Difference between revisions of "User:Zero Linden/Office Hours/2008 August 14"
Jump to navigation
Jump to search
Tree Kyomoon (talk | contribs) (New page: * [8:33] Dale Innis: waves at many persons! * [8:33] Prospero Linden: Zero approacheth * [8:33] Tammy Nowotny: hello ...) |
|||
Line 339: | Line 339: | ||
* [9:28] [[User:Dale Innis|Dale Innis]]: Do we know yet who has to talk for money to work? | * [9:28] [[User:Dale Innis|Dale Innis]]: Do we know yet who has to talk for money to work? | ||
* [9:28] [[User:Tree Kyomoon|Tree Kyomoon]]: /if some one could pass me the Log, as I crashed that would be fantastic! | * [9:28] [[User:Tree Kyomoon|Tree Kyomoon]]: /if some one could pass me the Log, as I crashed that would be fantastic! | ||
* [9:28] [[User:Zero Linden|Zero Linden]]: if the object is in world then there is no asset, or you could say the asset is in the sim state - and hence in the RD | |||
* [9:28] [[User:Dale Innis|Dale Innis]]: nods. | |||
* [9:28] [[User:Zero Linden|Zero Linden]]: if the object is in object inventory in world, then ditto - it is in the RD | |||
* [9:28] [[User:Tree Kyomoon|Tree Kyomoon]]: /if some one could pass me the Log, as I crashed that would be fantastic! | |||
* [9:28] [[User:kerunix Flan|kerunix Flan]]: understood | |||
* [9:29] [[User:kerunix Flan|kerunix Flan]]: that exactly how it currently work in opensim then | |||
* [9:29] [[User:Lillie Yifu|Lillie Yifu]]: Well an asset in an RD could be both in the AD and the RD | |||
* [9:29] [[User:FWord Utorid|FWord Utorid]]: so by 'viewer level object' i would say anything that connects to a grid, multiple grids, etc. so, i have clarified, and reiterate my question, will every entity logging into the 'meatverse' need to communicate with these trust authoritays? | |||
* [9:29] [[User:Lillie Yifu|Lillie Yifu]]: The AD says "this is the license to rez this object." The RD has an instantiation of that license. | |||
* [9:29] [[User:Cadis Blackadder|Cadis Blackadder]]: wiht email to IM you already have an IM only interface | |||
* [9:30] [[User:Dale Innis|Dale Innis]]: We haven't said anything about trust authorities... | |||
* [9:30] [[User:Zero Linden|Zero Linden]]: FWord - then yes - the viewer can't actually make changes unless it authenticates with and AD, gets that AD to trust it at least somewhat - and then have that AD be willing to present that avatar, on V's behalf, to RDs | |||
* [9:30] [[User:Dale Innis|Dale Innis]]: In general the viewer probably doesn't have to make trust decisions, as Ze3ro said earlier. | |||
* [9:30] [[User:Dale Innis|Dale Innis]]: The viewer may, as Zero said, simply trust it's own "native" AD. v simple :) | |||
* [9:30] [[User:Zero Linden|Zero Linden]]: Well - the V *does* need to be sure that the AD it connects with is the one it expects | |||
* [9:30] [[User:Zero Linden|Zero Linden]]: but this is probably just SSL certs like the web is now | |||
* [9:30] [[User:kerunix Flan|kerunix Flan]]: nods | |||
* [9:31] [[User:FWord Utorid|FWord Utorid]]: dale, a trust authoritay is implied if there is a trust relationship. but zero answered my inquiry. mostly, i am interested in low footprint clients which leverage the network by walking on the surface of the grid, not the simulators. | |||
* [9:31] [[User:Zero Linden|Zero Linden]]: OKAY | |||
* [9:31] [[User:Lillie Yifu|Lillie Yifu]]: The viewer makes trust decisiosn about the AD, and communicates the trust decisions the user has made to theAD> | |||
* [9:31] [[User:Dale Innis|Dale Innis]]: Yep, vg. Viewers can be very lightweight wrt trust. | |||
* [9:31] [[User:Zero Linden|Zero Linden]]: that was a rollickin' good time! Can't wait to see this write up on the website | |||
* [9:31] [[User:Zero Linden|Zero Linden]]: er, the transcript | |||
* [9:31] [[User:Dale Innis|Dale Innis]]: ( and no, a trust relationship doesn't imply a trust authority. :) ) | |||
* [9:31] [[User:kerunix Flan|kerunix Flan]]: about trust authority, we talked about "AD super server" | |||
