AW Groupies/Chat Logs/AWGroupies-2008-07-15

From Second Life Wiki
Jump to: navigation, search
  • a Trimble (0m), Goldie Katsu (5m), Siddhartha Fonda (5m), Saijanai Kuhn (8m), BlueWall Slade (9m)
  • [2008/07/15 9:28] Connecting to: in-world Voice Chat...
  • [2008/07/15 9:28] Connected undefined:
  • [2008/07/15 9:32] Saijanai Kuhn: hey all. Split attention right now
  • [2008/07/15 9:32] Dahlia Trimble: Hi :)
  • [2008/07/15 9:32] Bartholomew Kleiber: hi all
  • [2008/07/15 9:32] Zha Ewry: Hello everyone
  • [2008/07/15 9:33] Zha Ewry: So.. we're going to hopeflly chew on the stuff needed to do trust in the large
  • [2008/07/15 9:33] Goldie Katsu: I trust that will work :)
  • [2008/07/15 9:33] Zha Ewry: And.. fair warning... if you talk about this stuff, you will probably find loud noisy comments posted on your blogs, and your name in other people's blogs
  • [2008/07/15 9:34] Zha Ewry: I tossed some roadmap thoughts for this space out on my blog.. and it got, ahm.. noisy
  • [2008/07/15 9:35] Tao Takashi: sorry, need to head over to the pyogp meeting again
  • [2008/07/15 9:35] Zha Ewry: [1]
  • [2008/07/15 9:35] Dahlia Trimble: someone likes you Zha?
  • [2008/07/15 9:35] Saijanai Kuhn: me has an alt (ad incredible lag)
  • [2008/07/15 9:35] Goldie Katsu: People feel strongly about this "grid" we inhabit.
  • [2008/07/15 9:35] Saijanai Kuhn: Prokofy deconstructed it "line by line" amazing thourght processes insight
  • [2008/07/15 9:36] Zha Ewry: nods
  • [2008/07/15 9:36] Dahlia Trimble: I saw Prok's blog posting
  • [2008/07/15 9:36] Goldie Katsu: Amazing the skills being a translator give you for analysis of things.
  • [2008/07/15 9:36] Zha Ewry: sighs
  • [2008/07/15 9:36] Dahlia Trimble: skills? :/
  • [2008/07/15 9:36] Zha Ewry: Amazing what happens when you try to view the world through a "I don't trust anyone's motives" filter
  • [2008/07/15 9:36] Rex Cronon: hello everybody
  • [2008/07/15 9:37] Dahlia Trimble: HI :)
  • [2008/07/15 9:37] Zha Ewry: So... In general, I think that roadmap is about right.
  • [2008/07/15 9:37] Zha Ewry: We anchor in proof that the sims are who they say they are
  • [2008/07/15 9:37] Zha Ewry: We likewise, need to anchor in proof that the users are who they say they are
  • [2008/07/15 9:37] Zha Ewry: we provide a policy plug point, for various ways of expressoins policy
  • [2008/07/15 9:39] Zha Ewry: and.. we do an early example of the xisting behavior
  • [2008/07/15 9:41] Zha Ewry: In particular, we want to be able to say, I think
  • [2008/07/15 9:42] Zha Ewry: "here is how the proposed stacks will yield existing behavior between a Linden Style Grid, and a OpenSim Region"
  • [2008/07/15 9:43] Zha Ewry: eyes the silent crowd
  • [2008/07/15 9:43] Whump Linden: It must be early?
  • [2008/07/15 9:43] Dahlia Trimble: lol
  • [2008/07/15 9:43] Goldie Katsu: You just can't see us nodding.
  • [2008/07/15 9:44] Zha Ewry: laughs
  • [2008/07/15 9:44] Shamir Katsu: nods
  • [2008/07/15 9:44] Goldie Katsu: When you say "sims are who they say they are"
  • [2008/07/15 9:44] Goldie Katsu: do you mean Region Domain and Agent domain pair?
  • [2008/07/15 9:44] Goldie Katsu: or where does that part fit?
  • [2008/07/15 9:44] Zha Ewry: So.. one quick digresoin
  • [2008/07/15 9:45] Zha Ewry: The long term picture, I think, (and I had a chat with Zero on this last week) is that there is no one to one mapping
  • [2008/07/15 9:45] Zha Ewry: between regoin domains and agent domains
  • [2008/07/15 9:45] Zha Ewry: Lots of permutations, just sets of services grouped for our own convenicne as we do various deploys
  • [2008/07/15 9:45] Zha Ewry: But...
  • [2008/07/15 9:45] Zha Ewry: that said
  • [2008/07/15 9:46] Zha Ewry: I think we need good, simple, ways of being able to prove to each other
  • [2008/07/15 9:46] Zha Ewry: "I am part of the lastdiehardAOLservers.com region domain"
  • [2008/07/15 9:47] Zha Ewry: And likewise for the round trip
  • [2008/07/15 9:47] Zha Ewry: so...
