AW Groupies/Chat Logs/AWGroupies-2008-09-09

From Second Life Wiki
Jump to: navigation, search
  • [9:31] Zha Ewry: I'll give poeple a few more minutes to assemble
  • [9:32] Zha Ewry: (and possibly recover from the shock of my showing up)
  • [9:32] Saijanai Kuhn: Groupies Assemble!
  • [9:32] Saijanai Kuhn: Avengers are OK too, Rex
  • [9:32] Rex Cronon:  ?
  • [9:33] Saijanai Kuhn: Not a big comic book fan
  • [9:33] Rex Cronon: lol u mean the commics
  • [9:33] Saijanai Kuhn: Anengers Assemble! was the Avengers' battlecry
  • [9:34] Saijanai Kuhn: and Ironman was one of the original Avengers
  • [9:34] Rex Cronon: i haven't looked in a comic book in quite a while
  • [9:36] Zha Ewry: I gather we are doing adminsitrivbia to get a couple of people Acccess?
  • [9:37] G2 Proto: accepted your inventory offer.
  • [9:37] Zha Ewry: OK. Lets call this time to start
  • [9:37] Goldie Katsu: I was looking at my old Watchmen comics the other day
  • [9:37] Dale Innis: is being eaten by a huge dumpling!
  • [9:37] Dale Innis: oh, there we go.
  • [9:38] Zha Ewry: So... I know there's been some discussion of looking at Chat/IM next, and that's fine, but.. I'm going to try, very hard to get us to figure out how to do next steps on trust and component relationships
  • [9:38] Dale Innis: Yay! :)
  • [9:39] G2 Proto: ive been benched
  • [9:39] Zha Ewry: In particuilar, the heart of the long term story has to be anchored in *some* reason to bvelieve that sim X is in fact a sim we can trust, and the sim we wanted to talk to.
  • [9:40] Zha Ewry: and likewise, that "obscure asset server fiifty two" is in fact, a safe place to put an asset
  • [9:40] Dale Innis: The first thing we can just use like two-way SSL or whatevers?
  • [9:40] Dale Innis: or am I oversimplifying now? :)
  • [9:40] Zha Ewry: slaps dale
  • [9:40] Zha Ewry: You are oversimplifying
  • [9:40] Zha Ewry: Bigtime
  • [9:40] Latha Serevi: Sure, Dale, I think so ... but you need to decide if the party is worth interacting with.
  • [9:41] Dale Innis: Right, but those are two different things: "is this really X I'm talking to?" and "how to I feel about X?"
  • [9:41] Zha Ewry: We're using https and such, in caps, once we're talking to someone
  • [9:41] Goldie Katsu: SSL lets you know the communication is consistently with who you started talking with
  • [9:41] Dale Innis: An' SSL with signed certs lets you know that it really is X (modulo trust in the CA).
  • [9:42] Zha Ewry: So, once we get to the point where we have a cap from service Zed, we're willing to believe that it really is the guy under the ventilator in lower manhatten.
  • [9:42] Zha Ewry: But, before we can do that, we really do need to konw that it's MIB's server, and not someone spoofing them
  • [9:43] Zha Ewry: (its the usual nasty game of two way trust, between losely coupled parties)
  • [9:43] Zha Ewry: The good news, is we're not tryintg to do it on every transaction, or anythign close
  • [9:43] G2 Proto: trust but verify as RR said
  • [9:43] Zha Ewry: Baring a couple of very specific use cases, I'm pretty sure that we can believe that TLS (HTTPS) will do what we need to keep the transcations secure, once we get the pipe open
  • [9:44] Dale Innis: goodgood
  • [9:44] Latha Serevi: That game seems "solved" just fine. It's propagating and maintaining "groups" (SL groups or trust groups, similar mechanism ) that's the subgoal that is top of my list.
  • [9:44] Rex Cronon: so, u do it only on login? what happens if somebody gets in the middle afterwards?
  • [9:44] Zha Ewry: wiht HTTPS, they can't.
  • [9:44] Dale Innis: Afterwards they can't get in the middle, 'cause can't break the crypto.
  • [9:44] Dale Innis: yeah, that :)
  • [9:45] Zha Ewry: (if they can, they can get in the middle for Amazong, paypal, and everyone else, I'm willign to acceprt that level of comfort)
  • [9:45] G2 Proto: yep
  • [9:45] Latha Serevi: One oversimplification I use is to think of maintaining trust relationships in two parts - (1) a set of bitmaps, one for each type of trust I'm interested in, one bit per entity in the world and (2) how to maintain those bitmaps. Anybody like or dislike that oversimplification?
  • [9:45] Dale Innis: So to initially tell who they say they are, need an appropriate certificate.
  • [9:45] Rex Cronon: for quite a while people believed that the earth was flat:)
  • [9:46] Zha Ewry: That's about two steps into the dance, and we should talk about that shortly
  • [9:46] Zha Ewry: So.. I see the steps being...