* [9:31] [[User:FWord Utorid|FWord Utorid]]: yes, dale will be writing all of this | |||
* [9:31] [[User:kerunix Flan|kerunix Flan]]: is it something possible ? | |||
* [9:31] [[User:Tree Kyomoon|Tree Kyomoon]]: speaking of which...if someone could pass me the transcript... | |||
* [9:31] [[User:FWord Utorid|FWord Utorid]]: dale, someone has to make decisions about trust | |||
* [9:31] [[User:Zero Linden|Zero Linden]]: I actually think this was good and will try to extract our final understanding statments | |||
* [9:31] [[User:Tammy Nowotny|Tammy Nowotny]]: TY Zero & Dale | |||
* [9:32] [[User:kerunix Flan|kerunix Flan]]: see you later :) | |||
* [9:32] [[User:FWord Utorid|FWord Utorid]]: it could be peer to peer authoritay, it could be peer to service authoritay, it could be mom is the authoritay | |||
* [9:32] [[User:Zero Linden|Zero Linden]]: Thank you all for coming | |||
* [9:32] [[User:Xugu Madison|Xugu Madison]]: Thanks everyone! | |||
* [9:32] [[User:Zero Linden|Zero Linden]]: until next week! | |||
[[Category: Grid Interoperability Chat Logs]] |
Latest revision as of 08:54, 14 August 2008
- [8:33] Dale Innis: waves at many persons!
- [8:33] Prospero Linden: Zero approacheth
- [8:33] Tammy Nowotny: hello
- [8:33] Winne Woodget: hehe
- [8:34] Zero Linden: heh
- [8:34] Zero Linden: warning: I had a very late night last night - I'm only running on one cylinder -- coffee notwithstanding
- [8:34] Rex Cronon: hello zero
- [8:34] Dale Innis: That never happens to me! :)
- [8:35] Mirt Tenk: story of my life since OGP
- [8:35] Nanjido Oh: hello is there any number ticket?
- [8:35] JayR Cela: hi Zero / hi Rex :_)
- [8:35] Zero Linden: uhm, no, no tickets here
- [8:35] Rex Cronon: hii
- [8:35] Dale Innis: Free admission!
- [8:35] Winne Woodget: hehehe
- [8:35] Nanjido Oh: ahh thanks how can i ask something then?
- [8:36] sacha Magne: a beer or a bear ?
- [8:36] Dale Innis: Just speak right up!
- [8:36] Zero Linden: well - first, let me introduce the session
- [8:36] Dale Innis: ( oh, all right :) )
- [8:36] Zero Linden: Welcome - these are my office hours where we discuss the architecture of Second Life
- [8:36] Zero Linden: we've been almost entirely focused on the Open Grid Protocol (OGP)
- [8:37] Zero Linden: the slowly evolving specificaiton for an open protocol standard for virtual worlds developed right here in very own world!
- [8:37] G2 Proto: woot!
- [8:37] Zero Linden: The transcrips are published on the wiki - so speak freely and openly and in public
- [8:37] Zero Linden: Welcome
- [8:37] Zero Linden: Agend items?
- [8:37] Zero Linden: I'm takein' agenda items here....
- [8:38] Zero Linden: Step right up..... agenda items!
- [8:38] Dale Innis: ( https://wiki.secondlife.com/wiki/AW_Groupies#Chat_Logs )
- [8:38] sacha Magne: On question about the last meeting
- [8:38] Tammy Nowotny: I don't have an agendum at the moment
- [8:38] kerunix Flan: is curently watching Cityspace by liveplace ... what a stupid scam...
- [8:38] sacha Magne: could you define "trust partnership" ?
- [8:38] G2 Proto: lol I don't have anything today so far my virtual world is trouble free relatively\
- [8:38] Xugu Madison: I'd love to know how licensing and inventory is doing...
- [8:38] Winne Woodget: seconded
- [8:39] sacha Magne: i'm not english spoken and trust could have loto f meaning
- [8:39] G2 Proto: liveplace=vaporware nuff said
- [8:39] Dale Innis: Has been some good discussion about trust models and use cases (including for inventory), and some is on the Wiki.
- [8:39] FWord Utorid: I think we should all go on vacation, that's my agenda
- [8:39] Tree Kyomoon: I would like to revisit the idea of detaching the viewer and making it embeddable in a web browser
- [8:39] Saijanai Kuhn: BTW, quick update on pyogp. Lock got the sim and ad presence workign so we now have a real do-nothign python bot for OGP
- [8:39] Winne Woodget: yes fword good idea - all payed for by linden labs
- [8:39] kerunix Flan: ok, we're going to talk about trust in the OGP, right ?