  • [2008/07/15 9:47] Goldie Katsu: Can I throw in one more question here.
  • [2008/07/15 9:47] Saijanai Kuhn: someone else will have to handle the transcript. the new RC doesn't like to run two copies
  • [2008/07/15 9:47] Goldie Katsu: (OK 2 since I just asked one)
  • [2008/07/15 9:47] Zha Ewry: "ChartruseIslandsAgentDomain" can prove to "JoesGarage" that it is in fatc who it says it is
  • [2008/07/15 9:47] Zha Ewry: Go ahead
  • [2008/07/15 9:48] A group: member named Mankind Tracer gave you Mankind Tracer in Amsterdam - Sim Notice on Stream.
  • [2008/07/15 9:48] Goldie Katsu: Does this mean that there could be a region domain that has no associated agent domain, and it just has a trust relationship with other agent domains to provide assets?
  • [2008/07/15 9:48] Zha Ewry: yes
  • [2008/07/15 9:48] Zha Ewry: In fact.. I think, long term..
  • [2008/07/15 9:49] Zha Ewry: it breaks up even more totally
  • [2008/07/15 9:49] Zha Ewry: No reason we can't have asset servers which serve up to lots of grids
  • [2008/07/15 9:49] Zha Ewry: All in trust relationships
  • [2008/07/15 9:49] Zha Ewry: I'm far from convinced that the current utility services need to live inside an agent or region domain, tho.. i can be had on it
  • [2008/07/15 9:50] Goldie Katsu: So it isn't just a "sim is who they say they are" but a region is who it says it is, and an agent domain is who it says it is.
  • [2008/07/15 9:50] Zha Ewry: I think so, yes
  • [2008/07/15 9:50] Goldie Katsu: (and I'll try very hard to not wonder if an agent domain can compartmentalize into multiple trust levels.)
  • [2008/07/15 9:50] Zha Ewry: Because we need to do sort of the full end to end who can we trust story
  • [2008/07/15 9:51] Goldie Katsu: So the user trust is two part.
  • [2008/07/15 9:51] Goldie Katsu: First you have user by way of client -> agent domain
  • [2008/07/15 9:52] Zha Ewry: An regoin domain needs to be just as skeptical of agent domains, I think
  • [2008/07/15 9:52] Zha Ewry: else. you will have osmeone spoof an agent domain, and say
  • [2008/07/15 9:52] Zha Ewry: "Hey, region, give my user back his rezzed objects" and suck them up
  • [2008/07/15 9:52] Goldie Katsu: and then there is the agent domain trust where everyone else trusts the agent domain to correctly identify the agent
  • [2008/07/15 9:52] Goldie Katsu: /nods
  • [2008/07/15 9:52] Zha Ewry: right
  • [2008/07/15 9:53] Zha Ewry: becuase we're long term, in a peer-to-peer mess
  • [2008/07/15 9:53] Zha Ewry: which is why I take Morgaine's point, about short haul trust being ideal here
  • [2008/07/15 9:54] Goldie Katsu: and there is also how much a client can be trusted by the agent domain.
  • [2008/07/15 9:54] Zha Ewry: I think we'll really try to avoid long trust chains in SL
  • [2008/07/15 9:54] Zha Ewry: Heh
  • [2008/07/15 9:54] Zha Ewry: Yes, Goldie, that's always interesting
  • [2008/07/15 9:55] Zha Ewry: Ideally, you'd want to prove your AD isn't spoofing
  • [2008/07/15 9:55] Goldie Katsu: an MD5 hash alone doesn't actually prove you have a verified client.
  • [2008/07/15 9:55] Saijanai Kuhn: which is where the worry about EVER transferring control to another agent domain comes in
  • [2008/07/15 9:55] Rex Cronon: isn't that what the password is used for?
  • [2008/07/15 9:56] Zha Ewry: Well
  • [2008/07/15 9:56] Goldie Katsu: password identifies the user. But the client itself is going to be handling certain tasks and permissions.
  • [2008/07/15 9:56] Goldie Katsu: (or more correctly CAPs
  • [2008/07/15 9:56] Goldie Katsu: )
  • [2008/07/15 9:56] Dahlia Trimble: maybe AD and regions could use a VPN to comunicate?
  • [2008/07/15 9:56] Zha Ewry: And worse..
  • [2008/07/15 9:56] Zha Ewry: How do I know if the endpoint at 9.2.22.23 is in fact really my agent domain?
  • [2008/07/15 9:56] Goldie Katsu: Yep.
  • [2008/07/15 9:57] Rex Cronon: u contact that endpoint with info provided by user
  • [2008/07/15 9:57] Zha Ewry: But are you sure someone isn't spoofing?
  • [2008/07/15 9:58] Zha Ewry: I *hate* internet security insanity
  • [2008/07/15 9:58] Goldie Katsu: In esscense we are relying on dns and TLS for the client<->agent domain connection
  • [2008/07/15 9:58] Zha Ewry: Yes
  • [2008/07/15 9:58] Saijanai Kuhn's: ISP hsan't fixsed that DNS bug yet :-(
  • [2008/07/15 9:58] Goldie Katsu: (luckily the TLS provides some assurance.)
