Difference between revisions of "AW Groupies/Chat Logs/AWGroupies-2008-08-05"

From Second Life Wiki
Jump to navigation Jump to search
(New page: [9:31] You: hey all [9:31] Pixel Gausman: hi guys [9:32] Pixel Gausman: i liked this SL thing a lot more before it meant more meetings. :-) [9:32] Dahlia Trimble: lol [9:33] Bartholom...)
 
 
Line 1: Line 1:
[9:31]  You: hey all
* [9:31] [[User:Saijanai Kuhn|Saijanai Kuhn]]: hey all
[9:31] Pixel Gausman: hi guys
* [9:31] [[User:Pixel Gausman|Pixel Gausman]]: hi guys
[9:32] Pixel Gausman: i liked this SL thing a lot more before it meant more meetings. :-)
* [9:32] [[User:Pixel Gausman|Pixel Gausman]]: i liked this SL thing a lot more before it meant more meetings. :-)
[9:32] Dahlia Trimble: lol
* [9:32] [[User:Dahlia Trimble|Dahlia Trimble]]: lol
[9:33] Bartholomew Kleiber: Hi all
* [9:33] [[User:Bartholomew Kleiber|Bartholomew Kleiber]]: Hi all
[9:33] Zha Ewry looks around for squirerls
* [9:33] [[User:Zha Ewry|Zha Ewry]]:  looks around for squirerls
[9:33] Angelo Biondi: hello
* [9:33] [[User:Angelo Biondi|Angelo Biondi]]: hello
[9:33] KK Jewell is Offline
* [9:33] [[User:Zha Ewry|Zha Ewry]]: Hello, everyone
[9:33]  Zha Ewry: Hello, everyone
* [9:33] [[User:Dahlia Trimble|Dahlia Trimble]]:  nibbles on a seed
[9:33] Dahlia Trimble nibbles on a seed
* [9:34] [[User:Pixel Gausman|Pixel Gausman]]: looks squirrley and plots an attack on a birdfeeder
[9:34] comet Morigi is Online
* [9:34] [[User:Zha Ewry|Zha Ewry]]:  takes a note to speak to the gardners about weeds
[9:34Pixel Gausman looks squirrley and plots an attack on a birdfeeder
* [9:36] [[User:Zha Ewry|Zha Ewry]]: So... I think, several of the people I see here have actually spun up patched regoins and run then, yes?
[9:34] Zha Ewry takes a note to speak to the gardners about weeds
* [9:36] [[User:Bartholomew Kleiber|Bartholomew Kleiber]]: yup
[9:34] JayR Cela is Offline
* [9:36] [[User:Dahlia Trimble|Dahlia Trimble]]: yep
[9:35]  Tess Linden is Offline
* [9:36] [[User:Dahlia Trimble|Dahlia Trimble]]:  flying squirrls?
[9:36]  Zha Ewry: So... I think, several of the people I see here have actually spun up patched regoins and run then, yes?
* [9:36] [[User:Zha Ewry|Zha Ewry]]: Not sure if I should be horrified, or happy, that it mostly seems to work
[9:36] Warthog Jun is Online
* [9:37] [[User:Pixel Gausman|Pixel Gausman]]: 5756 seems to be getting a warm reception in #gridnauts...once people change defaults.xml to use their dotted ip addr instead of hostname
[9:36]  Bartholomew Kleiber: yup
* [9:37] [[User:Zha Ewry|Zha Ewry]]: I'm currently looking at two major, and one minor issue
[9:36] Dahlia Trimble: yep
* [9:37] [[User:Zha Ewry|Zha Ewry]]: The major, major, is the ghosting
[9:36] Dahlia Trimble: flying squirrls?
* [9:38] [[User:Movies1963 Beck|Movies1963 Beck]]: if we were in China now that dog that just barked might've been our lunch
[9:36] Zha Ewry: Not sure if I should be horrified, or happy, that it mostly seems to work
* [9:38] [[User:Zha Ewry|Zha Ewry]]: We're failing to clear state fully on logout,and I'm looking at that
[9:36] WarKirby Magojiro is Online
* [9:38] [[User:Zha Ewry|Zha Ewry]]: The second, less serious, but anoying, is the "banned" message we sometimes trigger
[9:37]  Pixel Gausman: 5756 seems to be getting a warm reception in #gridnauts...once people change defaults.xml to use their dotted ip addr instead of hostname
* [9:39] [[User:Dahlia Trimble|Dahlia Trimble]]: you mean ban lines?
[9:37] Zha Ewry: I'm currently looking at two major, and one minor issue
* [9:39] [[User:Zha Ewry|Zha Ewry]]: And.. everyone should be aware that, for *some* cases, using the numeric form of your host is necessary.(That's intermitent)
[9:37] Zha Ewry: The major, major, is the ghosting
* [9:39] [[User:Zha Ewry|Zha Ewry]]: The "You are not permitted to this destination" but if you clear the message you TP anyway
[9:37] KK Jewell is Online
* [9:39] [[User:Pixel Gausman|Pixel Gausman]]: Zha: is ghosting a core OpenSim issue that is being shown by OGP?
[9:38]  Movies1963 Beck: if we were in China now that dog that just barked might've been our lunch
* [9:40] [[User:Zha Ewry|Zha Ewry]]: I can't decide
[9:38] Zha Ewry: We're failing to clear state fully on logout,and I'm looking at that
* [9:40] [[User:Pixel Gausman|Pixel Gausman]]: me either
[9:38] Zha Ewry: The second, less serious, but anoying, is the "banned" message we sometimes trigger
* [9:40] [[User:Zha Ewry|Zha Ewry]]: There has been some ghosting on openSim TP
[9:39] Dahlia Trimble: you mean ban lines?
* [9:40] [[User:Pixel Gausman|Pixel Gausman]]: seems awefully possible
[9:39] Zha Ewry: And.. everyone should be aware that, for *some* cases, using the numeric form of your host is necessary.(That's intermitent)
* [9:40] [[User:Zha Ewry|Zha Ewry]]: We don't TP tho, we "logout"
[9:39] Zha Ewry: The "You are not permitted to this destination" but if you clear the message you TP anyway
* [9:40] [[User:Dahlia Trimble|Dahlia Trimble]]: I havent seen that kind of ghosting in other opensim applications
[9:39] Pixel Gausman: Zha: is ghosting a core OpenSim issue that is being shown by OGP?