  • [9:46] Zha Ewry: A two way handshake that gets major chunks in sync
  • [9:46] Dale Innis: (That seems fine, Latha; or equivalently a function that for every entity/action pair, can answer "do I trust entity to do action")
  • [9:46] Saijanai Kuhn: Zha, assuming yo trust the AD which did the intro for the pipe in the first place
  • [9:46] Zha Ewry: Ahhhh
  • [9:46] Zha Ewry: No
  • [9:46] Latha Serevi: (thanks, Dale, but that isn't simple enough of an intuition pump for me)
  • [9:46] Zha Ewry: Or.. more specifcally
  • [9:47] Dale Innis: (Latha: it works better for me. Everyone has their own cognitive style :) )
  • [9:47] Zha Ewry: The "is this the place I wanted to log onto" handshake"
  • [9:48] Zha Ewry: is probably quite different
  • [9:48] Dale Innis: nods. If you have a cert for the person at the other end of the pipe, then it doesn't matter who gave you the pipe.
  • [9:48] Dale Innis: If you don't (and you probably won't have one for every user) then it does matter.
  • [9:48] Zha Ewry: I can't see having one per user
  • [9:48] Dale Innis: me too
  • [9:48] Zha Ewry: Two very seperable problems luckly
  • [9:48] Dale Innis: either :)
  • [9:49] Saijanai Kuhn: well, yes it does. man in the middle can take place if the pie has been given (CAP) unless the CAP is encrypted in the first place
  • [9:49] Zha Ewry: One is, "Did I get onto the login I wanted to, at the client/user interaction level, the first touch, as it were for a user"
  • [9:49] Saijanai Kuhn: ah, missed the part about cert BUT a cert for every region?
  • [9:49] Dale Innis: Sai: yeah, the certificate lets you do exactly that encryption.
  • [9:50] Dale Innis: A cert for every RD perhaps. Not every region.
  • [9:50] Zha Ewry: the other is, "I'm a software component, not a user, I need to konw you are in fact the person I think you are, at soime level.. or, for a lot of reason, "You are in the domain you claim to be in"
  • [9:50] Saijanai Kuhn: even every RD is pretty intense after a while. YOu need that certificate authority thing
  • [9:50] Dale Innis: Yep, need CAs.
  • [9:50] Goldie Katsu: so the private key of the cert would be shared by all servers in that domain? or all traffic in the domain comes to a point and is repackaged from there?
  • [9:50] Zha Ewry: (I can argue, but for lots of reasons don't buy that the Client/AD log in, could be the same, but it causes tons of problems to do)
  • [9:51] Zha Ewry: So.. I'm goign to argue the private key of the certy doesn't go out widely
  • [9:51] Dale Innis: Goldie: either one
  • [9:51] Zha Ewry: Or doesn't have to
  • [9:51] Zha Ewry: Each component in a domain
  • [9:51] Zha Ewry: (Drop the RD, AD, XD, and say Domain, you'll be happier over time ;-) )
  • [9:51] Latha Serevi: Zha, you don't seem to be addressing the problem as generally as I was expe cting. What problem are you trying to solve?
  • [9:51] Dale Innis: ( implementation detail :) )
  • [9:51] Dale Innis: The problem of knowing who you're talking to!
  • [9:52] Zha Ewry: Step 1, in about a four step dance
  • [9:52] Zha Ewry: this is "Proving I'm Agent J, and you're Agent Z" and we should be talking
  • [9:52] Zha Ewry: Or, more specifcally
  • [9:53] Shamir Katsu: TLS can be bidirecfional even though SSL in browsers is, by default, not bidirectional
  • [9:53] Zha Ewry: proving "I'm someone who wants to talk to a component in the MIB domain, and you're are in fact in that domain)
  • [9:53] Zha Ewry: That's step zero
  • [9:53] Zha Ewry: Then, we worry about what we can do when we know we're talkgin to someone in MIB land
  • [9:53] ii Singh: accepted your inventory offer.
  • [9:53] Zha Ewry: Roughly, if possible
  • [9:54] Latha Serevi: But that dance is a special case of what I'm interseted in, I think; and it would help to have a general framework. The general problem is something like "I want to do X and I have a seed cap. What steps to I take to find out who can do X with me and establish secure comms with them?"
  • [9:54] Zha Ewry: I'd like the cert level stuff to happen at the domain level, for a ton of reasons, including scalability, truyst and
  • [9:54] Goldie Katsu: looks at her coffee and wonders why her brain isn't starting yet.
  • [9:54] Zha Ewry: That's conflating discovering and security, I think
  • [9:54] Latha Serevi: discovery is the meat of the trust problem
  • [9:55] Latha Serevi: security is cheese (easy)
  • [9:55] Dale Innis: disagrees.
  • [9:55] Latha Serevi: (mmm, chee-eese. a nice wensleydale.)