  • [2008/07/15 9:58] Dahlia Trimble: why not set up a VPN when a trust relationship is begun?
  • [2008/07/15 9:59] Shamir Katsu: That's what TLS does
  • [2008/07/15 9:59] Zha Ewry: right for the really paranoid, we can use a cert on login
  • [2008/07/15 9:59] Zha Ewry: TLS is essentially a secure pipe for HTTP
  • [2008/07/15 9:59] Dahlia Trimble: googles TLS
  • [2008/07/15 10:00] Shamir Katsu: TLS is just the more generic name as it can be used with other protocols, e.g., SIP
  • [2008/07/15 10:00] Goldie Katsu: (PKI exchange occurs that sets up symmetric key for communications before passing HTTP messages.)
  • [2008/07/15 10:01] Sea Urchin: beanbags: Going to next texture.
  • [2008/07/15 10:01] Goldie Katsu: I can translate what I said into more englishy if anyone needs.
  • [2008/07/15 10:01] Zha Ewry: So, with TLS, and caps and certs, I think we have a pretty nice set of building blocks
  • [2008/07/15 10:01] Zha Ewry: I don't think we have a complete story tho
  • [2008/07/15 10:02] Latha Serevi: (I'm behind today) it's hopeless to seek a "verified client" isn't it? don't we have to expect that the (authenticated, un-spoofed) user will run whatever code they want?
  • [2008/07/15 10:02] Zha Ewry: We do
  • [2008/07/15 10:02] Goldie Katsu: No, because the TLS lets me know it's Joe's Diner but it doesn't tell me what I can do with Joe's Diner or trust Joe's diner to do.
  • [2008/07/15 10:02] Zha Ewry: We have to assume the client is totally malicious
  • [2008/07/15 10:02] Zha Ewry: Always the case on the web, really
  • [2008/07/15 10:02] Dahlia Trimble: or some portion of clients are malicious
  • [2008/07/15 10:02] Goldie Katsu: If the user has it on their machine we can't trust its veracity
  • [2008/07/15 10:03] Goldie Katsu: or trustworthyness
  • [2008/07/15 10:03] Shamir Katsu: well from the perspective of the Agent Domain you assume that it is untrusted until proven otherwise, no?
  • [2008/07/15 10:03] Goldie Katsu: You can't prove something outside of controlled domain is trustable, you can only limit what you trust it to do.
  • [2008/07/15 10:04] Rex Cronon: with the code for the viewer being opensource, i don't think u can ever assume that the viewer can be trusted
  • [2008/07/15 10:04] Saijanai Kuhn: given the existence of several viewers anyway...
  • [2008/07/15 10:04] Zha Ewry: You can't anyway, Rex, since. someone can just right C++ to the pipe and be untrusted
  • [2008/07/15 10:04] Zha Ewry: *write
  • [2008/07/15 10:04] Goldie Katsu: yep
  • [2008/07/15 10:04] Saijanai Kuhn: SLProxy...
  • [2008/07/15 10:04] Dahlia Trimble: I dont think limiting connections to SL type viewers is Opensim's goal anyway
  • [2008/07/15 10:04] Zha Ewry: We can.. withing reason have good trust betwee sims and ADs and sims and sims
  • [2008/07/15 10:05] Zha Ewry: Hardly, Dahlia
  • [2008/07/15 10:05] Goldie Katsu: yeah even sending a signature could have a MIM (man in the middle) attack.
  • [2008/07/15 10:05] Zha Ewry: and the OGP goal is tobe broad enough to not even assume the "client" is a viewer
  • [2008/07/15 10:05] Goldie Katsu:  :)
  • [2008/07/15 10:05] Zha Ewry: when you think of the client, as just a set of service/caps which happen to result in rndering of the world
  • [2008/07/15 10:05] Saijanai Kuhn: Maya-OpenSim plugin for builders
  • [2008/07/15 10:06] Zha Ewry: then.. we have to asume, it might, for example, be a videa stream generating client. No user at all, just a view bot, and a quicktime stream out the backend
  • [2008/07/15 10:06] Latha Serevi: The client is maybe a "set of interests" having to do with gathering the relevant info to a particular avatar in the world.
  • [2008/07/15 10:07] A group: member named Kira Ahn gave you New Releases 150708 (please unpack).
  • [2008/07/15 10:07] Zha Ewry: I think, that, at the moment, it's about that, youcould imaine re-factroring even further
  • [2008/07/15 10:07] Goldie Katsu: Actually it breaks down even further
  • [2008/07/15 10:07] Zha Ewry: just for fun.. contemplate.. a client wh's only purpose is to grab the chat here, for a web page view o fit, and an archive
  • [2008/07/15 10:08] Saijanai Kuhn: camera bots already exist and there's that nice meta-microphone thing that metanomics uses
  • [2008/07/15 10:08] Zha Ewry: Yes
  • [2008/07/15 10:08] Latha Serevi: I was describing the common case of "avatar-representing client" I guess.
