User:Zero Linden/Office Hours/2008 August 05

From Second Life Wiki
Jump to: navigation, search
  • [13:02] Tao Takashi: yo
  • [13:03] Dahlia Trimble: small crowd today?
  • [13:03] Zero Linden: well - I think the bustle of activity on the gridnauts daily huddle
  • [13:03] Zoonotic Quandry: hi
  • [13:03] Zero Linden: has taken over much of the functions here
  • [13:03] Tao Takashi: I guess I missed it today
  • [13:04] Harleen Gretzky: Hi Zero
  • [13:04] Zero Linden: we also can wait a few --- I'm usually late - people may not expect me this early!
  • [13:04] Tao Takashi: I didn't ;-)
  • [13:04] Dahlia Trimble: I got there right after they finished talking about opensim bugs :)
  • [13:04] Lucias Carnell: i never knew there was one till 30 seconds ago >.<
  • [13:04] Rex Cronon: hello everybody
  • [13:05] Dahlia Trimble: Hi Rex :)
  • [13:05] Rex Cronon: hi
  • [13:05] Infinity Linden: hola
  • [13:06] Harleen Gretzky: Hi Infinity
  • [13:06] Dahlia Trimble: Hi Infinity :)
  • [13:06] Infinity Linden: hola amig{o|a}s
  • [13:06] Goldie Katsu: finds the cloud->rez thing a bit odd still
  • [13:07] Lucias Carnell: i love it
  • [13:07] Lucias Carnell: was tempted to make an avatar of it >.>
  • [13:07] Dahlia Trimble: beats deformed bots
  • [13:07] Zha Ewry: I find it much more jarring tyhan ruth
  • [13:07] Infinity Linden: hmm... i love it when it's there for a moment and then goes away
  • [13:07] Zha Ewry: Yeah, the moment is fine
  • [13:07] Infinity Linden: but alas
  • [13:07] Zha Ewry: when soeone is a cloud for 20 minutes
  • [13:08] Zha Ewry: not so much
  • [13:08] Infinity Linden: on the OGP regions
  • [13:08] Goldie Katsu: I'm probably biased by the number of problems it is causing for folks as judged by chats in the mentor groups
  • [13:08] Infinity Linden: yeah
  • [13:08] Zero Linden: Personally I prefer to be a cloud than an all-grey ruth....
  • [13:08] Tao Takashi: I like to be a cloud on the OGPs :)
  • [13:08] Zero Linden: but I recognize there are other points of view
  • [13:08] Tao Takashi: "meet two clouds at the road..."
  • [13:08] Zero Linden: ANYWAY...
  • [13:08] Zero Linden: So - Agenda?
  • [13:08] Infinity Linden: i would like to be a burning pillar of fire
  • [13:08] Zha Ewry: Trust proofs
  • [13:08] Zero Linden: 1) Upcoming OGP spec changes
  • [13:08] Dahlia Trimble: lol
  • [13:09] Zero Linden: 2) Trust proofs
  • [13:09] Tao Takashi: defining an OGP spec process? :)
  • [13:09] Goldie Katsu:  :)
  • [13:09] Zero Linden: (not to be confused with "thrust poofs" or some such...)
  • [13:09] Goldie Katsu: ((which would relate to the clouds ))
  • [13:09] Tao Takashi: Trust poofs? ;-)
  • [13:09] Infinity Linden: no comment
  • [13:09] Zero Linden: okay sold!
  • [13:09] Zero Linden: So
  • [13:10] Zero Linden: 1) This morning Tess and I spent two hours breaking up the one document into three:
  • [13:10] Zero Linden: OGP Base, OGP Authentication, and OGP Teleport
  • [13:10] Zero Linden: This should make getting the spec out more than once every six months much easier
  • [13:10] Zero Linden: There will also be an LLSD document to formally define that
  • [13:11] Infinity Linden: yay!
  • [13:11] Goldie Katsu: very cool!
  • [13:11] Lucias Carnell: more stuff to read \o/
  • [13:11] Goldie Katsu: Reading is easier than intuiting in sync with others.
  • [13:11] Zero Linden: The plan is to have the documents always reflect the best agreement of what OGP is supposed to be
  • [13:11] Zha Ewry: Will there be a JSON spexcific variatoin doc as well?