  • [9:55] Dale Innis: Security is hard also. :)
  • [9:55] Zha Ewry: I tend to think of it exactly the other way around, with one.. caveat
  • [9:55] Dale Innis: And nothing with "seed cap" in it is a general question. :) We don't even know jsut where those are used yet.
  • [9:55] Zha Ewry: Yoiu have to be careful that Discovery does not leak information that protect security
  • [9:55] Goldie Katsu: So user alice wants to talk to region domain bob and is logged in to agent domain charlie. We want bob to know for sure he's talking to charlie?
  • [9:56] Dale Innis: Yes!
  • [9:56] Dale Innis: For instance :)
  • [9:56] Goldie Katsu: before handing it back to alice
  • [9:56] Zha Ewry: That's one of the many use csase, yes
  • [9:56] Goldie Katsu: and also charlie talkign to bob
  • [9:56] Goldie Katsu: So how do bob and charlie know how to find each other?
  • [9:57] Dale Innis: Tend to think that's a separate question?
  • [9:57] Zha Ewry: "Region five seventeen wants to store an asset on behalf of user Joesephine, and has been trold ot use asset store "Bobs Asset Services" and wants to know if he's really reached Bob's asset services"
  • [9:58] Zha Ewry: and.. as this is the web, the usual aswer for how we finf things, is we have URLs to them. This begs the question of how we get the URLs
  • [9:58] Latha Serevi: Easy. We define a function securely-communicate-with(entity) and use it to exchange a session key.
  • [9:58] Goldie Katsu: I thitnk that how they find each other is part of how we know we trust.
  • [9:58] Dale Innis: Identity and trust are still separate problems, though.
  • [9:59] Rex Cronon: if that asset is encrypted u can store it even on "Hackers Asset Services";)
  • [9:59] Latha Serevi: discovery = finding entity id (the hard part). security = verifying and communicationg with entity (mechanisms must be there, but thoroughlty solved problem)
  • [9:59] Dale Innis: We keep doing this thing where there are like four problems to address, and we switch at high speed between them all. :)
  • [9:59] Goldie Katsu: yeah
  • [9:59] Goldie Katsu: That's why I'm trying to start at the begining.
  • [9:59] Zha Ewry: Rex, that only works, if you have a way of leting every server you ever go to, decrypt the asset
  • [10:00] Rex Cronon: u decryt it and give it to servers u go to :)
  • [10:00] Saijanai Kuhn: Rex, how?
  • [10:00] Zha Ewry: Pull it down to the client, and then up to the server? That only works for user held content, and not even there
  • [10:00] Goldie Katsu: That assumes you see the asset and you can decrypt it.
  • [10:00] Saijanai Kuhn: also assumes you're talking to the server without the AD in the mix
  • [10:01] Latha Serevi: Rex's point (modified a bit) has merit -- an asset server needn't be able to decrypt my asset, necessarily. Hm, optional encryption...
  • [10:01] Rex Cronon: u have a case that hold everything u have on, and u carry everywhere u go
  • [10:01] Zha Ewry: That doesn't cover any of the region held assets
  • [10:01] Latha Serevi: (you would pass decryption cap to RD along with instructions for getting asset from AD)
  • [10:01] Saijanai Kuhn: there's that pesky capabilities in virtual worlds thesis again. self-modifying encrypted caps. Read once and re-encrypt
  • [10:02] Goldie Katsu: ok so AD Charlie and RD Bob are settining up to talk with each other - Did they get their respective IP info or cert info from a virtual world nslookup?
  • [10:02] Dale Innis: But Latha, first you have to be sure you're really talkikng to the right RD. :)
  • [10:02] Saijanai Kuhn: Lath, only as long as the AD doesn't see the key
  • [10:02] Goldie Katsu: (Which could go to a dns like server or a hardcoded "host file")
  • [10:02] Zha Ewry: The key better never bee in cleartext, ourside the trust chain
  • [10:02] Latha Serevi: Well of course, jeez.
  • [10:02] Zha Ewry: So.. ok
  • [10:03] Zha Ewry: Lets back up a tick
  • [10:03] Zha Ewry: So... Discovery
  • [10:03] Zha Ewry: How did component X, decide it needed to talk to service Y, in the first place?
  • [10:03] Latha Serevi: I propose that all discovery and trust maintenance be built on top of a secure "gruops" mechanism, TBD now.
  • [10:03] Dale Innis: I imagine there are a bunch of differnt mechanisms, in different use-cases.
  • [10:03] Goldie Katsu: Client requested TP (for example)
  • [10:04] Goldie Katsu: or Region needed asset?