  • [2008/07/15 10:08] Zha Ewry: So... imagine those as first class clients (or more specfically)
  • [2008/07/15 10:09] Saijanai Kuhn: I think he showed up a few minutes after everyone else left
  • [2008/07/15 10:09] Goldie Katsu: However, I think in the current model the client authenticates to the agent domain to a particular agent which maps to one or more avatars (is that right) and then a particular avatar identity would be connected to a region (whether it would rez or just grab a stream is an implementation detail.)
  • [2008/07/15 10:09] Zha Ewry: So, yes
  • [2008/07/15 10:09] Zha Ewry: I agree Latha, that's the most common use case
  • [2008/07/15 10:10] Zha Ewry: just. .as we peel the onion here, a bit, we want to cover the full range
  • [2008/07/15 10:11] Goldie Katsu: Oops correction: , I think in the current model the client authenticates to the agent domain to a particular account which maps to one or more agents (is that right) and then a particular agent identity would be connected to a region (whether it would rez or just grab a stream is an implementation detail.)
  • [2008/07/15 10:12] Goldie Katsu: so the agent would connect to a region in any case, whether it just gathers text, video or sends data.
  • [2008/07/15 10:13] ZHAO Ninja: AO set: Could not find animation 'ninjya-run'
  • [2008/07/15 10:13] Zha Ewry: I am increasinly, seeingf this as a set of sewrvices, which factor into the domains
  • [2008/07/15 10:13] ZHAO Ninja: AO set: Could not find animation 'ninjya-run'.
  • [2008/07/15 10:13] Zha Ewry: and. that we build trust around those domains, so we dont end up with soup
  • [2008/07/15 10:14] Goldie Katsu: So there is identity trust and there is some other kind of trust involved.
  • [2008/07/15 10:14] Saijanai Kuhn: one thing to point out is that connecting to a domain would be a multi-part process. You might have domain-specific inventory and groups for xample
  • [2008/07/15 10:15] Saijanai Kuhn: which could appy before rez_avtar
  • [2008/07/15 10:15] Latha Serevi: Identity trust at the base, and then each separate unit can associate capabilities with that identity. That's enough to bootstrap. But, a layer above that seems important for practical interoperability.
  • [2008/07/15 10:16] Latha Serevi: By the way, regarding un-spoofable communications, it's straightforward for you and me to set up a secure communication channel over insecure links, if we know we have each other's public keys. We're clear on that, right?
  • [2008/07/15 10:16] Zha Ewry: yes, if we have keys in place
  • [2008/07/15 10:16] Zha Ewry: Unspoofable, but not trustable, that the endpoint is well behaved
  • [2008/07/15 10:17] Goldie Katsu: The problem with VPNs is their endpoints :)
  • [2008/07/15 10:17] Zha Ewry: ie, once I send you the key, you can use it in a malcisous bit of software
  • [2008/07/15 10:17] Zha Ewry: sighs
  • [2008/07/15 10:17] Latha Serevi: It's nice that spoofing seems to be a completely squashable problem. One less thing.
  • [2008/07/15 10:17] Sea Urchin: beanbags: llStopAnimation: Script trying to stop animations but agent not found
  • [2008/07/15 10:17] Zha Ewry: right
  • [2008/07/15 10:17] Zha Ewry: So. another personal perference
  • [2008/07/15 10:18] Zha Ewry: and you see it in TLS being prominent
  • [2008/07/15 10:18] Zha Ewry: is to do this with as many base web bits as possible
  • [2008/07/15 10:18] Zha Ewry: 90% of this, is about collections of web services working together
  • [2008/07/15 10:18] Zha Ewry: so.. if we can stay deep in the middle of the web service space, I think we get a lot of benefits
  • [2008/07/15 10:19] Goldie Katsu: So what (types of) domains do we have that will each be authenticating to each other.
  • [2008/07/15 10:20] Goldie Katsu: I'm seeing Agent Domain, Region Domain and to a limited extent Client.
  • [2008/07/15 10:20] Goldie Katsu: are there more?
  • [2008/07/15 10:20] Zha Ewry: I think one more
  • [2008/07/15 10:20] Zha Ewry: which is utitlities
  • [2008/07/15 10:20] Goldie Katsu: and what is in Utilities?
  • [2008/07/15 10:20] Zha Ewry: Where things like the lindex, and asset servers might live
  • [2008/07/15 10:20] Zha Ewry: The factoring of the world I see developing
  • [2008/07/15 10:20] Goldie Katsu: and there might be multiple Utilities domains?
  • [2008/07/15 10:20] Zha Ewry: is...
  • [2008/07/15 10:21] Zha Ewry: Oh, defintiely
  • [2008/07/15 10:21] Zha Ewry: "Stuff about spaces" (regoin domain)
  • [2008/07/15 10:21] Zha Ewry: "Stuff about agents (ie) users) " (Agent domain)
  • [2008/07/15 10:21] Zha Ewry: And.. utiltiites regions use (Lindex, Searxh, etc)
  • [2008/07/15 10:21] Whump Linden: Zha, could you elaborate why asset servers might not be part of the Agent Domain?