  • [13:11] Zero Linden: and have in-line note sections that call out where the current implementation deviates
  • [13:11] Infinity Linden: runs screaming at the mention of JSON
  • [13:12] Zha Ewry: fires a tranq gun at Infinity
  • [13:12] Infinity Linden: well... more of a run in place, actually
  • [13:12] Goldie Katsu: pats Infinity on the shoulder.
  • [13:12] Zero Linden: The LLSD doc describes a) the type system of LLSD, b) the serializations into XML and JSON, c) the interface description lanaguge for specifying protocols that use LLSD
  • [13:12] Zha Ewry: Go with drugs, Goldie
  • [13:13] Infinity Linden: i'm just worried about supporting JSON and XML when we're in the midst of deploying the first set of messages
  • [13:13] Goldie Katsu: chuckles
  • [13:13] Zero Linden: c) is a new section, for LLSD Description Langauge, or LDL (pronounced liddle)
  • [13:13] Zero Linden: well, there is an in-line in that section now..... :-P
  • [13:14] Zero Linden: So that is the state --- Tess, Leyla, Infinity and I will be working the next few weeks to get this out and then to keep it going
  • [13:14] Zero Linden: internally, we've added it to the source tree --- so eventually you'll see it in the code drops on svn
  • [13:15] Tao Takashi: I think it's good to have JSON in there.. does it really matter as it's just a serialization?
  • [13:15] Tao Takashi: and it's optional to implement
  • [13:15] Zero Linden: but also that should encourage us to keep it up to date with the code
  • [13:15] Infinity Linden: really my only problem with JSON is
  • [13:15] Infinity Linden: a) we have bigger, more important fish to fry right now
  • [13:15] Infinity Linden: and
  • [13:15] Zero Linden: well, *if* it is optional to implment, and therefore everyone has to have the XML version too.... what will be the point?
  • [13:16] Zero Linden: Probably, since serializing is easy - we'd have to say that everyone MUST serialize to XML or JSON on demand
  • [13:16] Tao Takashi: I can do a JSON implementation of everything for instance.. will be more webdev compatible that way :)
  • [13:16] Zero Linden: but that they only need to deserialize one
  • [13:16] Infinity Linden: i think there are several examples of web apps that use XML
  • [13:17] Zha Ewry: Its somewhat a recognition that your'e aiming for a b igger space
  • [13:17] Infinity Linden: though
  • [13:17] Infinity Linden: i must admit
  • [13:17] Tao Takashi: sure but soon enough somebody will implement them in JSON
  • [13:17] Lucias Carnell: Xml is easily webdev compatible to on that front tho,
  • [13:17] Zero Linden: and, if it is optional, how can you do just JSON - you'd have to do XML lest you speak to something that doesn't do JSON
  • [13:17] Infinity Linden: i like the idea of just "executing" the JSON
  • [13:17] Tao Takashi: so maybe let's go with just JSON then :)
  • [13:17] Zero Linden: shudders at just "executing" data from over the wire
  • [13:17] Infinity Linden: maybe the question is more
  • [13:17] Infinity Linden: when will LL support JSON serialization
  • [13:17] Infinity Linden: and
  • [13:18] Infinity Linden: can ew make sure it's specced out
  • [13:18] Infinity Linden: before that date
  • [13:18] Infinity Linden: so OpenSim, Zope and LL all end up using compatible serialization / marshalling
  • [13:19] Infinity Linden: (actually... it should be specced out before the first of OpenSim, Tao's Tools and LL want to use it)
  • [13:19] Tao Takashi: Hm, is there so much to spec out? Isn't it just defining some mapping for the types etc?
  • [13:19] Tao Takashi: maybe it can be some extension spec or so
  • [13:19] Infinity Linden: yes. there is _always_ something to spec out
  • [13:19] Tao Takashi: so it's not in the main spec
  • [13:19] Tao Takashi: sure, I am not saying nothing needs to be written :)
  • [13:19] Zha Ewry: Always
  • [13:20] Tao Takashi: but we don't have to rewrite the whole OGP spec for it (I hope)
  • [13:20] Infinity Linden: right... we hand an agenda
  • [13:20] Infinity Linden: had an agenda
  • [13:20] Zero Linden: oh no - the spec is carefully written to be a layer above the serialization
  • [13:21] Harleen Gretzky: gave you Zero Linden - 07/31/2008.