- [8:39] Xugu Madison: Can we try to address the lack of hours in the day. I propose slowing the spin of the earth...
- [8:39] Rex Cronon: i second that:)
- [8:39] Dale Innis: yay!
- [8:39] Zero Linden: Uhm, this isn't the place to discuss other virtual worlds, real or, er, uhm, virtual....
- [8:39] G2 Proto: hurumpf
- [8:39] Dale Innis: plugs https://wiki.secondlife.com/wiki/User:Infinity_Linden/OGP_Trust_Model again
- [8:39] FWord Utorid: sai, i want to find out more about the pyogp bots for sure.
- [8:40] Molly Montale: [1]
- [8:40] Prospero Linden: Xugu : let's FLATTEN the Earth! Time zones are a nightmare.
- [8:40] Saijanai Kuhn: Tree, eventually the pyogp code could be used for that
- [8:40] Zero Linden: Okay -
- [8:40] Zero Linden: 1) Definition of terms
- [8:40] G2 Proto: woot Propero hurumpf on that too
- [8:40] Xugu Madison: Prospero, there is only SLT, all other times are irrelevant, problem solved :-D
- [8:40] Tree Kyomoon: thanks sai
- [8:40] Zero Linden: 2) Status of work on other areas
- [8:40] Lillie Yifu: We already did that in China
- [8:40] kerunix Flan: we talked about trust in agent domain in the previous office hour with ... mmm.... another linden, infinity ?
- [8:40] Lillie Yifu: all of China is on one time zone.
- [8:41] G2 Proto: nice work Lillie
- [8:41] Zero Linden: wow - really?
- [8:41] Tammy Nowotny: I could waste a huge amount of time on the relationship between Cartesian gemetry and the fact that we live on a psherical planet in RL
- [8:41] FWord Utorid: sai, i am trying to develop low footprint bot schemes of my own, so i will ping you later outside of zero's time if that's ok
- [8:41] Saijanai Kuhn: are you in the #pyogp channel?
- [8:41] FWord Utorid: sai, no, i'll log one of my proxies in there later. efnet?
- [8:41] kerunix Flan: is ker2x on pyogp
- [8:42] Saijanai Kuhn: freenode
- [8:42] Zero Linden: OKay then
- [8:42] Tree Kyomoon: whats a #pyogp channel?
- [8:42] Zero Linden: 1) Definitions
- [8:42] Dale Innis: ( Is an IRC chat channel )
- [8:42] kerunix Flan: an irc channel to talk about pyogp on irc.freenode.net server
- [8:43] Zero Linden: there's one
- [8:43] Zero Linden: someone asked what "Trust Relationship" is
- [8:43] kerunix Flan: (zero an an horrible night, let him talk :p )
- [8:43] Tree Kyomoon: an insurance company slogan?
- [8:43] Zero Linden: In any protocol there are two or more entities communicating
- [8:44] Zero Linden: When we talk about "trust relationship" we are talking about how each of those entities views the interaction with the other
- [8:44] Zero Linden: it is important to realize that it is from points of view, not the system as a whole
- [8:44] Zero Linden: So - for example, when your browser goes to www.example.com
- [8:45] Zero Linden: it trusts that the information it gets represents only that domain's point of view...
- [8:45] Zero Linden: on the other hand, www.example.com trusts NOTHING about your client
- [8:45] Zero Linden: even if it is accepting input (such as search terms) from it
- [8:45] Zero Linden: Now in OGP
- [8:45] Zero Linden: we ahve three entities: The Viewer (V) the Agent Domain (AD) and the Region Domain (RD)
- [8:46] Saijanai Kuhn: (or more if Zha has her way)
- [8:46] Zero Linden: When, for example, you (V) want to place your avatar ina given region
- [8:46] Dale Innis: ( yay entities! :) )
- [8:46] Zero Linden: we need to understand the trust relationships involved.... In this case
- [8:46] FWord Utorid: hopes this will be able making http / https only apps to access sl eventually ;)
- [8:47] Zero Linden: the AD needs to decide how much information and control it is willing to give the Regiond Domain
- [8:47] Zero Linden: similarly, the RD needs to know how much it trusts the AD
- [8:47] Lillie Yifu: I think I have to add, assuming, for the sake of argument, that mythical UI where everything the V does the users actually wanted doing. And Ithink we need to reopen that question later in the trust discussion.