  • [10:04] Zha Ewry: i think, for what it's worth, I'd push back and ask "what web standards exist today"
  • [10:04] Dale Innis: people type URLs on browser address fields. :)
  • [10:04] Goldie Katsu: For some things there are specific links - like friend feed supporting specific other web2.0 services
  • [10:04] Zha Ewry: I'm not convinced we need to invent a new discover and trust magement group scheme, for virtual worlds, when so far, the whole of the web and web 2.0 has been able to duck it
  • [10:04] Goldie Katsu: and in some cases it is open like I type www.amazon.com in my browser bar
  • [10:05] Bartholomew Kleiber: Zha +1
  • [10:05] Zha Ewry: (If we need to, we need a strong justification for it)
  • [10:05] Goldie Katsu: In the first I trust friendfeed did the check
  • [10:05] Goldie Katsu: in the second I'm trusting DNS
  • [10:05] Latha Serevi: I am convinced we do need it. Zha -2.
  • [10:05] Goldie Katsu: and that dns is really sending me to amazon.com - and the cert then has to match the URL for added assurance.
  • [10:05] Goldie Katsu: so in that case TLS does a part of the trust verification
  • [10:06] Latha Serevi: I can't think of a web problem that involves a dozen cooperating entities with complicated interactions like this, in re-definable relationships that can't plausibly be hard-coded by hand.
  • [10:06] Goldie Katsu: And some servers will do the closed model (friendfeed) and others the open (dns + cert)
  • [10:06] Zha Ewry: Well, most of the web workflow people would probabl point at thier work
  • [10:07] Bartholomew Kleiber: In the web there is no good way currently to make digital assets non-stealable, so Latha has a point
  • [10:07] Latha Serevi: Will anyone second my proposal that everything be built upon a secure gruops mechanism? Isn't it totally brilliant?
  • [10:07] Zha Ewry: But.. the point is well taken. And one I make a lot. We're depending on a lot more shared stff than those people
  • [10:07] G2 Proto: lol
  • [10:07] Goldie Katsu: so a dns like lookup - and a cert with something that says bob is bob once you've looked him up would address the identity part of the question.
  • [10:07] Goldie Katsu: What you want to do with bob is another question.
  • [10:07] Zha Ewry: As always, Goldie
  • [10:08] Zha Ewry: One of the ways the Grid work int he early part of the decade foundered
  • [10:08] Goldie Katsu: I'll send creditcard information to amazon.com but not to 4m4z0n.com
  • [10:08] Zha Ewry: was tryign to worry too much about that early on
  • [10:08] Bartholomew Kleiber: but then again if we try to solve this here, and its not even solved in 2D web, this might as well and up in a 3D DRM desaster
  • [10:08] Bartholomew Kleiber: so Zha: +3
  • [10:08] Latha Serevi: Teacher's pet.
  • [10:08] Goldie Katsu: does the math 1-2+3 =. 1
  • [10:08] G2 Proto: lol
  • [10:08] Zha Ewry: I'd argue, if we need some new parts (and I'm not arguing w edon't)
  • [10:09] Goldie Katsu: oh wait
  • [10:09] Zha Ewry: that we build them up out of existign web bits if we can
  • [10:09] Goldie Katsu: I can't do math today
  • [10:09] Zha Ewry: So...
  • [10:09] Goldie Katsu: rests her head on the desk and waits for some consciousness
  • [10:09] Zha Ewry: Goldie is certainly pushing on things which looklike they do a part of establishign how you find things
  • [10:09] Bartholomew Kleiber: (I put an extra point in to dodge latha)
  • [10:09] Goldie Katsu: 2
  • [10:09] Rex Cronon: does it really matter where u send the cc info, if some nodes can be hacked and told to redirect traffic?
  • [10:10] G2 Proto: I just verified with calculator it is "2" goldie
  • [10:10] Goldie Katsu: thanks G2.
  • [10:10] Bartholomew Kleiber: chuckles. Loves it when a plan comes together.
  • [10:10] G2 Proto: np High School math rocks!
  • [10:10] Zha Ewry: The point, Rex, is to make sure that you don't, in fact ever send you CC info to a hacked node
  • [10:10] Latha Serevi: CC info is a bad example; it uses passing-around of in-the-clear passwords (CC numbers). Use nmore specific capabilities (one-time-use CC nubmers)
  • [10:10] Goldie Katsu: well if I have a communication between my browser and amazon verified by TLS then the attack can only happen behind amazon
  • [10:10] Rex Cronon: but u might have no idea if ide if is hacked
  • [10:10] Zha Ewry: or at least, only to one which has been well hacked
  • [10:11] Latha Serevi: Security from 3rd parties is trivial; the wondrous secure group mechanism on which our entire edifice is based is not. Sopmebody second my proposal, dammit.