  • [2008/07/15 10:22] Zha Ewry: I am reluctant to hae the third be just a random blob yet
  • [2008/07/15 10:22] Sea Urchin: beanbags: Going to next texture.
  • [2008/07/15 10:22] Zha Ewry: Because, I think there are lots of assets which aren't owned by users
  • [2008/07/15 10:22] Zha Ewry: Things like libraries of content
  • [2008/07/15 10:22] Zha Ewry: And.. it is also really, nice to break the tie between
  • [2008/07/15 10:22] Zha Ewry: "This domain hosts my account"
  • [2008/07/15 10:23] Zha Ewry: and "this domain holds *all* my stuff"
  • [2008/07/15 10:23] Goldie Katsu: And...where do groups fit? Or should current uses of groups be split into two (or more) other things. IM and notices are quite different from land perms and it is a complex mixture to combine them.
  • [2008/07/15 10:23] Zha Ewry: Well
  • [2008/07/15 10:23] Zha Ewry: I'd love to see that factoring, at least
  • [2008/07/15 10:23] Zha Ewry: We talked about this a bit
  • [2008/07/15 10:23] Zha Ewry: in openSim-dev
  • [2008/07/15 10:24] Zha Ewry: and it really seems to me, that group IM is much easier to grid span than
  • [2008/07/15 10:24] Zha Ewry: land ownership rights for example
  • [2008/07/15 10:24] Zha Ewry: As serviices?
  • [2008/07/15 10:24] Goldie Katsu: It also means that you can be in group IMs without being in a virtual world potentially.
  • [2008/07/15 10:24] Zha Ewry: I'm not so worrried about it in the short term
  • [2008/07/15 10:24] Zha Ewry: Yep
  • [2008/07/15 10:25] Zha Ewry: As we scale out, things like that feel really important too
  • [2008/07/15 10:25] Sea Urchin: beanbags: Going to next texture.
  • [2008/07/15 10:25] Latha Serevi: The basic build of a region seems to belong to the region. Sure, it can be forced to have an owner, but it's an uneasy fit. So, what kind of entity can own an object?
  • [2008/07/15 10:25] Zha Ewry: Interesting question Latha
  • [2008/07/15 10:26] Zha Ewry: anyone who's done a bunch of group building knows its a mess in SL
  • [2008/07/15 10:26] Zha Ewry: harkening back to my MUD/MOO/MUSH days
  • [2008/07/15 10:26] Latha Serevi: (or does "own" decompose into "hold the keys to", "stores the bits of", and "has permission to modify"...
  • [2008/07/15 10:26] Goldie Katsu: yes. And for corporations who want to own the output of work it is a special challenge.
  • [2008/07/15 10:26] Zha Ewry: we had some really cool content library stuff
  • [2008/07/15 10:27] Zha Ewry: so.. I think Latha, that was exactly th right question
  • [2008/07/15 10:27] Zha Ewry: Who has the keys
  • [2008/07/15 10:27] Zha Ewry: who can control it
  • [2008/07/15 10:27] Zha Ewry: in the current model of the world
  • [2008/07/15 10:27] Zha Ewry: Regions, hold stuff
  • [2008/07/15 10:27] Rodriguez Hird: afk
  • [2008/07/15 10:28] Latha Serevi: Some one (or small number) of entities will have the keys; but they'll also have a map of who they'll allow to twiddle the object by proxy. That map interests me too.
  • [2008/07/15 10:28] Zha Ewry: In really odd ways
  • [2008/07/15 10:29] Zha Ewry: nods
  • [2008/07/15 10:29] Zha Ewry: So. right now, if you rez a block on this sim
  • [2008/07/15 10:29] Zha Ewry: The sim holds it as a paersistent object
  • [2008/07/15 10:29] Zha Ewry: Not in your inventory
  • [2008/07/15 10:29] Zha Ewry: just in the sim
  • [2008/07/15 10:29] Zha Ewry: That's really odd in many ways
  • [2008/07/15 10:30] Latha Serevi: Regions holding stuff in odd ways - my instinct is that the LL model will have to be modified quite a bit in order to fit an open-sim model at all. Compatible, maybe, but very different underlying set of assumptions. Like zha said.
  • [2008/07/15 10:30] Zha Ewry: You can only find it, and manipulate it, if you com ehere in person
  • [2008/07/15 10:30] Zha Ewry: well, 90% of the OpenSim code follows Lindne's lead
  • [2008/07/15 10:31] Latha Serevi: ""Where objects exist" is in the 10% though!
  • [2008/07/15 10:31] Latha Serevi: or had better be
  • [2008/07/15 10:31] Zha Ewry: somewhat
  • [2008/07/15 10:31] Zha Ewry: Less than you might expect
  • [2008/07/15 10:31] Zha Ewry: You can lose prims on OpenSim in disturbingly simialr ways
  • [2008/07/15 10:33] Goldie Katsu: I like separating out the asset, but it does pose an interesting point on trust.