* [9:40] [[User:Pixel Gausman|Pixel Gausman]]: might be the same bug being poked from a different angle
[9:40] Zha Ewry: I can't decide
* [9:41] [[User:Zha Ewry|Zha Ewry]]: The obvious interesting hint is that the the final logout (quit) of the sim finds the logged in agnts
[9:40] Pixel Gausman: me either
* [9:41] [[User:Pixel Gausman|Pixel Gausman]]: anyway, might be good to collab with the OpenSim core devs on that one to see if you can poke it together
[9:40] Zha Ewry: There has been some ghosting on openSim TP
* [9:41] [[User:Dahlia Trimble|Dahlia Trimble]]: if it could be repro'd without interop
[9:40] Pixel Gausman: seems awefully possible
* [9:41] [[User:JB Kraft|JB Kraft]]: fwiw, i have seen ghosting enough in opensim to think it as a real bug
[9:40] Zha Ewry: We don't TP tho, we "logout"
* [9:42] [[User:Pixel Gausman|Pixel Gausman]]: JB: yeah, it's been showing up more recently in OpenSim trunk
[9:40] Dahlia Trimble: I havent seen that kind of ghosting in other opensim applications
* [9:42] [[User:Dahlia Trimble|Dahlia Trimble]]: JB can you repro it?
[9:40] Pixel Gausman: might be the same bug being poked from a different angle
* [9:42] [[User:JB Kraft|JB Kraft]]: no, thats the trouble, i cant find something to cause it
[9:41] Zha Ewry: The obvious interesting hint is that the the final logout (quit) of the sim finds the logged in agnts
* [9:43] [[User:Zha Ewry|Zha Ewry]]: What's odd, is that you see what looks like complete logout processing
[9:41] Pixel Gausman: anyway, might be good to collab with the OpenSim core devs on that one to see if you can poke it together
* [9:43] [[User:Pixel Gausman|Pixel Gausman]]: i do know there has been some pondering on the ghosting by OpenSim devs recently
[9:41] Dahlia Trimble: if it could be repro'd without interop
* [9:43] [[User:Zha Ewry|Zha Ewry]]:  So.. that's the patch
[9:41] Keex Rexroth is Offline
* [9:44] [[User:Dahlia Trimble|Dahlia Trimble]]: there is a different kind of ghosting that is a bug
[9:41]  JB Kraft: fwiw, i have seen ghosting enough in opensim to think it as a real bug
* [9:44] [[User:Dahlia Trimble|Dahlia Trimble]]: totaly different
[9:42] Pixel Gausman: JB: yeah, it's been showing up more recently in OpenSim trunk
* [9:44] [[User:Zha Ewry|Zha Ewry]]: I think so too.
[9:42] Dahlia Trimble: JB can you repro it?
* [9:44] [[User:Pixel Gausman|Pixel Gausman]]: "totally"? perhaps related.
[9:42] WarKirby Magojiro is Offline
* [9:44] [[User:JB Kraft|JB Kraft]]: where you appear on mutliple regions?
[9:42]  JB Kraft: no, thats the trouble, i cant find something to cause it
* [9:44] [[User:Dahlia Trimble|Dahlia Trimble]]: it's not a logout issue
[9:42] KK Jewell is Offline
* [9:44] [[User:Zha Ewry|Zha Ewry]]: This, to mee feels like "We havent' closed the scene presence properly"
[9:43]  Zha Ewry: What's odd, is that you see what looks like complete logout processing
* [9:44] [[User:BlueWall Slade|BlueWall Slade]]: the region renders child avatars
[9:43] Pixel Gausman: i do know there has been some pondering on the ghosting by OpenSim devs recently
* [9:44] [[User:Dahlia Trimble|Dahlia Trimble]]: whe you appear in the center of a neighboring sim
[9:43] Zha Ewry: So.. that's the patch
* [9:45] [[User:Zha Ewry|Zha Ewry]]: This, isn't that, I don't think.
[9:44] Kalvin Jefferson is Offline
* [9:45] [[User:Zha Ewry|Zha Ewry]]: So.. that's the patch. On other topics
[9:44]  Dahlia Trimble: there is a different kind of ghosting that is a bug
* [9:46] [[User:Zha Ewry|Zha Ewry]]: I'm going to do something really freaky, strarting this weekend. Called Vacation.
[9:44] Dahlia Trimble: totaly different
* [9:46] [[User:JB Kraft|JB Kraft]]: explain pls ;)
[9:44] Zha Ewry: I think so too.
* [9:46] [[User:Dahlia Trimble|Dahlia Trimble]]: lol
[9:44] Pixel Gausman: "totally"? perhaps related.
* [9:46] [[User:Zha Ewry|Zha Ewry]]: I'll be largely off grid for about three weeks
[9:44] JB Kraft: where you appear on mutliple regions?
* [9:46] [[User:Bartholomew Kleiber|Bartholomew Kleiber]]: what a concept ...
[9:44] Dahlia Trimble: it's not a logout issue
* [9:46] [[User:Zha Ewry|Zha Ewry]]:  Will have the laptop in tow, but not making any promisses
[9:44] Zha Ewry: This, to mee feels like "We havent' closed the scene presence properly"
* [9:46] [[User:Twa Hinkle|Twa Hinkle]]: what region are you going for vacation?
[9:44] BlueWall Slade: the region renders child avatars
* [9:46] [[User:Zha Ewry|Zha Ewry]]: Dr. Scofield, in SL (who you've seen on openSim dev, most likely)
[9:44] Dahlia Trimble: whe you appear in the center of a neighboring sim
* [9:47] [[User:Pixel Gausman|Pixel Gausman]]:  gets jealous
[9:45] Zha Ewry: This, isn't that, I don't think.
* [9:47] [[User:Zha Ewry|Zha Ewry]]: will be kindly keeping an eye on things while I'm away
[9:45] Zha Ewry: So.. that's the patch. On other topics
* [9:47] [[User:Dahlia Trimble|Dahlia Trimble]]: is Dr up to speed on the patch?
[9:46] Zha Ewry: I'm going to do something really freaky, strarting this weekend. Called Vacation.