  • [10:11] Zha Ewry: (if someone breaks into my box, which has the csecure cert for "Big Blue Labs" and uses it properly, we're sort of hosed)
  • [10:12] Goldie Katsu: unless I can get a cert you trust that says hacked amazon IP is amazon.com which it shouldn't because only amazon.com servers should have amazon.com's private key
  • [10:12] Zha Ewry: So.. today.. we trust DNS
  • [10:12] Saijanai Kuhn: Things can get impressive though. I got a phshing email today from eric at animationmagazine.net Legit newsletter. Legit email, but all the links in the newsletter were to .tn/uuid/uuid/uuid
  • [10:12] Goldie Katsu: But we do rely on the domains to protect their private keys
  • [10:12] Zha Ewry: we trust certs issued by people like verisign
  • [10:13] Zha Ewry: and we trust TLS (https) to keep thing safe on the wire
  • [10:13] Latha Serevi: whines and licks her paw.
  • [10:13] Zha Ewry: We have trouble when someone types amazoon.com
  • [10:13] Zha Ewry: because they break the trust chain on the start of the dance
  • [10:13] Graph Weymann: less typing, more bookmarks!
  • [10:14] Zha Ewry: but, if they manage to type www.amazon.com correctly, they "probably" get to the secure server they want.
  • [10:14] Zha Ewry: (Thus the pain level, when DNS was shown hackable this summer)
  • [10:14] Graph Weymann: If your "bookmark" has got a public key/cert in it, then you don't even need DNS to be right
  • [10:14] Bartholomew Kleiber: yes, surprisingly. It seems 'secure enough'.
  • [10:14] Bartholomew Kleiber: right.
  • [10:14] Goldie Katsu: and we believe the risk is small enough (or fixable enough) that that is good enough.
  • [10:15] Zha Ewry: So.. let me poke at discovery for a moment
  • [10:15] Bartholomew Kleiber: but it is the standard riht now, with all flaws and possible risks.
  • [10:15] Goldie Katsu: but yes, amazoon.com could have a valid cert for amazoon.com and if no one pays attention then amazoon will get the info.
  • [10:15] Bartholomew Kleiber: but this will be around the web in 8 hours.
  • [10:15] Bartholomew Kleiber: tops.
  • [10:16] Zha Ewry: So.. when am I doing discovery?
  • [10:16] Zha Ewry: Mostly, when as a user, I try to find a service to use, or as a component, I try to locate a service that a user has asked me to use
  • [10:16] Dale Innis: ( Latha: I'd tend to think that a secure groups mechanism needs to be built on top of other stuff, not just the other way around. But write down your proposal and I'd be glad to read it. :) )
  • [10:17] Zha Ewry: For most... of our up and running bits of the world, they will have sets of services they talk to all the time
  • [10:17] Zha Ewry: ie. if I'm a region in a grid, I probably takl to all the trusted services in my ghrids all the time
  • [10:17] Zha Ewry: I also probably talk to a set of well known public services
  • [10:17] Zha Ewry: and.. fromt ime to time, someoen is goign to walk onto my grid and say
  • [10:18] Zha Ewry: "hey, fetch my asset from ["http://relally.obscure.org/my/really/oddball/assetstore/uuid.foo]
  • [10:18] Zha Ewry: And then.. the questin is "OK, now, how do I find that asset store, and do i trust it?"
  • [10:19] Zha Ewry: we're *ALL* REST web services, so I should always have a DNS resolvable name as part of the path
  • [10:20] Zha Ewry: The other major use cases I see are
  • [10:20] Zha Ewry: someone hands me a LM with a URL
  • [10:20] Zha Ewry: same basic issue
  • [10:20] Dale Innis: wonders if he will end up being the ones writing down these usecases in the Wiki also. :)
  • [10:20] Zha Ewry: they are trying to go to ["http://grid.i.have.never.heard.of/region57/x,y,z"]
  • [10:21] Zha Ewry: and finally, there's always "hmm. Ok. I need a place to store this asset, and I want to search for an asset server"
  • [10:22] Zha Ewry: Regoins, and services, and stuff, presumably, have a list (possibly null) of default services for all thier routine tasks
  • [10:22] Bartholomew Kleiber: there could be some whiltelist of 'good' domains, a blacklist for bad ones and everything else could be configured by the XD owner if he want to allow this or not. How these lists are built, I dont know. How does this work with anti-spam services?
  • [10:23] Zha Ewry: I think, I'm assuming, baring some real surprise, that every thing I want to talk to, has a URL
  • [10:23] Graph Weymann: Wouldn't the asset server there always be already-chosen by theagent domain (copyable assets)or the region domain (non-copiable)?
  • [10:23] Latha Serevi: To decide if I'm gonna fetch from an unknown asset store, or teleport to an unknown region, I would require them to be listed in some top-down chain from somebody in my group of asset-store-knowers or region-knowers. I have selected that group based on the kind of security I want.
  • [10:23] Zha Ewry: The default, sure, Graphy, but I may chose to store my assets somewhere else
  • [10:23] Zha Ewry: and if I'm visiting a region
  • [10:23] Graph Weymann: I wouldn't think tat needs a *discuvery* mechanism though
  • [10:23] Zha Ewry: my assets may not be in the region's domain at all
  • [10:23] Graph Weymann: (sorry for bad spelling)
  • [10:24] Zha Ewry: I'm trying to see where we need discovery beyond DNS
  • [10:24] Graph Weymann: Sure, but does that matte? it just means thhe region won't trust your non-copable bits, no?