- [8:48] Dale Innis: Lillie: add use-case to wiki so we don't forget it!
- [8:48] FWord Utorid: *hopes this will let to being able* (coffee = whut)
- [8:48] Zero Linden: Consider a scripted attachement: The AD is going to need to decide if it trusts this RD to execute it faithfully, and respect the permisssions on it
- [8:48] Zero Linden: the RD needs to decide if it can trust the script enough to execute it and not violate it's own policies
- [8:48] Tammy Nowotny: our UI is different from that mythical UI
- [8:49] Tammy Nowotny: does it need to know what V the user is using?
- [8:49] Xugu Madison: or, failing that, if it knows where the user is so they can be beaten with sticksif the script breaks everything
- [8:50] Zero Linden: Well, there is a trust relationship that is established when the V authenticates into the AD --
- [8:50] Zero Linden: it is this way that the AD decides that this particular V connection is representative of a paraticular user
- [8:50] kerunix Flan: zero, are you considering different level of trust on an AD ? eg : i control this AD so i give full trust to it. But i don't know this other AD and give only limited trust. (from the RD point of view)
- [8:50] sacha Magne: who will define the "trust certificate" ? if it's has been replyed , justpoint me to the pahe :) thx
- [8:50] Zero Linden: (OGP leaves the auth. method somewhat open ended)
- [8:50] Lillie Yifu: (Adding footnote again, which could bedifferent depending on the account and on how the account logged into the AD)
- [8:51] Zero Linden: Kerunix - yes, trust is a finely faceted value - not just all or nothing
- [8:51] Tammy Nowotny: we will have viewers which spoof their ID, much like you have web browsers and carwlers
- [8:51] kerunix Flan: i tought about something similar to GPG. with signed/trusted AD
- [8:51] Zero Linden: The direction of the OGP docs is to allow each entity to use what ever method it wants to evaluate and extend trust as fine a grained as it wants or no
- [8:52] Dale Innis: Yes, is very hard to know for sure what viewer someone is using; so can't put too much weight on it.
- [8:52] Xugu Madison: People may find it useful to look at how certificates are managed for SSL (where there are a few certificate authorities everyone trusts), as well as GPG (which works more on a web model)
- [8:52] Zero Linden: these are administrative decisions, not protocol decsisions
- [8:52] FWord Utorid: what comes along with trust? priviledges?
- [8:52] kerunix Flan: yup
- [8:52] kerunix Flan: and identity
- [8:52] Dale Innis: If A trusts B about X, then when B makes some X-statement, A beleives it. basically :)
- [8:52] Dale Innis: That can lead to privileges.
- [8:53] Zero Linden: what was discussed earlier in the week was that if the protocol asisted in establishing identity of the entities, then the entities could really go in what ever direction they wanted
- [8:53] Saijanai Kuhn: points out again that an AD has to be the most trusted entity in the entire system
- [8:53] Dale Innis: again expresses doubts about that. :)
- [8:53] Xugu Madison: I imagine something like this happens: User I know comes along, presents a thing they've been assigned to identify them, and I can then trust that I know who they are, and give them trust based on this. On the other hand, a guest with no specific credentials I trust as little as possible
- [8:53] Dale Innis: ( see summary of the arguments on wiki )
- [8:54] kerunix Flan: saij, in fact, as far as i understood, AD has to be considered untrusted
- [8:54] Molly Montale: pretends to understand
- [8:54] Dale Innis: Xugu: that is a fine example. Mostly, though, we are talking here about trust between domains, not specific users.
- [8:54] Dale Innis: Just how much a domain has to trust an AD before it will allow various operations is a *domain decision*. We don't have to get consensus on that here.
- [8:55] Saijanai Kuhn: well, if you don't trust your AD, then how do you know you're talkign to a real sim, and how does the sim know its talking to a real avatar and not a copybot ?
- [8:55] Dale Innis: Some RDs can be Sai-paranoid, others can be laid-back.
- [8:55] Saijanai Kuhn: and even if its not a copybot, how do you know the AD isn't playing man-in-the-middle games
- [8:55] Xugu Madison: I kind of assumed domains are assigned trust based on the use who is responsible for them, if that makes sense?
- [8:55] kerunix Flan: it's not about *your* ad, i hope you can trust your own AD, but other's AD
- [8:55] Dale Innis: A domain isn't associated with a single particular user.
- [8:56] Dale Innis: A region domain is associated with a set of sims, not a particular single resident.