* [9:47] [[User:Zha Ewry|Zha Ewry]]: In particular, expect to see the patch kept in sycn with trunk several times a week, and anythign heart stopping looked at
[9:46] JB Kraft: explain pls ;)
* [9:47] [[User:Zha Ewry|Zha Ewry]]: I'm expecting Dr to be by the time I head out
[9:46] Dahlia Trimble: lol
* [9:47] [[User:Zha Ewry|Zha Ewry]]: I'll also be posting my notes on the basic code
[9:46] Zha Ewry: I'll be largely off grid for about three weeks
* [9:47] [[User:Pixel Gausman|Pixel Gausman]]: Zha: maybe some notes on the patch before you go MIA?
[9:46] Bartholomew Kleiber: what a concept ...
* [9:48] [[User:Pixel Gausman|Pixel Gausman]]: oh, nice
[9:46] Zha Ewry: Will have the laptop in tow, but not making any promisses
* [9:48] [[User:Zha Ewry|Zha Ewry]]: Its mostly in three spots, I'll enumerate those, and we'll have them on forge
[9:46] Twa Hinkle: what region are you going for vacation?
* [9:48] [[User:Zha Ewry|Zha Ewry]]: I'll be in Europe, so, 9 hours off sync from SLT
[9:46] Zha Ewry: Dr. Scofield, in SL (who you've seen on openSim dev, most likely)
* [9:49] [[User:Zha Ewry|Zha Ewry]]: The most reliable way to get my attention will be to my gmail account
[9:47] Pixel Gausman gets jealous
* [9:49] [[User:Zha Ewry|Zha Ewry]]: (zha. ewry@gmail.com, it's on my profile)
[9:47] Zha Ewry: will be kindly keeping an eye on things while I'm away
* [9:49] [[User:Zha Ewry|Zha Ewry]]: While I'm off hopefully recharging the mental batteries.. I have a think/write challange for people
[9:47] Neosome Anatine is Online
* [9:50] [[User:Zha Ewry|Zha Ewry]]: I've been blythly, asserting, we can do basic proof that Component X, is part of Region Y, and can be trusted, suing certificates, in an SSH or PKIish fashoin
[9:47]  Dahlia Trimble: is Dr up to speed on the patch?
* [9:51] [[User:Zha Ewry|Zha Ewry]]: wherre the basic assertion is we can issue Region Domain "D" a cert "CertD" which it can use to provde to other partners, that it is Region Fomain D, and that Box "Box1" can handshake as well
[9:47] Zha Ewry: In particular, expect to see the patch kept in sycn with trunk several times a week, and anythign heart stopping looked at
* [9:51] [[User:Tao Takashi|Tao Takashi]]: Hi cloudy people
[9:47] Zha Ewry: I'm expecting Dr to be by the time I head out
* [9:53] [[User:Zha Ewry|Zha Ewry]]: Soo.. what I'd love to see
[9:47] Zha Ewry: I'll also be posting my notes on the basic code
* [9:53] [[User:Zha Ewry|Zha Ewry]]: is a walk through
[9:47] Tao Takashi is Online
* [9:54] [[User:Pixel Gausman|Pixel Gausman]]: give an example of "Component X"?
[9:47]  Pixel Gausman: Zha: maybe some notes on the patch before you go MIA?
* [9:54] [[User:Zha Ewry|Zha Ewry]]: "Service provider Lumpy Labs, issues a Cert, with the followinf properties to Grid Hoster MurkyBusinessModelVW Hosting, MBVWH signs requests.."
[9:48] Pixel Gausman: oh, nice
* [9:55] [[User:Tao Takashi|Tao Takashi]]: yeah, I would like to write down some scenario using XRDS and OAuth to connect services
[9:48] Zha Ewry: Its mostly in three spots, I'll enumerate those, and we'll have them on forge
* [9:55] [[User:Tao Takashi|Tao Takashi]]: given that I have some time :)
[9:48] Goldie Katsu is Online
* [9:55] [[User:Zha Ewry|Zha Ewry]]: So..I'm goign to argue the overall design pattern is "Domains" are the basis of trust, "Agent Domain, Regoina Domain, Service Domain" for example
[9:48]  Zha Ewry: I'll be in Europe, so, 9 hours off sync from SLT
* [9:55] [[User:Zha Ewry|Zha Ewry]]: Where you give a domain a Cert to use as the acnhor of the process
[9:49] Zha Ewry: The most reliable way to get my attention will be to my gmail account
* [9:56] [[User:Latha Serevi|Latha Serevi]]: :-) murkyBusinessModel
[9:49] Zha Ewry: (zha. ewry@gmail.com, it's on my profile)
* [9:56] [[User:Zha Ewry|Zha Ewry]]: (You have a not for public consumtpion protocol between the Region Domain and the memebers, which lets them get handed temp certs to prove they are part of the Domain
[9:49] Neosome Anatine is Offline
* [9:57] [[User:Zha Ewry|Zha Ewry]]: So.... when you want to find out if software compoennt X, (say an asset store on a regoin) is part of MBMVWH, it says "I am, and gets atag from the domain, which is can use, short term to prove it is)
[9:49]  Zha Ewry: While I'm off hopefully recharging the mental batteries.. I have a think/write challange for people
* [9:57] [[User:Tao Takashi|Tao Takashi]]:  would like a model where there actually aren't "big" domains but more individual services which are easy to replace
[9:50] Zha Ewry: I've been blythly, asserting, we can do basic proof that Component X, is part of Region Y, and can be trusted, suing certificates, in an SSH or PKIish fashoin
* [9:57] [[User:Tao Takashi|Tao Takashi]]: like where the development of the web is going
[9:51] Zha Ewry: wherre the basic assertion is we can issue Region Domain "D" a cert "CertD" which it can use to provde to other partners, that it is Region Fomain D, and that Box "Box1" can handshake as well
* [9:57] [[User:Zha Ewry|Zha Ewry]]: That's exactly what this is Tao
[9:51] Tao Takashi: Hi cloudy people
* [9:57] [[User:Zha Ewry|Zha Ewry]]: The trust is vested in the collection
[9:53] Zha Ewry: Soo.. what I'd love to see
* [9:57] [[User:Zha Ewry|Zha Ewry]]: becuase you don't want to try to manage every compeonent in the picture
[9:53] Zha Ewry: is a walk through
* [9:58] [[User:Zha Ewry|Zha Ewry]]: You group them, into a domain, which says "all my memebrs are known only to me, you cana sk me about them"
[9:54] Pixel Gausman: give an example of "Component X"?