  • [10:24] Zha Ewry: may or may not
  • [10:25] Graph Weymann: Right, I'm arguing against discovery and for preexisting designation :)
  • [10:25] Zha Ewry: I think the 90% case is going to be, people store thier assets in well known, and truyted servers
  • [10:25] Zha Ewry: nods
  • [10:25] Zha Ewry: The one place where it gets odd, is when you want to move you assets, but I think thsat's always bad in web services
  • [10:26] Zha Ewry: (Now there is a fine, and messy place where we talk about how we mostly talk about"
  • [10:26] Dale Innis: ( those servers might not be well-known and trusted to all the RDs that they visit tho...? )
  • [10:26] Bartholomew Kleiber: I though that was a major use case, because that would be selling an asset for example?
  • [10:26] Zha Ewry: "Big Blue Machines asset service" which maps down to: ["http://vw.services.assets.bbm.com/assetservices/"]
  • [10:27] Zha Ewry: So, right
  • [10:27] Dale Innis: has to take off early, but will read transcript. I hope we can start getting these ideas written down in the WIki?
  • [10:27] Graph Weymann: You could sell an asset and it stays on the same server... that is a very nice simple case since the currency and assets can all be conserved by the same domain
  • [10:27] Zha Ewry: The use case, is that the region your in, isn't up to speed ithyour asset servers
  • [10:27] Graph Weymann: (not that there aren't other cases)
  • [10:27] Rex Cronon: bye dale
  • [10:27] Goldie Katsu: bye dale
  • [10:28] Bartholomew Kleiber: Graph: yes, I thought there could be real 'move' of assets
  • [10:28] Bartholomew Kleiber: bye dale
  • [10:28] Zha Ewry: and if there is no chain of provable trust to the servic,e it simply may not be usable on some regions. That['s fuly acceptable"
  • [10:28] Bartholomew Kleiber: also
  • [10:28] Zha Ewry: well, this is where the web breask, Bart.
  • [10:28] Bartholomew Kleiber: true
  • [10:28] Zha Ewry: if I move my web page from ["http://zha.ewry.com/mypages"] to
  • [10:28] Bartholomew Kleiber: because thats usually not the case in 2d web
  • [10:28] Zha Ewry: "
  • [10:29] Zha Ewry: I end up with all new paths
  • [10:29] Bartholomew Kleiber: right
  • [10:29] Zha Ewry: and unless I put 50x forwards
  • [10:29] Zha Ewry: everyone loses me
  • [10:30] Zha Ewry: so. if I want to move my REST style named asset "Zha's cool hair style 507" from ["http://lindenlabls.com/assetcoult/uuid"] to ["http://zha'sprivateserver.ogr/assetstore/uuid"]
  • [10:30] Zha Ewry: That move, is pretty explicit
  • [10:30] Zha Ewry: And.. where it will stink on ice...
  • [10:31] Zha Ewry: is when that asset is nested in five deep
  • [10:31] pogan Palianta: hi ; )
  • [10:31] Zha Ewry: (I can easily see doing the move at the client level, you just update inventory)
  • [10:31] Zha Ewry: it's much nastier, if you have a dangling reference in other bits of the world
  • [10:31] Zha Ewry: (again, just like the web today, stale links, are stale links)
  • [10:32] Graph Weymann: anything wrong with providing redirects?
  • [10:32] Zha Ewry: if your previous hoster will, go for it
  • [10:32] Rex Cronon: hi. am i lucky that im made of iron or what? it proves quite usefull since everybody seems to land on me. almost:)
  • [10:32] pogan Palianta: can i know what is goin on hiere ?
  • [10:32] Zha Ewry: (and you have the trust model right)
  • [10:32] Whump Linden: / sorry, Rez
  • [10:32] Saijanai Kuhn: we're talking about trust issues between virtual worlds, Pogan
  • [10:32] Rex Cronon: lol. np:)
  • [10:33] Graph Weymann: right, and since you're writing the servr you can make it easy to delete-and-drop-in-redirect, not like today's web servers
  • [10:33] pogan Palianta: thx for invite
  • [10:33] Bartholomew Kleiber: as long as these are your assets, and the links are ok, it is a matter of trust to your domain, right?
  • [10:33] Zha Ewry: and any rergion you go to
  • [10:33] Bartholomew Kleiber: yes
  • [10:33] Zha Ewry: all the messy bits happen when I want to
  • [10:33] Zha Ewry: rez on someone else region
  • [10:33] Zha Ewry: or rez objects I own on someone else region
  • [10:34] pogan Palianta: yep
  • [10:34] pogan Palianta: that how i learn
  • [10:34] Zha Ewry: of course, being fully insane
  • [10:34] pogan Palianta: accepted your inventory offer.