  • [2008/07/15 10:34] Latha Serevi: For the basic case of a no-copy object rezzed in a region ... the LL assumption is that it has been erased from the agent domain. And presumably you'll want to support that policy approach. But don't we also need a set of permission bits to pass around to allow implementing the "AD keeps a copy of course, even for no-copy objects rezzed somewhere, with permission bits set appropriately"
  • [2008/07/15 10:34] Zha Ewry: I agree
  • [2008/07/15 10:34] Zha Ewry: One of the major goals of the OGP work
  • [2008/07/15 10:34] Zha Ewry: shoudl eb to enable a much broader set of choices
  • [2008/07/15 10:36] Goldie Katsu: So we have 3 domains (plus a client)
  • [2008/07/15 10:36] Goldie Katsu: Is the identity trust simply based on TLS?
  • [2008/07/15 10:38] Zha Ewry: Good questoiun
  • [2008/07/15 10:38] Latha Serevi: In my mind, we have a large number of identities with different capabilities granted to them. A common case is, 3 domains (agent, region, utility) plus a client. (maybe 4, adding L$ ?) . Correct me if this sounds broken.
  • [2008/07/15 10:39] Goldie Katsu: I would think separating the L$ makes sense.
  • [2008/07/15 10:39] Zha Ewry: I think the nice thing, ias when its a set?
  • [2008/07/15 10:39] Zha Ewry: Once it's more than 2+ client
  • [2008/07/15 10:39] Zha Ewry: you're in the general case
  • [2008/07/15 10:39] Goldie Katsu: I hvae a bank that is separate from my utliities
  • [2008/07/15 10:39] Zha Ewry: If we decide to add domains beyond 2.. you're prety much in the general case for problem solving
  • [2008/07/15 10:39] Goldie Katsu: I may trust Xcel for my power and gas, but I wouldn't trust them with my pacheck.
  • [2008/07/15 10:39] Goldie Katsu: True
  • [2008/07/15 10:40] Zha Ewry: As a prtocol/design goal
  • [2008/07/15 10:40] Zha Ewry: we should also make it pretty easy, to mark untrusted stuff, as well
  • [2008/07/15 10:41] Saijanai Kuhn: This is where Which's expertise comes in, I think
  • [2008/07/15 10:41] Zha Ewry: "I'm a wild west region"
  • [2008/07/15 10:41] Zha Ewry: They'll exist, we ought to plan for them
  • [2008/07/15 10:41] Goldie Katsu: Yes.
  • [2008/07/15 10:42] Goldie Katsu: Which means in the asset service there needs to be a way to have untrusted assets and assets that cannot be rezzed in untrusted regions. trust here being "I trust this region to handle assets correctly"
  • [2008/07/15 10:42] Goldie Katsu: or soemthing like that.
  • [2008/07/15 10:42] Zha Ewry: Yeah
  • [2008/07/15 10:42] Zha Ewry: I think we want to have that flexability
  • [2008/07/15 10:43] Zha Ewry: What's just a bad idea is to pretend we won't have the full range
  • [2008/07/15 10:43] Goldie Katsu: yes. Don't assume a safe interent :)
  • [2008/07/15 10:44] Latha Serevi: "trusted region", bad term. All regions should have an identity, or we won't even talk to them. (Identities had better be available to anybody easily). "untrusted" is more like "doesn't promise to my satisfaction to preserve my permissions"
  • [2008/07/15 10:44] Shamir Katsu: There just needs to be a way to encapsulate and share that notion of trust and it has to be granular enough to support those assertions on individual objects for each context
  • [2008/07/15 10:45] Goldie Katsu: So identity trust is pretty simple I trust you are Zha true/false. (which implies a transitive trust that I trust the region to show me the right agent name, and the region trusted that the agent domain passed the right agent information and the agent domain trusted that the client to authenticate.)
  • [2008/07/15 10:45] Zha Ewry: Well, if we do this at all right, we're building a bunch of stuff which scales out and grows into somethingvery much like the web
  • [2008/07/15 10:45] Zha Ewry: Truted regoin is a very bad term
  • [2008/07/15 10:45] Zha Ewry: as you say its
  • [2008/07/15 10:45] Zha Ewry: "Compatible with doing X"
  • [2008/07/15 10:46] Latha Serevi: goldie, no on the transitive trust I think. Go check the public key index and handshake with the identity you want to communicate with.
  • [2008/07/15 10:46] Zha Ewry: As little chained trust as possible feels right to me
  • [2008/07/15 10:47] Latha Serevi: denial of service possible, but not spoofing, if the link is malicious
  • [2008/07/15 10:47] Object: llStopAnimation: Script trying to stop animations but agent not found
  • [2008/07/15 10:47] Goldie Katsu: Ok, let me reframe what I meant (without me getting lost in details that fit futher down )
  • [2008/07/15 10:47] Goldie Katsu: Identity trust is easy A is or is not believed to be A
  • [2008/07/15 10:47] Shamir Katsu: The reason you need trust to be sharable is otherwise everyone ends up having to do their own authentication
  • [2008/07/15 10:48] Goldie Katsu: the hard part comes in defining what capabilities we trust A to do on your behalf.