- [8:56] kerunix Flan: as an AD could be managed by a bad guy pretending he have privilege
- [8:56] Saijanai Kuhn: which makes every avatar a potential copybot
- [8:56] Dale Innis: Every avatar is ALREADY a potential copybot. :)
- [8:56] Zero Linden: okay -
- [8:56] Saijanai Kuhn: alright, ALL avatars using that AD are potential copybots
- [8:56] Zero Linden: so I see a misunderstanding here
- [8:56] Xugu Madison: Okay... so, maybe that's an idea. As a grid admin, for example, I could sign certificates for my servers saying I trust them, and then the AD has to decide only how much it trusts me?
- [8:56] Zero Linden: it isn't meaningful to say "X must be the most trusted"
- [8:57] Zero Linden: because trust isn't something that is global in this system
- [8:57] FWord Utorid: every avatar is potentially something much worse or better than a copybot, a human, but what does this have to do with the aforementioned trust relationships?
- [8:57] Dale Innis: ( Xugu: that's one way an AD could decide which servers to trust, sure. )
- [8:57] Lillie Yifu: The best way to think of it is that trust is Bayesian, if A trusts B about X, then A is willing to let B make changes to X, to the degree that A is willing to bear the consequences of those changes being wrong. So basically, trust is a bayesian percentage. The more interactions where B behaves the way A expects it to, the less likely it is that A will have ot roll back or block B's changes. However givena sufficiently large counter example, A will stop or roll back B's changes about X.
- [8:58] Zero Linden: That seems a very, scientfici description
- [8:58] Zero Linden: or economic
- [8:58] Zero Linden: :-)
- [8:58] Dale Innis: ( I think Sai's just saying that a malicious AD can do lots of damage, so a sensible RD will only talk to ADs that it has good reason to think are not malicious. )
- [8:59] Lillie Yifu: We never know anything Saij, we just have our best guess as to how likely it is we are to be wrong in trusting, and what the consequences are for being wrong.
- [8:59] kerunix Flan: an AD could do damage if the AD is trusted
- [8:59] Zero Linden: Dale - THAT is a most meaningful statement
- [8:59] Dale Innis: tyty :)
- [8:59] Saijanai Kuhn: Dale, thanks
- [8:59] FWord Utorid: what is damage?
- [8:59] Zero Linden: though, acutally, I don't think it is true
- [8:59] kerunix Flan: identity spoofing ?
- [8:59] Dale Innis: ( I don't either :) )
- [8:59] Saijanai Kuhn: looks disgruntled
- [9:00] Dale Innis: ( Well, I don't think it can do an order of magnitude more daamage than a malicious AV; how's that? :) )
- [9:00] Saijanai Kuhn: but it could do that same damage with every avatar automatically
- [9:00] Zero Linden: Becuase I a RD with a sufficiently fine grained trust system could easily say "sure, I'll let you in - but I don't knowy our AD from a whole in the wall, so no pushing, no temp-rez, no scripted objects and very limitied sounds effects for you"
- [9:01] Saijanai Kuhn: but, with man in the middle...
- [9:01] Dale Innis: Anywa I think this is really a red herring; how sensible it is to allow an unknown AD to connect isn't something that will alter the protocol spec.
- [9:02] Dale Innis: It will just be a chapter int he best-practices document later. :)
- [9:02] Zero Linden: And yes, a RD may have to keep statistics on ADs that beat them up alot and start blocking more
- [9:02] FWord Utorid: how do I connect my evil AD to your good AD and cause a crisis?
- [9:02] Mirt Tenk: yes, but v v important
- [9:02] Zero Linden: this is how big web sites ahve to act
- [9:02] Lillie Yifu: hmmmm I am writing a paper on this, and the term I use is that identities are collections o "claims." a "claim" is an assertion that if a given interaction were to occur, it would have the results that both aprties expet. A cliam is verified by various means, which reduce the chance that the claim won't work as stated. Each side then trusts, but also knows what the likelihood and pealties are should the claim not work. However just because a claim doesn't work does not mean it is false. theSL Grid claims I can log on, and usually, that is true. But someotimes it doesn't, even though tries to. So the best way to think of it is not "how do you know the AD isn't a bad guy." It is "hw much are you willing to risk that the AD isn't a bad guy, and what would change your estimation of the risks."
- [9:02] Lillie Yifu: Trust is risk inreverse.