  • [13:21] Zero Linden: it uses LLSD & LDL as a way specifying what structure data is exchanged without reference to how that data is serialized
  • [13:21] Zero Linden: in this regard it is a bit like ASN.1
  • [13:21] Zero Linden: without perhaps all the baggage
  • [13:21] Saijanai Kuhn: thanks harleen
  • [13:21] Zero Linden: (or the efficiency, for that matter)
  • [13:21] Zero Linden: (or the security hole ridden implementation...)
  • [13:21] Infinity Linden: no BER, for instance
  • [13:21] Tao Takashi: that's how we modelled pyogp
  • [13:22] Tao Takashi: to have a serialization layer which can be replaced easily
  • [13:23] Tao Takashi: so we might agree on focusing on LLSD then for now
  • [13:23] Zero Linden: you mean the XML serialization of LLSD?
  • [13:23] Tao Takashi: err, yes :)
  • [13:23] Zero Linden: sorry, I'm in "specification writing" mode - which turns up all my lawyerly impulses
  • [13:24] Zero Linden: well then - given that we've finished the party of the first part, we can turn to the party of the second part
  • [13:24] Zha Ewry: as it should be
  • [13:24] Zero Linden: and procced forthwith, notwithstanding further statements to the contrary,
  • [13:25] Zero Linden: and with full acknowledged agreement to
  • [13:25] Zero Linden: "Trust Proofs".
  • [13:25] Zero Linden: Zha?
  • [13:25] Zha Ewry: So.. one of the next things we're likely to have to chase down, is proving that two regions are
  • [13:25] Zha Ewry: who they claim to be
  • [13:26] Zha Ewry: right now the OGP stuff it totally open
  • [13:26] Zha Ewry: If you open up the port, and accept a call from Aditi? You're trustign Aditi to send you nice people
  • [13:26] Zha Ewry: (So far, this has been true, but..)
  • [13:26] couch sit: 1 RED.: Tao Takashi, say '/1 Hide' to hide me, or '/1 Show' to make me show. Or just right-click and sit on me to use me.
  • [13:26] Tao Takashi: right, because I couldn't get in ;-)
  • [13:27] Zha Ewry: softly shushes Tao
  • [13:27] Tao Takashi: ok, I actually got in to other people's sims :)
  • [13:27] Zha Ewry: We're probably about at the point wher we need to start working out what we mean by a "proven" relationsjoip
  • [13:28] Zha Ewry: So. this raises the questoin:
  • [13:28] Zha Ewry: What is a valid level of trust
  • [13:28] Infinity Linden: uh oh... we're dangerously close to reinventing CORBASec
  • [13:28] Zha Ewry: and. for rexample, how are we going to prove the identity of a sim, or a member of a domain, etc.
  • [13:28] Zha Ewry: GOD no, Infinity
  • [13:29] Zha Ewry: dives under the chair and shakes muttering OMG, OMG, OMG.
  • [13:29] Tao Takashi: so the process would be: I am owner of agentdomain X and I make some sort of agreement (contract maybe) with owner of region Y and now we need to make this checkable by some tech?
  • [13:29] Zero Linden: I'm pretty sure Infinity would commit seppuku if we got close to defining CORBAanything
  • [13:29] Zha Ewry: I I start saying DSOM slap me
  • [13:29] Infinity Linden: I think it goes a bit deeper than that
  • [13:29] Goldie Katsu: uses the tranquilizer gun
  • [13:30] Zha Ewry: That all said
  • [13:30] Infinity Linden: yes... i need the tranquilizer gun after thinking about CORBA
  • [13:30] Tao Takashi: we can stop immediately if we would reinvent CORBAsomething I think ;-)
  • [13:30] Zha Ewry: That being said, w eneed a webish, lightweight way of diong this
  • [13:30] Infinity Linden: we want to have a trust relationship at a cople different levels
  • [13:30] Goldie Katsu: nods
  • [13:31] Infinity Linden: first.. SSLish... are we talking to the host we think we're talking too
  • [13:31] Infinity Linden: then app layerish... do I have a business relationship with this host
  • [13:31] Infinity Linden: and then at an individual layer
  • [13:31] Infinity Linden: like
  • [13:31] Zha Ewry: nods
  • [13:31] Zha Ewry: Roughtly, yes
  • [13:31] Infinity Linden: do i turust this avatar
  • [13:31] Infinity Linden: or
  • [13:31] Zha Ewry: Has to start with "Do I trust this box"
  • [13:31] Infinity Linden: do i trust this agent domain to maintain the identity of this avatar so i can decide whether or not i trust them
  • [13:31] Zero Linden: So, we could use SSL to ensure "I am talking to who I think I am"?