  • [2008/07/15 10:48] Zha Ewry: Right, Shamir.. if we don't do it pretty broadly.. we don't get it in a useful way
  • [2008/07/15 10:48] Dahlia Trimble: gotta go, bye all :)
  • [2008/07/15 10:48] Latha Serevi: shamir, I think they should do their own. OK, you can have a proxy for that if you must, but in our minds everybody can take the time to authenticate everybody else.
  • [2008/07/15 10:48] Goldie Katsu: (And there has to be transitive trust/chained trust of some sort because I can only see that the region shows my client that the agent Zha is in this sim.)
  • [2008/07/15 10:49] Zha Ewry: Sure, but as little as possible
  • [2008/07/15 10:49] Rex Cronon: bye dahlia
  • [2008/07/15 10:49] Zha Ewry: bye Dahlia
  • [2008/07/15 10:49] Goldie Katsu: bye Dahlia
  • [2008/07/15 10:49] Goldie Katsu: and the region only knows Zha is here because the agent Domain said it was the agent Zha
  • [2008/07/15 10:49] Latha Serevi: goldie, agree on binary identity trust. disagree on the rest; if it's important, go check.
  • [2008/07/15 10:50] Latha Serevi: (so maybe there are multiple states - "unverified agent Zha seems to be here"
  • [2008/07/15 10:50] Zha Ewry: Yeah, that last is nasty, Latha
  • [2008/07/15 10:50] Goldie Katsu: Yes that fits in the next level.
  • [2008/07/15 10:50] Goldie Katsu: Region domain's can't verify an agent identity except through the agent domain.
  • [2008/07/15 10:51] Latha Serevi: Why nasty? Avatar abcd just hasn't been verifiably linked to identity Zha by me yet.
  • [2008/07/15 10:51] Goldie Katsu: But the region domain agent domain trust can define "Identies are verified" "Identities are questionable" "identities are unverified"
  • [2008/07/15 10:52] Latha Serevi: Hmm, I wonder if we're talking two different situations here. In principle, there's no need to delegate to AD and RD except to establish comms. But, in a common case....
  • [2008/07/15 10:53] Latha Serevi: ...common case, agents in AD have delegated AD as trusted to authenticate them?
  • [2008/07/15 10:53] Zha Ewry: You'd rather never have me here, unverified, at some level
  • [2008/07/15 10:54] Goldie Katsu: Here, but perhaps in wild west?
  • [2008/07/15 10:54] Goldie Katsu: Like the black and whites in Snow Crash?
  • [2008/07/15 10:54] Zha Ewry: True
  • [2008/07/15 10:54] Zha Ewry: So. OK, yes, we'll see those
  • [2008/07/15 10:55] Goldie Katsu: So do we need to identify expected/likely trust chains?
  • [2008/07/15 10:56] Zha Ewry: That would be a nice exercise, I think
  • [2008/07/15 10:56] Goldie Katsu: So what do we call this other trust that isn't identity trust.
  • [2008/07/15 10:57] Goldie Katsu: And when I say identity trust here I mean that domain A or client B are domain A or client B
  • [2008/07/15 10:57] Goldie Katsu: not that the agent itself is who it says it is.
  • [2008/07/15 10:58] [[User:[ Organica|[ Organica]]:
  • [2008/07/15 10:58] Goldie Katsu: Layer 1 identity in the <pick a name here> model.
  • [2008/07/15 10:59] Latha Serevi: layer 2, map from identity to capabilities? (maintained by each identity separately for each other at this layer)
  • [2008/07/15 11:00] Zha Ewry: listens carefully
  • [2008/07/15 11:00] Latha Serevi: uh oh :)
  • [2008/07/15 11:00] Goldie Katsu: Layer 2 gets very tricky.
  • [2008/07/15 11:00] Zha Ewry: Very
  • [2008/07/15 11:01] Goldie Katsu: I think layer 2 is internal to a domain?
  • [2008/07/15 11:01] Goldie Katsu: and layer 3 would be interdomain
  • [2008/07/15 11:01] Zha Ewry: That would be nice
  • [2008/07/15 11:01] Zha Ewry: If it's moslty internal, we can keep it contained
  • [2008/07/15 11:02] Saijanai Kuhn: this starts to feel like something that requires a very sophisticated mathematical analysis to make sure you've covered properly all the cases you've exposed
  • [2008/07/15 11:02] Latha Serevi: What's a domain? I think of them as just meta-identities, so my base would be the domain of size 1.
  • [2008/07/15 11:02] Goldie Katsu: Domain would be an Agent Doman or a region domain (or utilities domain?) as defined in OGP?
  • [2008/07/15 11:03] Zha Ewry: I htink of a domain as a collection of services with common properties and a way of proving membership
  • [2008/07/15 11:03] Goldie Katsu: Much better definition.