  • [10:34] Zha Ewry: I want to allow a linked set of objects
  • [10:34] Zha Ewry: where each object is on a different asset server
  • [10:34] Zha Ewry: and let that linkset rez properly
  • [10:34] Shamir Katsu: linked on different asset servers?
  • [10:35] Goldie Katsu: but you can't link something owned by multiple users
  • [10:35] Zha Ewry: (assuming, of course, that all the parts of hthe links set can be fetched)
  • [10:35] Zha Ewry: No I own them all
  • [10:35] Zha Ewry: I just happen to be a complete loon
  • [10:35] Goldie Katsu: lol
  • [10:35] Zha Ewry: and I have them stored on 20 different servers
  • [10:35] Bartholomew Kleiber: isnt that like a web page with deep links into other web servers for example for images?
  • [10:35] Goldie Katsu: and if one asset server moves the path?
  • [10:35] Bartholomew Kleiber: like an adserver maybe?
  • [10:35] Zha Ewry: and it doesn't provide a 50X redirect?
  • [10:35] Zha Ewry: when i try to rez the object
  • [10:35] Goldie Katsu: can we trsut the "Don't rely on the url to be interpretive"
  • [10:36] Zha Ewry: The server is going to say
  • [10:36] Bartholomew Kleiber: well these 50x redirects happen on portal pages
  • [10:36] Zha Ewry: "Yo, Zha, sorry, I couldn't rez that linkset, element 50 points to a resource which cannot be located"
  • [10:36] Bartholomew Kleiber: they get counted an redirected again and so forth.
  • [10:36] Zha Ewry: That's fine, and desirable Bart
  • [10:37] Zha Ewry: One of the reasons to stick to REST and as close to generic web protocol as possible
  • [10:37] Goldie Katsu: although I suppose you have to rely on the domain info.
  • [10:37] Zha Ewry: is that we don't have to reinevnt all of that
  • [10:37] Zha Ewry: right
  • [10:37] Zha Ewry: as in all the web
  • [10:37] Bartholomew Kleiber: yes
  • [10:37] Zha Ewry: the part of a URL
  • [10:37] Goldie Katsu: yeah if I bought the loon hair I'd be bumming
  • [10:37] Zha Ewry: which addresses the asset, needs to be a valid DNS name or your kind of SOL
  • [10:38] Zha Ewry: if we do this right, you can put all your assets on virtulaized domains
  • [10:38] Zha Ewry: which either proxy, or rediretc, and it will work
  • [10:39] Bartholomew Kleiber: virualized because ....?
  • [10:39] Zha Ewry: well, in the sense that somethign like "zha.ewry.org" may be pointed down to "myisp.com"
  • [10:39] Goldie Katsu: I'd like to say it is an edge case but chances are it would happen lots of times. I build something on sim x and reuse it with other parts on sim y. right now they are all on SL inventory but it could be across multiple places.
  • [10:39] Zha Ewry: or a proxy service which takes all the asset store requests, stores them in two or three subordinate services and gives me a 99.9999% uptime case
  • [10:40] Zha Ewry: (assuming, of course, I run my proxy forwarding service on really good hardened hardware)
  • [10:40] Bartholomew Kleiber: since domains could be down?
  • [10:41] Zha Ewry: So.. I guess, one thing I'm going to try here is:
  • [10:41] Zha Ewry: "Unless we get use cases which don't work, can we assume that DNS name resolution is enough?"
  • [10:41] Bartholomew Kleiber: well if your favorite pants asset server is down, then you are ... well, pants down.
  • [10:41] Goldie Katsu: (you do realize we have drifted across about 5 or 6 separate issues)
  • [10:41] Zha Ewry: Oh my yes
  • [10:42] Zha Ewry: I'm going to hammer in this stake in the ground
  • [10:42] Zha Ewry: and then go back to issue one again
  • [10:42] Bartholomew Kleiber: k
  • [10:42] Latha Serevi: Has anybody looked at Tao's writeup? I glanced at it and didn't like it too much.
  • [10:42] Graph Weymann: I say, don't assume that DNS is enough; assume that URLs are enough
  • [10:42] Zha Ewry: I'm also going to ask Zero to put it on his office hours agenda for next week. "DNS name reslution considered sufficient"
  • [10:43] Graph Weymann: Then if DNS becomes unreliable you can use different URL schemes with better resolution mechanisms
  • [10:43] Zha Ewry: Graph, that's ok, tho, if DNS goes away?
  • [10:43] Graph Weymann: URL schemes are a nice plug-in-something -else point
  • [10:43] Zha Ewry: The whole REST assumption is probably in need of revisting
  • [10:43] Graph Weymann: Like when HTTP is insufficient you go toHTTPS
  • [10:43] Bartholomew Kleiber: I think DNS services are of highere reliabilty than URL services
  • [10:43] Graph Weymann: treat the URs as opaque
  • [10:44] Zha Ewry: You can, Graph, but in general for scheme other than http and https, you can't expect people to be able to reasona bout the properties
  • [10:44] Goldie Katsu: urls have to resolve down to something.