  • [13:32] Infinity Linden: in theory
  • [13:32] Infinity Linden: the hope behind SSL was always that peeps would use the key info to identify themselves
  • [13:32] Tao Takashi: if the certificate doesn't need refreshing ;)
  • [13:33] Zha Ewry: The cert become an issue
  • [13:33] Zha Ewry: actually, it hink we have a multi-layer problem
  • [13:33] Infinity Linden: and that there would be a trustworthy mapping between IP address and domain name
  • [13:33] Infinity Linden: yeah
  • [13:33] Zha Ewry: Proving that you konw the box is a member of a domain
  • [13:33] Infinity Linden: X.509 was not meant for what it's currently being used for
  • [13:33] Zha Ewry: and that you konw the domain can be trusted
  • [13:33] Zha Ewry: w'er eat the edges of the current cert suport
  • [13:33] Infinity Linden: unfortunately this is all information that doesn't fit inside a cert very well
  • [13:34] Infinity Linden: and honestly
  • [13:34] Zero Linden: While I respect SSL and would hate to reinvent it.... I secretly wish we had some way to do this without it
  • [13:34] Infinity Linden: it probably shouldn't
  • [13:34] Zero Linden: or at least leave it to just securing the transport....
  • [13:34] Infinity Linden: oh
  • [13:34] Infinity Linden: we could use S.MIME on all our messages
  • [13:34] Tao Takashi: I think I will start soon with collecting examples of services where you need some trust
  • [13:34] Zero Linden: though on the other hand, the I dislike that we'll have two or three mechanisms, one for each layer
  • [13:34] Tao Takashi: so it's not that abstract
  • [13:34] Infinity Linden: but we would end up doing a bunch of signature verifications
  • [13:34] Tao Takashi: and go from there to see how the process for making sure things are ok might work
  • [13:35] Infinity Linden: yeah
  • [13:35] Tao Takashi: also regarding things like OAuth
  • [13:35] Zha Ewry: As soon as possible, I want to be just usinfg caps and TLS, but
  • [13:35] Zha Ewry: I need a way to know I am handing a cap to a trsuted partner
  • [13:35] Infinity Linden: 'cause i believe that region operators will want to have enough data to make a trust decision
  • [13:35] Infinity Linden: where "enough" is open to interpretation
  • [13:36] Zha Ewry: I'm assuming they make it with lawyers, and signed TOS like stuff, and the result of that is a cert, to be honest
  • [13:36] Zha Ewry: I don't expect to do it on the fly any time soon
  • [13:36] Infinity Linden: well.. there's also another problem
  • [13:36] Tao Takashi: I agree, Zha
  • [13:36] Infinity Linden: we want to make sure we don't leak authentication info
  • [13:36] Tao Takashi: either they don't care or they call lawyers
  • [13:36] Zha Ewry: Definmtielty
  • [13:36] Zha Ewry: Leaking is bad
  • [13:36] Infinity Linden: so that "bad region" can't take an authenticator and impersonate a "good avatar" to a "good region"
  • [13:37] Tao Takashi: maybe we should also make a list with bad examples
  • [13:37] Infinity Linden: and the problem with Caps alone is
  • [13:37] Zha Ewry: We need to have an end to end scheme, which is simple enough we can show that it gets us from legal agreement to caps in the hands of the trigh person
  • [13:37] Zha Ewry: without a mand in the middle scheme
  • [13:37] Tao Takashi: things we want to prevent to happen
  • [13:37] Infinity Linden: once they'er distributed, you have no control over how they're used
  • [13:38] Zero Linden: So - I'm in agreement with Tao - that we should write out two or three clear cases we know about
  • [13:38] Tao Takashi: I think it makes thinking about all this easier
  • [13:38] Tao Takashi: at least for me ;-)
  • [13:38] Zero Linden: and make plain what is and isn't known and what needs to be proven to whom
  • [13:40] Zero Linden: The only one I think I can articulate well enough at this stage is
  • [13:41] Zero Linden: 1) The agent domain needs to know with certainty if a region is part of a region domain that it has knoweldge about
  • [13:41] Zha Ewry: nods
  • [13:41] Zero Linden: In particular, given JUST the URL to the region (as perhaps supplied by the the viewer)
  • [13:42] Zha Ewry: for the record, zero, I'd like to frame it as "Service X, wants to talk to servcie Y which is part of Domain D" eventually, abstract it out to the deisgn pattern and use it in all the cases
  • [13:42] Zero Linden: the Agent Domain needs to discover the Agent Domain, and if the claimed domain is has specifici knoweldge of, it needs to ascertain if that region is indded part of that domain as claimed
  • [13:42] Tao Takashi: btw, why not put some region domain component in which actually does the request_rez thing and returns the cap of a region?