* [9:59] [[User:Pixel Gausman|Pixel Gausman]]:  ponders performance
[9:54] Zha Ewry: "Service provider Lumpy Labs, issues a Cert, with the followinf properties to Grid Hoster MurkyBusinessModelVW Hosting, MBVWH signs requests.."
* [9:59] [[User:Zha Ewry|Zha Ewry]]: (You deperartlye don't want to have a constant update stream "Zha's Region Domain is adding Host1287" to the Domain
[9:55] Tao Takashi: yeah, I would like to write down some scenario using XRDS and OAuth to connect services
* [9:59] [[User:Tao Takashi|Tao Takashi]]: yeah, I guess something like this is needed to keep it manageable
[9:55] Tao Takashi: given that I have some time :)
* [9:59] [[User:Tao Takashi|Tao Takashi]]: so that in the end you can point to some trusted node which has contracts with all the other services in order to delegate this decision to it
[9:55] Zha Ewry: So..I'm goign to argue the overall design pattern is "Domains" are the basis of trust, "Agent Domain, Regoina Domain, Service Domain" for example
* [9:59] [[User:Zha Ewry|Zha Ewry]]: "Tao's Turtonic Hosting has rmeoved Data Portability Portal 5"
[9:55] Zha Ewry: Where you give a domain a Cert to use as the acnhor of the process
* [10:00] [[User:Tao Takashi|Tao Takashi]]: I am wondering if something like this could be an extension to OAuth
[9:56] Latha Serevi: :-) murkyBusinessModel
* [10:00] [[User:Latha Serevi|Latha Serevi]]: I always just imagine these protocols would be the domain cryptographically signing a message of a particular sort, "I authorize MBMVW, public key X, with a temporary permission to do X." It seems straightfoward that once we agree on everybody's pubkey-to-identity mapping, we can use short chains of these signed permission-slips to get various stuff done. How does that mental model fit with y'all?
[9:56] Zha Ewry: (You have a not for public consumtpion protocol between the Region Domain and the memebers, which lets them get handed temp certs to prove they are part of the Domain
* [10:01] [[User:Tao Takashi|Tao Takashi]]: as you might already face the same problem on the web if you you e.g. want to read data from 10 services during the signup to one new service. you might not want to tell every single service that it's ok separately. Then on another thought this might be a different problem ;-)
[9:57] Zha Ewry: So.... when you want to find out if software compoennt X, (say an asset store on a regoin) is part of MBMVWH, it says "I am, and gets atag from the domain, which is can use, short term to prove it is)
* [10:01] [[User:Zha Ewry|Zha Ewry]]: That's the ballpark I'm thking of
[9:57] Tao Takashi would like a model where there actually aren't "big" domains but more individual services which are easy to replace
* [10:01] [[User:Tao Takashi|Tao Takashi]]: because it's user centric while the domain thing is service centric
[9:57] Laurent Bechir is Online
* [10:01] [[User:Zha Ewry|Zha Ewry]]: There has been some fairly cogent concern tha PKI isn't fully up to it
[9:57]  Tao Takashi: like where the development of the web is going
* [10:01] [[User:Zha Ewry|Zha Ewry]]: This is 90% aimed at the server side
[9:57] Zha Ewry: That's exactly what this is Tao
* [10:02] [[User:Goldie Katsu|Goldie Katsu]]: PKI is rather messy
[9:57] Zha Ewry: The trust is vested in the collection
* [10:02] [[User:Tao Takashi|Tao Takashi]]: Latha: sounds like the OAuth model basically (the temp. permission bit)
[9:57] Zha Ewry: becuase you don't want to try to manage every compeonent in the picture
* [10:02] [[User:Zha Ewry|Zha Ewry]]: I think.. it feels like the problem people are trying to solve with tokens OAuth style
[9:58] Zha Ewry: You group them, into a domain, which says "all my memebrs are known only to me, you cana sk me about them"
* [10:02] [[User:Goldie Katsu|Goldie Katsu]]: kerberos?
[9:59] Pixel Gausman ponders performance
* [10:02] [[User:Zha Ewry|Zha Ewry]]: So.. I am really hoping you'll colletcively, bang out a walk through
[9:59] Zha Ewry: (You deperartlye don't want to have a constant update stream "Zha's Region Domain is adding Host1287" to the Domain
* [10:02] [[User:Tao Takashi|Tao Takashi]]: I need to dig into the OAuth spec again
[9:59] Tao Takashi: yeah, I guess something like this is needed to keep it manageable
* [10:03] [[User:Zha Ewry|Zha Ewry]]: "Cert comes from here, gets held here, we sign with it, in this spot, we get temp tokens from it, and use the like X"
[9:59] Don Misfit is Offline
* [10:03] [[User:Goldie Katsu|Goldie Katsu]]: URL for OAuth spec?
[9:59]  Tao Takashi: so that in the end you can point to some trusted node which has contracts with all the other services in order to delegate this decision to it
* [10:03] [[User:Tao Takashi|Tao Takashi]]: maybe even implement something on top of it :)
[9:59] joao Mastroianni is Online
* [10:03] [[User:Twa Hinkle|Twa Hinkle]]: i still wonder about all this.. this all assumes there are untrusted domains..
[9:59]  Zha Ewry: "Tao's Turtonic Hosting has rmeoved Data Portability Portal 5"
* [10:03] [[User:Tao Takashi|Tao Takashi]]: oauth.net
[10:00] Tao Takashi: I am wondering if something like this could be an extension to OAuth
* [10:03] [[User:Tao Takashi|Tao Takashi]]: [http://oauth.net]
[10:00] Latha Serevi: I always just imagine these protocols would be the domain cryptographically signing a message of a particular sort, "I authorize MBMVW, public key X, with a temporary permission to do X." It seems straightfoward that once we agree on everybody's pubkey-to-identity mapping, we can use short chains of these signed permission-slips to get various stuff done. How does that mental model fit with y'all?