- [9:02] kerunix Flan: what we're talked with infinity linden was "Which auth model ?" ... even openID lead to some problem as it wasn't made to have some kind of "distributed authentication server"
- [9:03] Tree Kyomoon: I think thats ksir actually
- [9:03] kerunix Flan: we also talked about something similar to radius
- [9:03] Tammy Nowotny: and some users on the web try to prevent the stats from being collected, not always for bad reasons
- [9:03] FWord Utorid: ok. so there should be a trust percentage, or a trust level, or a trust enumerator, or a trust calculator?
- [9:03] FWord Utorid: trust atms where you can buy and trade trust?
- [9:03] Tree Kyomoon: a trust calculator would be great for dates
- [9:03] kerunix Flan: -_-
- [9:04] Lillie Yifu: We buy and trade trust right now.
- [9:04] Zero Linden: No, FWord, none of those things -- because as Dale pointed out -- none of this will be in the protocol
- [9:04] Zero Linden: Or atleast, none of those things as far as OGP is concerend
- [9:04] Dale Innis: OGP just has to communicate enough information for entities to make trust decisions. That may just be nothing more than identity!
- [9:04] FWord Utorid: hmm... then add a bribery metric... hmm... ok, so that goes back to my question, how is this all applicable to the OGP scheme of things if code is law?
- [9:05] Lillie Yifu: LL trusts my EO, the EO trusts me, my tenants trust me. LL doesn't trust my tenants enough to rent them openspace sims, nor me for that matter, but they do turst my EO. SO people rent from me, and pay me a mark up to get access to the trust I have, which, in turn, is to get access to the trust the EO has with LL.
- [9:05] Lillie Yifu: So the tenats ahve bought trust
- [9:05] Zero Linden: And while Lille's taxonomy and construction may be a good way to look at and model trust - it will be up to each entity to decided if that is how they wish to view it
- [9:05] Xugu Madison: Trust is determined by the system admin. I imagine most will simply say"I trust A, B and C domains, and nothing else, all at teh same level"
- [9:05] FWord Utorid: ok. so the whole scheme is whether or not to believe identity in the initial OGP schema?
- [9:06] Dale Innis: I think OGP will just defer to the usual kinds of identity certificates for authentication
- [9:06] Dale Innis: two-way SSL or whatever.
- [9:06] kerunix Flan: Zero, did you found something already existing that allow : distributed authentication (ex : myID@thisAD) and different trust level ?
- [9:06] Dale Innis: Do we need more than that for some reason?
- [9:06] Juliet Undercroft: shouts: 76dffd
- [9:06] Juliet Undercroft: shouts: trtry
- [9:06] Dale Innis: feels like distributing chairs to all poor standing-up ppls.
- [9:06] Zero Linden: Well, I think we've determined, in so many discussions about this,
- [9:07] FWord Utorid: I am just curious. it seems that a very large scheme is being discussed, with a hierarchy, for protection of something unclear.
- [9:07] Zero Linden: that indeed, all the protocol needs to assis with is the establishment of identity of the entities
- [9:07] Lillie Yifu: The protocol just needs to convey the claims that have been made,and the authority which makes them. The implementation will have to decide what it accepts or rejects, and what it does in the eventof accepting false claims.
- [9:07] Dale Innis: FWord: not that unclear; see Infinity's page about the various kinds of protection and things to be protec ted.
- [9:07] Dale Innis: and fix it if it's wrong. :)
- [9:07] Zero Linden: No, LIlle - I don't think so - I don't think the claims need to be transmitted wthin the protocol at all
- [9:08] Tree Kyomoon: "identity of the entities" might be a cool band name
- [9:08] FWord Utorid: dale, i think it should be able to be disambiguated in a single sentence.
- [9:08] Zero Linden: As for identity schemes -- it is clear that we need one set for viewr to AD authentication
- [9:08] Dale Innis: Lillie / Zero : at least many of the claims could be configured in, outside the protocol.
- [9:08] Zero Linden: and probably a different fro AD to V, and AD to RD
- [9:08] Dale Innis: FWord: that would be nice. :) But it's more complex than that.
- [9:08] Dale Innis: ( Unless you have a sentence to propose... )
- [9:08] Zero Linden: these later could be TLS/SSL based, but would need client cert support
- [9:09] kerunix Flan: the problem is that an AD is reponsible of many, many sensitive stuff and that we can't trust an AD
- [9:09] Dale Innis: nods. Two-way SSL isn't all that well supported.
- [9:09] Dale Innis: on the client side.
- [9:09] FWord Utorid: "it is presently for identity verification, later it will be for ip protection, among other commodities." <= is this an accurate assessment of what the trust relationships in the ogp are for?