  • [13:42] Infinity Linden: subject, object, permission?
  • [13:42] Tao Takashi: so the RD component would be your only point to contact (and might also have some map services)
  • [13:42] Zero Linden: Zha - yes - I agree we should, I was just working forward from one concrete case, as it makes it easier to think about what information is known at each stage
  • [13:42] Tao Takashi: regions could be hidden behind that
  • [13:43] Infinity Linden: Tao.. that could be an implementation
  • [13:43] Infinity Linden: however
  • [13:43] Infinity Linden: you would need to trust that the agent domain knows how to trust the region
  • [13:43] Infinity Linden: i.e. - it's using something like TLS with auth turned on to make sure it gets a good cap
  • [13:43] Zha Ewry: If this is goign to scale, you have to do somehting like that, because you can't managhe member ship anyother way, I don't think
  • [13:43] Tao Takashi: if the domain has regions with differenr trust levels
  • [13:44] Infinity Linden: also
  • [13:44] Infinity Linden: what about reverse compatibility?
  • [13:44] Tao Takashi: but I would assume that if you trust a domain this means you trust it's regions
  • [13:44] Tao Takashi: and delegate it
  • [13:44] Infinity Linden: Zha.. you're closer to people who care about such things (I believe)
  • [13:44] Zha Ewry: nods
  • [13:44] Tao Takashi: we actually had a quite good conversatoin after metanocs after you left about these topics
  • [13:45] Infinity Linden: will IBM want to see support for authentication based on existing standards like RADIUS, KERBEROS, PKI, etc.
  • [13:45] Infinity Linden: (BTW... i commit seppaku before i use Kerb 4 again)
  • [13:45] Zha Ewry: We'd like to see whyt we can't , Infinity, I think is fair
  • [13:46] Infinity Linden: blergh
  • [13:46] Zha Ewry: I am not prejudicing the topic, tho
  • [13:46] Zha Ewry: What would eb hard, is being 90% the same as them
  • [13:46] Infinity Linden: i was actually hoping you would say something like "I laugh at reverse compatibility requirements!"
  • [13:46] Zha Ewry: sighs and checks the paystub
  • [13:46] Infinity Linden: kicks self for bringing it up
  • [13:46] Infinity Linden: but
  • [13:46] Zha Ewry: "You can run OS/360 code on a Z/OS box"
  • [13:46] Zero Linden: But I saw a good question fly by: Do we agree that the question of trust a service X is willing to give a service Y is reducable to the question of trust X has in the certified domain of Y?
  • [13:46] Infinity Linden: at the end of the day
  • [13:47] Tao Takashi: what's this anyway?
  • [13:47] Infinity Linden: having a pluggable auth system accessed through GSSAP I or SASL or some "generic" services API is probably a "good thing"
  • [13:47] Infinity Linden: it allows us to not crate our own auth system
  • [13:47] Infinity Linden: and
  • [13:47] Tao Takashi: argh, SASL
  • [13:47] Infinity Linden: having done that before
  • [13:47] Infinity Linden: i don't want to do it again
  • [13:48] Zha Ewry: A story liek that, Infinity, would not be out of place here
  • [13:48] Infinity Linden: Tao... yeah... you have a point SASL might be unweildy
  • [13:48] Zha Ewry: That said I wasn't planning on diving in this deep
  • [13:48] Zha Ewry: I wasm ostly gettign to Zeor's questoin
  • [13:48] Infinity Linden: but we _could_ pick and choose bits we want
  • [13:48] Tao Takashi: I hope we can end up with stuff which is used web apps etc. these days
  • [13:49] Infinity Linden: certainly I wouldn't want to REQUIRE the use of all GSSAPI or even SASL
  • [13:49] Zha Ewry: +1 Tao
  • [13:49] Zha Ewry: and +5 Infinity
  • [13:49] Latha Serevi: Zero, perhaps "the maximum amount of" ... (trust a service X is willing to give a service Y is reducable to the question of trust X has in the certified domain of Y)
  • [13:49] Zha Ewry: A sane subset
  • [13:49] Infinity Linden: but
  • [13:49] Infinity Linden: I should warn people
  • [13:49] Infinity Linden: to look at MOSS
  • [13:49] Zha Ewry: What I'm trying to rais,e is what.. do we consider reasonable trust, and proof of it?