  • [10:45] Graph Weymann: Zha, what properties are you thinking of?
  • [10:45] Zha Ewry: Pretty much, what promises are in the URI space. In HTTP and HTTPs, that's very clear. I'l lhave to go an dlook at the whole URL spec, to sanity check what's the case in the less common cases
  • [10:46] Graph Weymann: "promises"?
  • [10:46] Graph Weymann: could you be more specific?
  • [10:47] Graph Weymann: I suspect that what you're thinking of is either also provided by what I'm suggesting, or invalid :)
  • [10:48] Latha Serevi: 's tail and ears droop and she gives a long sigh.
  • [10:49] Bartholomew Kleiber: I think she is refering to if there are properties if the URI scheme, that can be 'exploited' for our use cases.
  • [10:50] Graph Weymann: I'm asking what specific properties those are
  • [10:51] Graph Weymann: Also, when I said different schemes, I didn't mean ones that are different that much from HTTP - just ones with more robust resolution mechanism
  • [10:51] Graph Weymann: YOu can plug in https (dns+cert chains) now and invent or use somethin better later
  • [10:52] Bartholomew Kleiber: I thought that was the notion - or one at least
  • [10:52] Graph Weymann: I'm saying, don't ay "dns is good enough", say "https urls are good enough"
  • [10:52] Latha Serevi: wonders if we're all still present. Perhaps we could start wrapping up, with a couple of wiki pointers (where was Tao's writeup again; any wiki pages updated recently?) and a pointer to the next meeting?
  • [10:52] Graph Weymann: Don't specify dns, specify https
  • [10:52] Bartholomew Kleiber: this way you use 'standard' web mechanisms. It's just not clear if this suits all the use cases. Probably not.
  • [10:53] Latha Serevi: Anybody plan to try to write anything down, or try to work something out in particular, this week
  • [10:53] Latha Serevi:  ?
  • [10:54] Bartholomew Kleiber: on behalf of Dale, I'll post this page (with little but some work from me): https://wiki.secondlife.com/wiki/User:Dale_Innis/Group_IM_in_OGP
  • [10:55] Bartholomew Kleiber: The last of Taos writeups that I know of is this one: [1]
  • [10:56] Bartholomew Kleiber: I cant pick up more work, not this week
  • [10:57] Latha Serevi: Zha, Sai, et al - you still here, or have we partitioned somehow?
  • [10:57] Latha Serevi: Thanks for the links, Bart.
  • [10:57] Saijanai Kuhn: still here
  • [10:57] Bartholomew Kleiber: I think the universe splitted (again, darn), leaving us two here and the rest in the ...
  • [10:57] Bartholomew Kleiber: ... ok, three, then.
  • [10:58] Graph Weymann: still here
  • [10:58] Latha Serevi: Let's declare ignominious defeat and go home.
  • [10:58] Whump Linden: / isn't that "declare victory and go home"?
  • [10:59] Rex Cronon: a split universe?
  • [10:59] Bartholomew Kleiber: lol
  • [10:59] Latha Serevi: It usually would be, but I'm depressed.
  • [10:59] Bartholomew Kleiber: would a bone cheer you up? *ducks
  • [10:59] Latha Serevi: Good point, maybe I'll chase a squirrel for a miniute or two. Always helps.
  • [11:01] Rex Cronon: i need to go h4 office hour, so bye everybody
  • [11:01] pogan Palianta: bye
  • [11:01] Rex Cronon: have fun
  • [11:01] Bartholomew Kleiber: bye Rex
  • [11:01] pogan Palianta: thx
  • [11:02] Latha Serevi: Bye all; I'll go chew on something.
  • [11:02] Bartholomew Kleiber: me too
  • [11:02] Bartholomew Kleiber: bye
  • [11:02] pogan Palianta: bye
  • [11:02] Zha Ewry: eesks
  • [11:02] Zha Ewry: RL attacked me
  • [11:02] Goldie Katsu: That was what I had assumed
  • [11:03] G2 Proto: cya all
  • [11:03] Goldie Katsu: Mace for RL
  • [11:03] Zha Ewry: OK
  • [11:03] Goldie Katsu:  :)
  • [11:03] Zha Ewry: This as incredibly good, I think
  • [11:03] Zha Ewry: and I'll point Dale at that
  • [11:04] Zha Ewry: Thanks everyone
  • [11:04] Zha Ewry: also.. one last detail..
  • [11:04] Zha Ewry: I'm going to try and have an agenda for every other meeting, one open, one with a tighter agdenda
  • [11:04] Zha Ewry: so... If people have topics, please let me know
  • [11:04] G2 Proto: ok cool
  • [11:05] Bartholomew Kleiber: yes