- [9:09] Zero Linden: Oddly enough, there is no need to establish identity bteween V and RD --- even though they talk directly
- [9:09] Xugu Madison: Personally, I think doing it all in TLS is a great idea
- [9:09] Dale Innis: Well, it's not *presently* for anything :) since it's still just being designed.
- [9:10] kerunix Flan: zero, that odd yes, how is it possible ?
- [9:10] Mirt Tenk: I could see us setting up mult ADs w/students assigned to one that WE would give lower trust settings to
- [9:10] Mirt Tenk: vs faculty/staff
- [9:10] kerunix Flan: because of caps ?
- [9:10] FWord Utorid: dale ... "the current specification seeks to define a protocol which will fulfill identity verification across secondlife and opensim servers?"
- [9:10] Zero Linden: yew, because of caps
- [9:11] Dale Innis: Again n ot really, FWord; the protocol isn't mostly about verifying identity.
- [9:11] Tammy Nowotny: and there will be lots of paranoia about what the Viewer is letting the typist see.. even now there is much agita over users ripping textures (some are even upset over the fact that avis can easily grab the URL of audio streams.)
- [9:11] Lillie Yifu: Even identity itself is a cliam. So log in is "I claim to have access to this account, and here is the set of claims I am providing to prove that." The AD looks at that clai, decides whether it can check the contents of it enogh to turst me enough to log me in at a certain level of privilege. I decide whehter the AD has lived up to it's claims of logging me in.
- [9:11] kerunix Flan: love caps :)
- [9:11] Zero Linden: see - the RD really only thinks of the AD ... the AD is the holder of the avatar
- [9:11] Zero Linden: and so the RD grants caps to the functions it is willing to let the AD do to the AD
- [9:11] Dale Innis: ( Maybe "OGP must transmit enough information that all parties involved can verify each other's identities, and decide how much trust to place in the claims made by those entities". How's that? :) )
- [9:12] FWord Utorid: ok. so there still is no obvious definition for the purpose of what we're discussing, but a lot of 'experts'.
- [9:12] Zero Linden: if the the AD trusts the V enough , then it may give some or all of the caps to the V
- [9:12] Dale Innis: FWord, I think we know what we're doing, we just haven't crafted a single sentence to describe it. Again, it's not all that simple...
- [9:12] kerunix Flan: dale, that sound like a wikipedia copy/paste. and the problem is not in "all party involved"
- [9:13] Dale Innis: I promise I didn't copy it from anywhere. :)
- [9:13] Lillie Yifu: the purpose here is to remove the question of "how do we know..." the answer is that the protocol doesn't know anything, it simply provides a mechanism to broker claims. What th parties do with the results, has to be up to them, but the protocol does ahve to then say "if this is accepted then you will see that." SO "if log inis accepted then you will get back from me this."
- [9:13] Dale Innis: agrees.
- [9:13] kerunix Flan: i mean a Viewer don't have to verify another V
- [9:14] Dale Innis: So Fword, are you happy with "OGP must transmit enough information that all parties involved can verify each other's identities, and decide how much trust to place in the claims made by those entities"? :)
- [9:14] kerunix Flan: as long as the RD said "it's ok" ... it's ok :)
- [9:14] Dale Innis: ( Although in fact not all entities need to verif each other's identities, so it needs an additional "where needed" )
- [9:15] FWord Utorid: Dale, that makes it only slightly more clear. But generally I find that beyond an initial release most projects lose cohesion or purpose regardless, because they try to 'become all things to all people'.
- [9:15] Dale Innis: What do ou suggest we do about that, FWord? :)
- [9:15] Lillie Yifu: I would say "only enouhg" information. That's the other part of turst, that *only* the claims I've authorized to be transmitted have been transmitted. So the protocol doesn't tell teh teh AD more about V than V has asked, and the V doesn't get more information about the Ad than the AD has authorized.
- [9:15] kerunix Flan: don't understand the topic today. what's we're talking about ?
- [9:15] kerunix Flan: i mean, exactly
- [9:16] Dale Innis: I think any architecture issues that anyone feels like bringing up?
- [9:16] kerunix Flan: we're just a lot of people trying to understand what "trust" mean, right now
- [9:16] FWord Utorid: Dale, I look for mission statements as a guide. But, projects run by committee, everyone has different ideas of what they are.
- [9:16] Zero Linden: Ah, but FWorld - you're forgetting that I'm the benevolent dictator that keeps OGP moving forward! :-)
- [9:16] Dale Innis: I agree, FWord. And therefore... ?