  • [13:50] Infinity Linden: (Message Oriented Security ... uh Subsystem?)
  • [13:50] Infinity Linden: it was after PEM and before S/MIME
  • [13:50] Infinity Linden: and contained so many options
  • [13:50] Infinity Linden: that everyone was compatible with the spec
  • [13:50] Zha Ewry: KISS
  • [13:50] Zha Ewry: KISS
  • [13:50] Zha Ewry: KISS
  • [13:50] Tao Takashi: still wonders if OAuth will do ;-)
  • [13:50] Infinity Linden: but no one was interoperable
  • [13:51] Latha Serevi: I doubt "we" have a single answer to that, Zha. But for each of us, the probable answer involves some combination of whitelists, acceptable protocols, and certification networks participated-in...
  • [13:51] Infinity Linden: blergh OpenID
  • [13:51] Infinity Linden: the problem with OpenID is that trust works one way
  • [13:51] Infinity Linden: it need to work both ways
  • [13:51] Infinity Linden: but
  • [13:52] Infinity Linden: before we go down that rabbit hole
  • [13:52] Infinity Linden: wasn't there something else on teh agenda?
  • [13:52] Zha Ewry: Infinity, we do need to keep that two way thoght in mind
  • [13:52] Zha Ewry: We need to be confident we're answer a quesy from ther partner we intend to, as well. Sigh.
  • [13:52] Zero Linden: So, for example, Zha, are we looking at one end of the spectrum of:
  • [13:53] Zero Linden: 1) I know you are in domain X, cause I asked X just now about you and they'd said "yup"
  • [13:53] Zero Linden: whereas at the other end we have
  • [13:53] Tao Takashi: ok, for the example of AD X has to trust Region or RD Y, the reason for that is probably mostly "do I give objects out to that region?", right?
  • [13:53] Zero Linden: 2) I know you are in domain X because you were able to supply me with a cert of the proper dimensions that establishes that to me
  • [13:53] Zero Linden: is that the kind of scale you are looking at?
  • [13:54] Infinity Linden: and there's also the ajudicated model
  • [13:54] Infinity Linden: which says... i don't try to authenticate you
  • [13:54] Infinity Linden: i just make all your modifications reversable if they turn out to be false
  • [13:55] Infinity Linden: Zero... i think that's a good look at the proactive end of things
  • [13:55] Zha Ewry: sighs
  • [13:55] Zha Ewry: I'd like to say 2)
  • [13:55] Infinity Linden: PKI came about (in part) because peeps were tired of model 1
  • [13:55] Zha Ewry: But. 2 reeks of Man in the middle
  • [13:55] Infinity Linden: or maintaining a CA
  • [13:55] Infinity Linden: or an RA
  • [13:55] Infinity Linden: or paying verisign
  • [13:55] Zha Ewry: nods at Infinity
  • [13:56] Tao Takashi: so isn't 1) basically caps with a timeout?
  • [13:56] Zha Ewry: especialy paying verisgn
  • [13:56] Infinity Linden: and while I love Jim Bidzos to death
  • [13:56] Infinity Linden: i'm happy not to require grid operators to pay him
  • [13:56] Infinity Linden: Tao.. kinda.. the literature refers to it as Nyberg-Reuppel
  • [13:57] Bartholomew Kleiber: so who maintains a trust center, then?
  • [13:57] Infinity Linden: and thre are a bunch of ways of implementing it
  • [13:57] Infinity Linden: +1 Bart
  • [13:57] Tao Takashi: I do and get rich! :)
  • [13:57] Tao Takashi: let me quickly code it :)
  • [13:57] Infinity Linden: umm... Tao... cam I see the results of your latest SAS-70 audit?