* [10:03] [[User:Goldie Katsu|Goldie Katsu]]: thank you
[10:01] Tao Takashi: as you might already face the same problem on the web if you you e.g. want to read data from 10 services during the signup to one new service. you might not want to tell every single service that it's ok separately. Then on another thought this might be a different problem ;-)
* [10:03] [[User:Zha Ewry|Zha Ewry]]:  We'r enot looking at doing sigbning for most messages, so we're not trying to bite off all of PKI
[10:01] Zha Ewry: That's the ballpark I'm thking of
* [10:03] [[User:Latha Serevi|Latha Serevi]]: So far, we have two bases to start from -- my first-principles PK auth approach, and OAuth. Are there any others I should be aware of?
[10:01] Bjorlyn Loon is Offline
* [10:03] [[User:Zha Ewry|Zha Ewry]]: We can assume CAPS and TLI for the security once we've established trust
[10:01]  Tao Takashi: because it's user centric while the domain thing is service centric
* [10:04] [[User:Zha Ewry|Zha Ewry]]: TLS
[10:01] Zha Ewry: There has been some fairly cogent concern tha PKI isn't fully up to it
* [10:04] [[User:Tao Takashi|Tao Takashi]]: Goldie: I am not sure it fits but it would be great if it could be made to fit e.g. by some extension because this is where the web is heading and it would make sense to use such protocols if possible
[10:01] Zha Ewry: This is 90% aimed at the server side
* [10:04] [[User:Goldie Katsu|Goldie Katsu]]: I'll take a look. (I'm assuming you're talking OAuth)
[10:02] Goldie Katsu: PKI is rather messy
* [10:04] [[User:Tao Takashi|Tao Takashi]]: yep
[10:02] Tao Takashi: Latha: sounds like the OAuth model basically (the temp. permission bit)
* [10:05] [[User:Zha Ewry|Zha Ewry]]: So.. I'll peek at transciprts, and *may* even peek in world from the old world, but no promises
[10:02] Zha Ewry: I think.. it feels like the problem people are trying to solve with tokens OAuth style
* [10:05] [[User:Goldie Katsu|Goldie Katsu]]: probably something I should be looking for my web 2.0 stuff too.
[10:02] Vektor Linden is Online
* [10:06] [[User:Zha Ewry|Zha Ewry]]: I need to dash, because, RL i spiling up and someone keeps asking for patches which work
[10:02]  Goldie Katsu: kerberos?
* [10:06] [[User:Goldie Katsu|Goldie Katsu]]: See ya! Have fun.
[10:02] Zha Ewry: So.. I am really hoping you'll colletcively, bang out a walk through
* [10:06] [[User:Tao Takashi|Tao Takashi]]: I might be one of them but actually I need to test again ;-)
[10:02] Tao Takashi: I need to dig into the OAuth spec again
* [10:06] [[User:Tao Takashi|Tao Takashi]]: cya Zha! :)
[10:03] Zha Ewry: "Cert comes from here, gets held here, we sign with it, in this spot, we get temp tokens from it, and use the like X"
* [10:07] [[User:Zha Ewry|Zha Ewry]]: tao, try to tap me later today.
[10:03] Goldie Katsu: URL for OAuth spec?
* [10:07] [[User:Zha Ewry|Zha Ewry]]: Did you try yesterday's patch, with the nuymeric IPs?
[10:03] Tao Takashi: maybe even implement something on top of it :)
* [10:07] [[User:Tao Takashi|Tao Takashi]]: no, not yet, I was busy with a website launch
[10:03] Twa Hinkle: i still wonder about all this.. this all assumes there are untrusted domains..
* [10:07] [[User:Tao Takashi|Tao Takashi]]:  and still am a little
[10:03] Tao Takashi: oauth.net
* [10:07] [[User:Zha Ewry|Zha Ewry]]: That seemed to sort out several people's problems
[10:03] Tao Takashi: http://oauth.net
* [10:07] [[User:Tao Takashi|Tao Takashi]]: cool, I will give it a try!
[10:03] Vektor Linden is Offline
* [10:07] [[User:Tao Takashi|Tao Takashi]]: hopefully later today
[10:03]  Goldie Katsu: thank you
* [10:07] [[User:Zha Ewry|Zha Ewry]]: Todays will add some more deubgging
[10:03] Zha Ewry: We'r enot looking at doing sigbning for most messages, so we're not trying to bite off all of PKI
* [10:08] [[User:Latha Serevi|Latha Serevi]]: I think it woudln't hurt to have more than one model of the underlying identity system, and let the participants (domains/sims/users) be able to choose what list of supported methods they'll handle. L$ banking may go fully crypto-signed-only; most will be happy faster-and-looser, say, any SSL connection to someone on my friendly-hosts list is fine. Will need to beware of this flexibility creating security holes, but it seems "in the spirit" of supporting various approaches.
[10:03] Latha Serevi: So far, we have two bases to start from -- my first-principles PK auth approach, and OAuth. Are there any others I should be aware of?
* [10:10] [[User:Tao Takashi|Tao Takashi]]: Latha: to have different ways of authenticating is already thought about in the spec I think
[10:03] Zha Ewry: We can assume CAPS and TLI for the security once we've established trust
* [10:11] [[User:Tao Takashi|Tao Takashi]]: as for different ways of authorizing services to do things maybe OAuth can really help
[10:04] Zha Ewry: TLS
* [10:11] [[User:Latha Serevi|Latha Serevi]]: Which is the relevant spec, by the way?
[10:04] Locklainn Linden is Online
* [10:11] [[User:Tao Takashi|Tao Takashi]]: as you establish a temporary permission on the consumer side basically like flickr or youtube does these days
[10:04]  Tao Takashi: Goldie: I am not sure it fits but it would be great if it could be made to fit e.g. by some extension because this is where the web is heading and it would make sense to use such protocols if possible
* [10:11] [[User:Tao Takashi|Tao Takashi]]: [http://oauth.net/documentation/]
[10:04] Goldie Katsu: I'll take a look. (I'm assuming you're talking OAuth)
* [10:11] [[User:Tao Takashi|Tao Takashi]]: [http://oauth.net/core/1.0/]
[10:04] Tao Takashi: yep
* [10:13] [[User:Tao Takashi|Tao Takashi]]: it's sort of a joint venture of popular players on the web, like Google, twitter etc.
