [13:54] Goldie Katsu: becaues you won't know what RD they might be on
  • [13:54] Mirt Tenk: good question
  • [13:54] Infinity Linden: blergh
  • [13:54] Random Person: oh my
  • [13:54] Lillie Yifu: The user gets the IM, labelled as being from an untrusted source, and can decide whether to establish connection.
  • [13:54] Lillie Yifu: Caller Id basically.
  • [13:55] Infinity Linden: are we now REQUIRING that IM not be handled by the RD or the AD?
  • [13:55] Tao Takashi: we are requiring nothing in this field right now I guess ;-)
  • [13:55] Saijanai Kuhn: for cross-grid IM, the AD likely should be involved
  • [13:55] Lillie Yifu: the sender gets a message saying that the recipeints AD has gotten the message, and that further contact, if any, will come from the users AD
  • [13:56] Infinity Linden: also... we're not making use Jabber
  • [13:56] Tao Takashi: I personlly just expressed my favour of having as many services replaceable and mostly connected by the client and not necessarily part of some big AD component
  • [13:56] Infinity Linden: I think that would be a gateway
  • [13:56] Infinity Linden: a very useful gateway
  • [13:56] Tao Takashi: well, I would see it as a client plugin
  • [13:56] Infinity Linden: but i'm not sure we're at the point where we're going to pick XMPP as THE IM transport
  • [13:56] Tao Takashi: it was mostly an example
  • [13:56] Goldie Katsu: how would you know it is goldiekatsu@secondlife if it is my client saying so with no AD?
  • [13:57] Infinity Linden: oh.. okay
  • [13:57] Lillie Yifu: There isn't any need for that, the AD can negotiate at the time of contact, and then let the two clients talk by whatever mechanims.
  • [13:57] Whump Linden: Tao, isn't that boiling the ocean at some point? You have to get everyone you interact with to swap out those components as well, would't they?
  • [13:57] Infinity Linden: uh oh... we're coming into a discussion regarding identity in virtual worlds
  • [13:57] Tao Takashi: there can be a default setup. basically what now would be "hidden" in the AD
  • [13:57] Goldie Katsu: well how else would you IM this avatar?
  • [13:57] Infinity Linden: Lillie.. right.. but the AD must tell the RD that a particular agent is online
  • [13:58] Tao Takashi: it's many separate services which have some sort of access to each other maybe via some exchanged token
  • [13:58] Lillie Yifu: actually not here. Because this is still an integrity. We don'thave to "know" that it is lillie.yifu@secondlife here, just how to handle the case of we don't have the usual mecahnism.
  • [13:58] Oz Larg: wherever there is commerce, should there not be persistent identity, even in virtual worlds?
  • [13:58] Infinity Linden: right now, session initiation for IMs go through the sim
  • [13:58] Lillie Yifu: No the AD just as to say "I got the message and am forwarding it to the recipeint, if any. Beijos!"
  • [13:58] Tao Takashi: bascially what is also envisioned for the social networking world, having some identity and social graph "floating on top" and using that to access certain small services, hopefully without entering all your detail information again and again
  • [13:59] Infinity Linden: Oz.. you would be surprised what some peope want
  • [13:59] Infinity Linden: but yeah
  • [13:59] Oz Larg: I believe U
  • [13:59] Infinity Linden: the concept of a persistent identity (that may be pseudonmyous)
  • [13:59] Infinity Linden: is probably a given
  • [13:59] Lillie Yifu: Maybe even "Und Tschuess!"
  • [13:59] Tao Takashi: and I also wouldn't limit this discussion to virtual worlds here because this might only be one part of how I want to use services
  • [13:59] Zero Linden: well, to steer back to the example at hand
  • [14:00] Zero Linden: seems to me that we should make the AD/RD IM protocol response be general: RD->AD "here's an IM for x", AD->RD: "got it. message to show sender is 'X'"
  • [14:00] Zero Linden: where 'x' might be empty or 'not online' or 'don't call us'
  • [14:01] Zero Linden: or what have you
  • [14:01] Zero Linden: then we can leave the features offered by a AD to the AD operator:
  • [14:01] Zero Linden: "we offer fine grained control over what information is given, even in IMs...."
  • [14:01] Infinity Linden: right... just as right now you can select whether you want your friends to know if you're online or where you're located
  • [14:01] Zero Linden: "we offer super cool, just let us deal with it, IM spam filtering"
  • [14:01] Zero Linden: etc....
  • [14:02] Infinity Linden: and right... i think it probably doesn't need a protocol addition to support this
  • [14:02] Infinity Linden: perhaps an option managed by the AD
  • [14:02] Infinity Linden: eek... we're at teh end of the hour
  • [14:02] Zero Linden: my... how time flies
  • [14:02] Infinity Linden: i think we have violent agreement that (D)TLS and certificates are nice
  • [14:03] Tao Takashi: nice might be different, but useful ;-)
  • [14:03] Infinity Linden: that client certificates shoudn't be REQUIRED for cient -> AD or client -> RD
  • [14:03] Infinity Linden: but client certs should be an option for AD <-> RD
  • [14:03] Lillie Yifu: SO this is a simple table there is (trusted person) and(trusted source) user can set preferences on how to handle
  • [14:03] Tao Takashi: so basically client certs are always an option
  • [14:03] Infinity Linden: and we have more use cases... like user X doesn't trust region Y
  • [14:05] Infinity Linden: yeah... i don't think we should put anything in the protocol to REQUIRE or FORBID client certs for any use
  • [14:05] Lillie Yifu: like "ignore IMs from people I don't have on my friends list" and "contact people who I have on my friends list form untrusted places by a means I trust" Example, if I get a message from someone I think I might know, from someplace I don't trust, the protocol would try and establish an IM to their say AIM account which I already put in my file.
  • [14:05] Zero Linden: thanks for the summary, Infinity
  • [14:05] Zero Linden: thanks for coming
  • [14:05] Zero Linden: okay all
  • [14:05] Infinity Linden: and Lillie... i'm going to try to type up your exampe as an application of the "expressibility" of a permissions language
  • [14:05] Oz Larg: May I suggest a topic, if there is time?
  • [14:05] Zero Linden: (out of order!) All: Thanks for coming
  • [14:05] Lillie Yifu: Basically "if you are who you say you are I will try and call you back on a number I know."
  • [14:06] Zero Linden: no more time for me, alas....
  • [14:06] Tao Takashi: thanks for hosting
  • [14:06] Mirt Tenk: take care, ty
  • [14:06] Goldie Katsu: Thanks Zero & Infinity
  • [14:06] Random Person: ah i see
  • [14:06] Zero Linden: next time
  • [14:06] Zero Linden: ~
  • [14:06] Zero Linden: later
  • [14:06] Random Person: have a great day Zero
  • [14:06] Infinity Linden: Sai... you're posting the transcript, right?
  • [14:06] Stirling Allen: Bye Zero.
  • [14:06] Oz Larg: ok, Thank you all
  • [14:06] Infinity Linden: i'm going to be refering to it a lot
  • [14:06] Rex Cronon: bye zero, bye everybody
  • [14:06] Gina Jewell: bye
  • [14:06] Rex Cronon: have fun
  • [14:07] Saijanai Kuhn: OK aferhours party, or everyone can head to Metanomics to listen to Adam talk about the XBAP web viewer project