  • [13:57] Infinity Linden: but seriously
  • [13:58] Infinity Linden: there probably is a market for a service that doesn't charge an arm and a leg
  • [13:58] Tao Takashi: wow, they have a website from 1996 :)
  • [13:58] Infinity Linden: but when we get to layer 8 and 9
  • [13:58] Tao Takashi: [1]
  • [13:59] Lucias Carnell: Site last updated: May 28, 2008
  • [13:59] Lucias Carnell: still looks like crap :/
  • [13:59] Tao Takashi: but not the design ;-)
  • [13:59] Latha Serevi: In keeping with Zha's philosophy of "our protocol shouldn't make decisions for people", let's remember not to put all our eggs in one certification basket.
  • [13:59] Tao Takashi: "design"
  • [13:59] Infinity Linden: you get all sorts of weird things where people decide to give thier commercial trust services to places like Verisign
  • [13:59] Infinity Linden: absolutely
  • [13:59] Zero Linden: OMG is that an unstyled
    I see?
  • [13:59] Zero Linden: three of them?
  • [13:59] Lucias Carnell: yes :o
  • [13:59] Zero Linden: and a visitor counter?!?!?!?!
  • [13:59] Zha Ewry: WOW
  • [13:59] Tao Takashi: a good find, eh? ;-)
  • [13:59] Infinity Linden: hmm.. now it the time I think i have to disclose that I own Cericom shares
  • [13:59] Infinity Linden: Certicom
  • [14:00] Tao Takashi: a hello from the past :)
  • [14:00] Lucias Carnell: media browser needs a view page source button >.<
  • [14:00] Goldie Katsu: takes a deep breath hearing SAS70
  • [14:00] Lucias Carnell:  :P
  • [14:00] Infinity Linden: they're accountants, not web devs, obviously
  • [14:00] Tao Takashi: so I definitely first need to think more about the problem before thinking about how to solve it ;-)
  • [14:01] Tao Takashi: so some walkthrough might be good for some situation where you need trust
  • [14:01] Infinity Linden: +1 Tao
  • [14:01] Goldie Katsu: Coming to an agreed definition of the problem often makes finding a functional solution easier.
  • [14:01] Infinity Linden: we have a multi-tiered trust requirement
  • [14:01] Infinity Linden: users have to trust agent domains
  • [14:01] Infinity Linden: agent domains have to trust region domains
  • [14:01] Infinity Linden: (and vice versa)
  • [14:01] Goldie Katsu: pulls up her trust tier document on her computer and notes she hasn't finished it yet.
  • [14:02] Tao Takashi: ok, now we only need to define what "need to trust" means ;-)
  • [14:02] Tao Takashi: in which ways, for what etc.
  • [14:02] Infinity Linden: and we also have to trust that regions will use inventory in a manner consistent with most recent concerns regarding copy protection
  • [14:02] Zero Linden: slang - it is a text meeting
  • [14:02] Infinity Linden: and
  • [14:03] Infinity Linden: also to see if we need to delve deeper and support pluggable authentication
  • [14:03] Infinity Linden: (i think we said it was a good idea)
  • [14:03] Zha Ewry: I deifnitely want some concrtete use cases to tie this into
  • [14:03] Zha Ewry: And yes, we did, Infinity
  • [14:03] Zha Ewry: reluctantly
  • [14:03] Tao Takashi: I think the obeying permissions will probably done by some contract between ADs and RDs
  • [14:03] Zha Ewry: uBut we did mutter pluggale
  • [14:03] Latha Serevi: Maybe I'll cut-n-paste some notes I made on trust interests of various participants...shall I? Less than a page long.
  • [14:03] Tao Takashi: so you need to make sure though that this region is one you have a contract with
  • [14:03] Infinity Linden: and then whether or not we want to apply security sauce to APIs, machines, whole regions or individual rest invocations
  • [14:04] Zha Ewry: Oh.. and for anyone, not at AWGroupies today, or Office hours on TYhursday...
  • [14:04] Infinity Linden: Tao... right... trusting the transport
  • [14:04] Infinity Linden: that's step 1
  • [14:04] Zha Ewry: I'm planning on being mostl off grid August 9th-31st,.
  • [14:04] Goldie Katsu: That woudl be good Latha although there are a couple of additional cases.