[10:05] Fleep Tuque is Online
* [10:13] [[User:Tao Takashi|Tao Takashi]]: the goal was to replace all those proprietary auth protocols Google, Yahoo and other have in place and have a common standard
[10:05]  Zha Ewry: So.. I'll peek at transciprts, and *may* even peek in world from the old world, but no promises
* [10:13] [[User:Tao Takashi|Tao Takashi]]: as nobody wanted to use their competitors standard ;_)
[10:05] Goldie Katsu: probably something I should be looking for my web 2.0 stuff too.
* [10:13] [[User:Latha Serevi|Latha Serevi]]: Thanks, I'll read over the OAuth info.
[10:06] Zha Ewry: I need to dash, because, RL i spiling up and someone keeps asking for patches which work
* [10:14] [[User:Tao Takashi|Tao Takashi]]: well, standard=solution in the last sentence
[10:06] Goldie Katsu: See ya! Have fun.
* [10:14] [[User:Tao Takashi|Tao Takashi]]: but I am also off, work is calling again
[10:06] Tao Takashi: I might be one of them but actually I need to test again ;-)
* [10:14] [[User:Tao Takashi|Tao Takashi]]: cya later!
[10:06] Tao Takashi: cya Zha! :)
* [10:14] [[User:Latha Serevi|Latha Serevi]]: Bye Tao
[10:06] WarKirby Magojiro is Online
* [10:14] [[User:Bartholomew Kleiber|Bartholomew Kleiber]]: gotta run too, later
[10:07]  Zha Ewry: tao, try to tap me later today.
* [10:15] [[User:Latha Serevi|Latha Serevi]]: I suggest adjourning now
[10:07] Zha Ewry: Did you try yesterday's patch, with the nuymeric IPs?
* [10:15] [[User:Goldie Katsu|Goldie Katsu]]: Sounds wise.
[10:07] Tao Takashi: no, not yet, I was busy with a website launch
[10:07] Tao Takashi: and still am a little
[10:07] Zha Ewry: That seemed to sort out several people's problems
[10:07] Tao Takashi: cool, I will give it a try!
[10:07] Tao Takashi: hopefully later today
[10:07] Vector Hastings is Online
[10:07]  Zha Ewry: Todays will add some more deubgging
[10:08] Latha Serevi: I think it woudln't hurt to have more than one model of the underlying identity system, and let the participants (domains/sims/users) be able to choose what list of supported methods they'll handle. L$ banking may go fully crypto-signed-only; most will be happy faster-and-looser, say, any SSL connection to someone on my friendly-hosts list is fine. Will need to beware of this flexibility creating security holes, but it seems "in the spirit" of supporting various approaches.
[10:09] John Zhaoying is Offline
[10:10]  Zha Ewry is Offline
[10:10]  Tao Takashi: Latha: to have different ways of authenticating is already thought about in the spec I think
[10:11] Tao Takashi: as for different ways of authorizing services to do things maybe OAuth can really help
[10:11] Latha Serevi: Which is the relevant spec, by the way?
[10:11] Vector Hastings is Offline
[10:11]  Tao Takashi: as you establish a temporary permission on the consumer side basically like flickr or youtube does these days
[10:11] Tao Takashi: http://oauth.net/documentation/
[10:11] Tao Takashi: http://oauth.net/core/1.0/
[10:13] Tao Takashi: it's sort of a joint venture of popular players on the web, like Google, twitter etc.
[10:13] Tao Takashi: the goal was to replace all those proprietary auth protocols Google, Yahoo and other have in place and have a common standard
[10:13] Tao Takashi: as nobody wanted to use their competitors standard ;_)
[10:13] Latha Serevi: Thanks, I'll read over the OAuth info.
[10:14] Tao Takashi: well, standard=solution in the last sentence
[10:14] Tao Takashi: but I am also off, work is calling again
[10:14] Tao Takashi: cya later!
[10:14] Latha Serevi: Bye Tao
[10:14] Bartholomew Kleiber: gotta run too, later
[10:15] JayR Cela is Online
[10:15]  Latha Serevi: I suggest adjourning now
[10:15] Goldie Katsu: Sounds wise.


[[Category: AW Groupies Transcripts]]
[[Category: AW Groupies Transcripts]]
[[Category: Grid Interoperability Chat Logs]]
[[Category: Grid Interoperability Chat Logs]]

Latest revision as of 10:47, 5 August 2008

  • [9:31] Saijanai Kuhn: hey all
  • [9:31] Pixel Gausman: hi guys
  • [9:32] Pixel Gausman: i liked this SL thing a lot more before it meant more meetings. :-)
  • [9:32] Dahlia Trimble: lol
  • [9:33] Bartholomew Kleiber: Hi all
  • [9:33] Zha Ewry: looks around for squirerls
  • [9:33] Angelo Biondi: hello
  • [9:33] Zha Ewry: Hello, everyone
  • [9:33] Dahlia Trimble: nibbles on a seed
  • [9:34] Pixel Gausman: looks squirrley and plots an attack on a birdfeeder
  • [9:34] Zha Ewry: takes a note to speak to the gardners about weeds
  • [9:36] Zha Ewry: So... I think, several of the people I see here have actually spun up patched regoins and run then, yes?
  • [9:36] Bartholomew Kleiber: yup
  • [9:36] Dahlia Trimble: yep
  • [9:36] Dahlia Trimble: flying squirrls?
  • [9:36] Zha Ewry: Not sure if I should be horrified, or happy, that it mostly seems to work
  • [9:37] Pixel Gausman: 5756 seems to be getting a warm reception in #gridnauts...once people change defaults.xml to use their dotted ip addr instead of hostname
  • [9:37] Zha Ewry: I'm currently looking at two major, and one minor issue
  • [9:37] Zha Ewry: The major, major, is the ghosting
  • [9:38] Movies1963 Beck: if we were in China now that dog that just barked might've been our lunch
  • [9:38] Zha Ewry: We're failing to clear state fully on logout,and I'm looking at that
  • [9:38] Zha Ewry: The second, less serious, but anoying, is the "banned" message we sometimes trigger
  • [9:39] Dahlia Trimble: you mean ban lines?