  • [2008/07/15 11:03] Goldie Katsu: Just looking at an agent domain - 2 users may be trusted with different capabilities.
  • [2008/07/15 11:03] Zha Ewry: has been trying really hard to get that one right
  • [2008/07/15 11:04] Latha Serevi: So far, we can only prove individual identity. maybe (next meeting?) talk about how to prove membership in a group?
  • [2008/07/15 11:04] Rex Cronon: i have to go, bye everybody
  • [2008/07/15 11:04] Goldie Katsu: Bye Rex
  • [2008/07/15 11:04] Rex Cronon: tc
  • [2008/07/15 11:04] Zha Ewry: Sounds like a pan Latha
  • [2008/07/15 11:05] Zha Ewry: *plan
  • [2008/07/15 11:05] Latha Serevi: Group/domain membership infrastructure seems do-able and important.
  • [2008/07/15 11:05] Goldie Katsu: yep.
  • [2008/07/15 11:05] Zha Ewry: I generally take 11:00 SL as time to start windingf down
  • [2008/07/15 11:05] Zha Ewry: and. very much so, Latha
  • [2008/07/15 11:05] Zha Ewry: if we nail that.. the rest has a place to anchor
  • [2008/07/15 11:05] Goldie Katsu: and looking at the trust chains
  • [2008/07/15 11:05] Goldie Katsu: which would be after the previous if there's time
  • [2008/07/15 11:05] Latha Serevi: The business about capability maps and distributing them needs more work & bootstrapping.
  • [2008/07/15 11:06] Latha Serevi: (= trust chains)
  • [2008/07/15 11:06] Goldie Katsu: Trust needs to be built up by layers.
  • [2008/07/15 11:06] Zha Ewry: Short trust chains
  • [2008/07/15 11:06] Zha Ewry: Layers and short chians
  • [2008/07/15 11:06] Goldie Katsu: Yep.
  • [2008/07/15 11:06] Zha Ewry: OK
  • [2008/07/15 11:06] Goldie Katsu: finds hereself thinking of SF
  • [2008/07/15 11:06] Zha Ewry: Saij?
  • [2008/07/15 11:06] Zha Ewry: If I pass you a e-mail with the chat log, can you format and post it?
  • [2008/07/15 11:08] Zha Ewry: mutters
  • [2008/07/15 11:08] Zha Ewry: OK
  • [2008/07/15 11:08] Zha Ewry: Well, I have it I guess time to format
  • [2008/07/15 11:08] Latha Serevi: (don't forget to translate "You:" into "Zha Ewry:")
  • [2008/07/15 11:08] Zha Ewry: This was really good, people.
  • [2008/07/15 11:09] Zha Ewry: yeah, I know
  • [2008/07/15 11:09] Saijanai Kuhn: sorry was afk again
  • [2008/07/15 11:09] Zha Ewry: and take out all the declines of the fashcon offers
  • [2008/07/15 11:09] Goldie Katsu:  :)
  • [2008/07/15 11:09] Saijanai Kuhn: I just use tree's wikifier page anyway
  • [2008/07/15 11:09] Goldie Katsu: Ahh the transcript editing process.
  • [2008/07/15 11:09] Zha Ewry: You got lnk for that handy?
  • [2008/07/15 11:10] Saijanai Kuhn: [2] make sure you enter your name in the settings
  • [2008/07/15 11:10] Zha Ewry: okies
  • [2008/07/15 11:10] Zha Ewry: Off to RL for a bit
  • [2008/07/15 11:10] Zha Ewry: This was SUPER
  • [2008/07/15 11:10] Saijanai Kuhn: its not reentrant. Last person's settings are the default
  • [2008/07/15 11:10] Goldie Katsu: Have fun!
  • [2008/07/15 11:10] Zha Ewry: Goldie, Latha?
  • [2008/07/15 11:11] Latha Serevi: mm?
  • [2008/07/15 11:11] Zha Ewry: Really great to hear all the thinking
  • [2008/07/15 11:11] Goldie Katsu: I agree.
  • [2008/07/15 11:11] Goldie Katsu: Latha & Zha good stuff.
  • [2008/07/15 11:11] Zha Ewry: And the quiet input from Shamir too
  • [2008/07/15 11:11] Bartholomew Kleiber: bye all
  • [2008/07/15 11:11] Goldie Katsu:  :)
  • [2008/07/15 11:11] BlueWall Slade: thanks! good meeting, great ideas
  • [2008/07/15 11:11] Latha Serevi: thanks all, til next time
  • [2008/07/15 11:11] Zha Ewry: Bye all
  • [2008/07/15 11:11] Goldie Katsu: Bye all!
  • [2008/07/15 11:11] BlueWall Slade: laters
  • [2008/07/15 11:11] Saijanai Kuhn: laters all
  • [2008/07/15 11:11] Zha Ewry: See many of you at Zero's
  • [2008/07/15 11:11] Shamir Katsu: see ya