  • [14:04] Tao Takashi: It would be good to collect all those on some wiki page
  • [14:05] Infinity Linden: yeah...
  • [14:05] Infinity Linden: Tao... i'm on it
  • [14:05] Latha Serevi: Here comes a small flood, then, to stimulate your imaginations... I've got a notecard for later, but here it is now.
  • [14:05] Tao Takashi: (although I somehow do not really use the wiki...)
  • [14:05] Latha Serevi: General trust interests of the cast of characters -- 1. user -- don't abuse my inventory; don't send me inappropriate material; don't parade me around naked or use me as a puppet; don't steal my money ; let me associate my username between grids; don't let someone else use my existing username before I get there;
  • [14:05] Latha Serevi: 2. sim operator -- don't cause me to break my promises; don't get me arrested; don't lag, flood, grief, or crash my sim ; let people TP easily into my sim; let people access their objects while in my sim; don't bring objects here that are mislabeled or stripped of important info; if I've banned you, don't come back
  • [14:05] Latha Serevi: 3. agent domain -- don't break asset perms; don't spoof me; don't access somebody else's inventory ; don't store unlawful stuff in me
  • [14:05] Latha Serevi: 4. object creator -- preserve my restrictions; let me be paid for content; let me give content away ; let my content propagate widely (or don't) ; tag my objects with a universal and comprehensible ID linked to the real me; let me have some idea how many of my creations exist out there in the world;
  • [14:05] Latha Serevi: 5. object owner -- let me use my object; don't take or copy my object without my permission; don't cause me to break my promises ; don't lose or delete my object; let me examine and modify my object
  • [14:05] Latha Serevi: 6. Linden Labs -- [sim operator + agent domain interests as above]; interact nicely with my existing large world; keep my brand distinct; allow teleporting to/from SL from your world; keep my content creators happy; let my residents not be excluded from exciting new things; don't destroy my ability to innovate; allow transfer of assets to and from SL in a controlled manner;
  • [14:05] Latha Serevi: (end)
  • [14:06] Zero Linden: Well, we've hit the IBM 1405 Disk Subsystem - my least favorite part of the 1401 line ---
  • [14:06] Zero Linden: --- cause you couldn't actually *touch* the bits like you could everywhere else in the computer
  • [14:06] Tao Takashi: thanks, Latha
  • [14:07] Zero Linden: Latha - those notes look useful - can yo uget them into the wiki?
  • [14:07] Infinity Linden: shudders a the mention of the 1401
  • [14:07] Zero Linden: "don't store unlawful stuff in me" -- makes me think of the plot device in "Fifth Element" of where the stones are hidden....
  • [14:08] Lucias Carnell: Heh,
  • [14:08] Zero Linden: --- and by touch, I meant with your finger, not just with a program.... ----
  • [14:08] Lucias Carnell: as long as this system doesnt involve singing blue alien's we should be good.
  • [14:09] Latha Serevi: Sure, I can wiki those when I figure where in the wiki ... I can also pass a notecard with those and some perhaps-less-good attempts at some other privacy/authentication topics to whoever asks.
  • [14:09] Zha Ewry: Wondrous
  • [14:09] Lucias Carnell: Latha, I wouldnt mind a copy to look at later.
  • [14:09] Zero Linden: great
  • [14:09] Infinity Linden: I'm posting that into https://wiki.secondlife.com/wiki/User:Infinity_Linden/OGP_Trust_Model
  • [14:09] Infinity Linden: with more stuff added later
  • [14:10] Zero Linden: well all, thanks again for coming
  • [14:10] Goldie Katsu: Great meeting Zero
  • [14:10] Zha Ewry: Really nice stuff, people
  • [14:10] Zero Linden: I'm going to head off (I suspect to some spec. work with Infinity!)
  • [14:10] Zero Linden: later all!
  • [14:10] Rex Cronon: bye zero
  • [14:10] Infinity Linden: cheers
  • [14:10] Zero Linden: see you thursday
  • [14:10] Bartholomew Kleiber: bye
  • [14:10] Rex Cronon: bye everybody
  • [14:10] Lucias Carnell: Thanks Latha
  • [14:11] Tao Takashi: cya everybody! I will now read the OAuth spec again :)
  • [14:11] Lucias Carnell: think i may go do some background reading myself.
  • [14:11] Tao Takashi: and trying out Google sites now to write down some notes