  • [9:39] Zha Ewry: And.. everyone should be aware that, for *some* cases, using the numeric form of your host is necessary.(That's intermitent)
  • [9:39] Zha Ewry: The "You are not permitted to this destination" but if you clear the message you TP anyway
  • [9:39] Pixel Gausman: Zha: is ghosting a core OpenSim issue that is being shown by OGP?
  • [9:40] Zha Ewry: I can't decide
  • [9:40] Pixel Gausman: me either
  • [9:40] Zha Ewry: There has been some ghosting on openSim TP
  • [9:40] Pixel Gausman: seems awefully possible
  • [9:40] Zha Ewry: We don't TP tho, we "logout"
  • [9:40] Dahlia Trimble: I havent seen that kind of ghosting in other opensim applications
  • [9:40] Pixel Gausman: might be the same bug being poked from a different angle
  • [9:41] Zha Ewry: The obvious interesting hint is that the the final logout (quit) of the sim finds the logged in agnts
  • [9:41] Pixel Gausman: anyway, might be good to collab with the OpenSim core devs on that one to see if you can poke it together
  • [9:41] Dahlia Trimble: if it could be repro'd without interop
  • [9:41] JB Kraft: fwiw, i have seen ghosting enough in opensim to think it as a real bug
  • [9:42] Pixel Gausman: JB: yeah, it's been showing up more recently in OpenSim trunk
  • [9:42] Dahlia Trimble: JB can you repro it?
  • [9:42] JB Kraft: no, thats the trouble, i cant find something to cause it
  • [9:43] Zha Ewry: What's odd, is that you see what looks like complete logout processing
  • [9:43] Pixel Gausman: i do know there has been some pondering on the ghosting by OpenSim devs recently
  • [9:43] Zha Ewry: So.. that's the patch
  • [9:44] Dahlia Trimble: there is a different kind of ghosting that is a bug
  • [9:44] Dahlia Trimble: totaly different
  • [9:44] Zha Ewry: I think so too.
  • [9:44] Pixel Gausman: "totally"? perhaps related.
  • [9:44] JB Kraft: where you appear on mutliple regions?
  • [9:44] Dahlia Trimble: it's not a logout issue
  • [9:44] Zha Ewry: This, to mee feels like "We havent' closed the scene presence properly"
  • [9:44] BlueWall Slade: the region renders child avatars
  • [9:44] Dahlia Trimble: whe you appear in the center of a neighboring sim
  • [9:45] Zha Ewry: This, isn't that, I don't think.
  • [9:45] Zha Ewry: So.. that's the patch. On other topics
  • [9:46] Zha Ewry: I'm going to do something really freaky, strarting this weekend. Called Vacation.
  • [9:46] JB Kraft: explain pls ;)
  • [9:46] Dahlia Trimble: lol
  • [9:46] Zha Ewry: I'll be largely off grid for about three weeks
  • [9:46] Bartholomew Kleiber: what a concept ...
  • [9:46] Zha Ewry: Will have the laptop in tow, but not making any promisses
  • [9:46] Twa Hinkle: what region are you going for vacation?
  • [9:46] Zha Ewry: Dr. Scofield, in SL (who you've seen on openSim dev, most likely)
  • [9:47] Pixel Gausman: gets jealous
  • [9:47] Zha Ewry: will be kindly keeping an eye on things while I'm away
  • [9:47] Dahlia Trimble: is Dr up to speed on the patch?
  • [9:47] Zha Ewry: In particular, expect to see the patch kept in sycn with trunk several times a week, and anythign heart stopping looked at
  • [9:47] Zha Ewry: I'm expecting Dr to be by the time I head out
  • [9:47] Zha Ewry: I'll also be posting my notes on the basic code
  • [9:47] Pixel Gausman: Zha: maybe some notes on the patch before you go MIA?
  • [9:48] Pixel Gausman: oh, nice
  • [9:48] Zha Ewry: Its mostly in three spots, I'll enumerate those, and we'll have them on forge
  • [9:48] Zha Ewry: I'll be in Europe, so, 9 hours off sync from SLT
  • [9:49] Zha Ewry: The most reliable way to get my attention will be to my gmail account
  • [9:49] Zha Ewry: (zha. ewry@gmail.com, it's on my profile)
  • [9:49] Zha Ewry: While I'm off hopefully recharging the mental batteries.. I have a think/write challange for people
  • [9:50] Zha Ewry: I've been blythly, asserting, we can do basic proof that Component X, is part of Region Y, and can be trusted, suing certificates, in an SSH or PKIish fashoin
  • [9:51] Zha Ewry: wherre the basic assertion is we can issue Region Domain "D" a cert "CertD" which it can use to provde to other partners, that it is Region Fomain D, and that Box "Box1" can handshake as well
  • [9:51] Tao Takashi: Hi cloudy people
  • [9:53] Zha Ewry: Soo.. what I'd love to see
  • [9:53] Zha Ewry: is a walk through
  • [9:54] Pixel Gausman: give an example of "Component X"?
  • [9:54] Zha Ewry: "Service provider Lumpy Labs, issues a Cert, with the followinf properties to Grid Hoster MurkyBusinessModelVW Hosting, MBVWH signs requests.."
  • [9:55] Tao Takashi: yeah, I would like to write down some scenario using XRDS and OAuth to connect services
  • [9:55] Tao Takashi: given that I have some time :)
  • [9:55] Zha Ewry: So..I'm goign to argue the overall design pattern is "Domains" are the basis of trust, "Agent Domain, Regoina Domain, Service Domain" for example
  • [9:55] Zha Ewry: Where you give a domain a Cert to use as the acnhor of the process
  • [9:56] Latha Serevi:  :-) murkyBusinessModel
  • [9:56] Zha Ewry: (You have a not for public consumtpion protocol between the Region Domain and the memebers, which lets them get handed temp certs to prove they are part of the Domain
  • [9:57] Zha Ewry: So.... when you want to find out if software compoennt X, (say an asset store on a regoin) is part of MBMVWH, it says "I am, and gets atag from the domain, which is can use, short term to prove it is)
  • [9:57] Tao Takashi: would like a model where there actually aren't "big" domains but more individual services which are easy to replace
  • [9:57] Tao Takashi: like where the development of the web is going
  • [9:57] Zha Ewry: That's exactly what this is Tao
  • [9:57] Zha Ewry: The trust is vested in the collection
  • [9:57] Zha Ewry: becuase you don't want to try to manage every compeonent in the picture
  • [9:58] Zha Ewry: You group them, into a domain, which says "all my memebrs are known only to me, you cana sk me about them"
  • [9:59] Pixel Gausman: ponders performance
  • [9:59] Zha Ewry: (You deperartlye don't want to have a constant update stream "Zha's Region Domain is adding Host1287" to the Domain
  • [9:59] Tao Takashi: yeah, I guess something like this is needed to keep it manageable
  • [9:59] Tao Takashi: so that in the end you can point to some trusted node which has contracts with all the other services in order to delegate this decision to it
  • [9:59] Zha Ewry: "Tao's Turtonic Hosting has rmeoved Data Portability Portal 5"
  • [10:00] Tao Takashi: I am wondering if something like this could be an extension to OAuth
  • [10:00] Latha Serevi: I always just imagine these protocols would be the domain cryptographically signing a message of a particular sort, "I authorize MBMVW, public key X, with a temporary permission to do X." It seems straightfoward that once we agree on everybody's pubkey-to-identity mapping, we can use short chains of these signed permission-slips to get various stuff done. How does that mental model fit with y'all?
  • [10:01] Tao Takashi: as you might already face the same problem on the web if you you e.g. want to read data from 10 services during the signup to one new service. you might not want to tell every single service that it's ok separately. Then on another thought this might be a different problem ;-)
  • [10:01] Zha Ewry: That's the ballpark I'm thking of
  • [10:01] Tao Takashi: because it's user centric while the domain thing is service centric
  • [10:01] Zha Ewry: There has been some fairly cogent concern tha PKI isn't fully up to it
  • [10:01] Zha Ewry: This is 90% aimed at the server side
  • [10:02] Goldie Katsu: PKI is rather messy
  • [10:02] Tao Takashi: Latha: sounds like the OAuth model basically (the temp. permission bit)
  • [10:02] Zha Ewry: I think.. it feels like the problem people are trying to solve with tokens OAuth style
  • [10:02] Goldie Katsu: kerberos?
  • [10:02] Zha Ewry: So.. I am really hoping you'll colletcively, bang out a walk through
  • [10:02] Tao Takashi: I need to dig into the OAuth spec again
  • [10:03] Zha Ewry: "Cert comes from here, gets held here, we sign with it, in this spot, we get temp tokens from it, and use the like X"
  • [10:03] Goldie Katsu: URL for OAuth spec?
  • [10:03] Tao Takashi: maybe even implement something on top of it :)
  • [10:03] Twa Hinkle: i still wonder about all this.. this all assumes there are untrusted domains..
  • [10:03] Tao Takashi: oauth.net
  • [10:03] Tao Takashi: [1]
  • [10:03] Goldie Katsu: thank you
  • [10:03] Zha Ewry: We'r enot looking at doing sigbning for most messages, so we're not trying to bite off all of PKI
  • [10:03] Latha Serevi: So far, we have two bases to start from -- my first-principles PK auth approach, and OAuth. Are there any others I should be aware of?
  • [10:03] Zha Ewry: We can assume CAPS and TLI for the security once we've established trust
  • [10:04] Zha Ewry: TLS
  • [10:04] Tao Takashi: Goldie: I am not sure it fits but it would be great if it could be made to fit e.g. by some extension because this is where the web is heading and it would make sense to use such protocols if possible
  • [10:04] Goldie Katsu: I'll take a look. (I'm assuming you're talking OAuth)
  • [10:04] Tao Takashi: yep
  • [10:05] Zha Ewry: So.. I'll peek at transciprts, and *may* even peek in world from the old world, but no promises
  • [10:05] Goldie Katsu: probably something I should be looking for my web 2.0 stuff too.
  • [10:06] Zha Ewry: I need to dash, because, RL i spiling up and someone keeps asking for patches which work
  • [10:06] Goldie Katsu: See ya! Have fun.
  • [10:06] Tao Takashi: I might be one of them but actually I need to test again ;-)
  • [10:06] Tao Takashi: cya Zha! :)
  • [10:07] Zha Ewry: tao, try to tap me later today.
  • [10:07] Zha Ewry: Did you try yesterday's patch, with the nuymeric IPs?
  • [10:07] Tao Takashi: no, not yet, I was busy with a website launch
  • [10:07] Tao Takashi: and still am a little
  • [10:07] Zha Ewry: That seemed to sort out several people's problems
  • [10:07] Tao Takashi: cool, I will give it a try!
  • [10:07] Tao Takashi: hopefully later today
  • [10:07] Zha Ewry: Todays will add some more deubgging
  • [10:08] Latha Serevi: I think it woudln't hurt to have more than one model of the underlying identity system, and let the participants (domains/sims/users) be able to choose what list of supported methods they'll handle. L$ banking may go fully crypto-signed-only; most will be happy faster-and-looser, say, any SSL connection to someone on my friendly-hosts list is fine. Will need to beware of this flexibility creating security holes, but it seems "in the spirit" of supporting various approaches.
  • [10:10] Tao Takashi: Latha: to have different ways of authenticating is already thought about in the spec I think
  • [10:11] Tao Takashi: as for different ways of authorizing services to do things maybe OAuth can really help
  • [10:11] Latha Serevi: Which is the relevant spec, by the way?
  • [10:11] Tao Takashi: as you establish a temporary permission on the consumer side basically like flickr or youtube does these days
  • [10:11] Tao Takashi: [2]
  • [10:11] Tao Takashi: [3]
  • [10:13] Tao Takashi: it's sort of a joint venture of popular players on the web, like Google, twitter etc.
  • [10:13] Tao Takashi: the goal was to replace all those proprietary auth protocols Google, Yahoo and other have in place and have a common standard
  • [10:13] Tao Takashi: as nobody wanted to use their competitors standard ;_)
  • [10:13] Latha Serevi: Thanks, I'll read over the OAuth info.
  • [10:14] Tao Takashi: well, standard=solution in the last sentence
  • [10:14] Tao Takashi: but I am also off, work is calling again
  • [10:14] Tao Takashi: cya later!
  • [10:14] Latha Serevi: Bye Tao
  • [10:14] Bartholomew Kleiber: gotta run too, later
  • [10:15] Latha Serevi: I suggest adjourning now
  • [10:15] Goldie Katsu: Sounds wise.