- [9:16] Xugu Madison: ...we have long meetings? :)
- [9:16] Dale Innis: yay benevolence! :)
- [9:17] Zero Linden: okay - we *were* talking about term difinitions and in particular "trust relationship"
- [9:17] FWord Utorid: Zero, what am I going to do, argue with you? ;)
- [9:17] Dale Innis: Has the discussion clarified things any for ppl?
- [9:17] Dale Innis: Or are there still questions?
- [9:17] Mirt Tenk: yes
- [9:17] kerunix Flan: i knew what it mean before i came here :D
- [9:17] kerunix Flan: now, i'm confused
- [9:17] Dale Innis: grins.
- [9:18] Xugu Madison: Similar :)
- [9:18] Tammy Nowotny: I don;t know i this is exactly a "trust" issue... but don't the RD and AD alaso want some assurance that the Viewer is represneting the agents and the regions more or less accurately?
- [9:18] Zero Linden: Well - let me summarize
- [9:18] FWord Utorid: I have my own interpretation of what things mean, and I look for the cold hard 'THIS IS WHAT IT IS FOR' to clear up my misconceptions. I don't trust people who proclaim expertise and use really long sentences and cite obscure terminology or reference movies from the 1950s as a basis of fact.
- [9:19] Zero Linden: "trust relationship" refers to the trust each entity (V, AD, RD) extends to another in the system
- [9:19] Dale Innis: Well, it's for enabling interop in a nice flexible way that lets us enforce and represent intent and so on, eh?
- [9:19] Zero Linden: It is not a global or single value for each entitiy,
- [9:19] Tammy Nowotny: and don't yo also want the agent to know that you are actually where you think you are? we don't want phsihing to be extended to the Open Grid if possible?
- [9:20] Dale Innis: ooo interesting thought, Tammy; we should write down some scenarios and threat models about that.
- [9:20] Zero Linden: Further, each entity must decided on it's own what trust it is willing to extend to another entity, and only allow that entity to perform operations consistent with that trust
- [9:20] Tammy Nowotny: I opened up a can of worms.
- [9:20] FWord Utorid: Zero, and at present it will not be implemented in the protocol, but is planned for future implementations?
- [9:20] Dale Innis: ... and OGP's job is to communicate enough information to allow those decisions to be made.
- [9:20] Tammy Nowotny: TY dale
- [9:21] Dale Innis: It'll be implemented as soon as it's spec'd and someone gets to it! :)
- [9:21] Zero Linden: The specifics of how that is done within the entity (how it decides and how it extends and blocks access) is outside the scope of OGP because it resides entirely within the entity
- [9:21] Dale Innis: nods enthus.
- [9:21] FWord Utorid: dale, make it easy to process from multiple platforms, IE XML / JSON / SIMPLEASHELL
- [9:21] kerunix Flan: zero, actually. from a V point. what do we have ? a V perfectly trust a RD, and it's own AD, right ?
- [9:21] Zero Linden: Lastly, the one thing OGP must assist with is enabling each entity to identify (to the degree it needs) any entity contacting it
- [9:21] kerunix Flan: and a V never communicate with another AD, right ?
- [9:22] Dale Innis: kerunix: good question: that would be an interesting things to make a matrix of.
- [9:22] Zero Linden: I suspect that a V trusts directly only it's own AD -- after all that is who I'm paying (directly in cash or indirectly by agreeing to view their ads, etc...)
- [9:22] Zero Linden: paying to host my avatar
- [9:22] kerunix Flan: why don't we just rez prims and draw a scheme of who trust who ?
- [9:22] Lillie Yifu: That's up to the viewer, because the viewer might have multiple ADs at the same time.
- [9:23] Winne Woodget: lol kerunix
- [9:23] Dale Innis: ( FWord: I don't have strong opinions about representation, XML JSON etc, myself; whatever works. :) . Is the symantics that's important. )
- [9:23] Zero Linden: I think for most people, I pay my AD to do the difficult work of deciding trust relationships with RDs
- [9:23] Dale Innis: nods @ Zero.
- [9:23] Lillie Yifu: Gwenneth Llwellyn registers that avatar name on ever VR she finds out about. There's no reason the OGP protocol couldn't make it so that a single viewer could have all of the ADs logged in.
- [9:23] kerunix Flan: is there any communication between 2 AD ?
- [9:24] Dale Innis: I think so, for asset-movement purposes?
- [9:24] FWord Utorid: ok. so the purpose of the definition has been supplied and is digestible through this log, albeit somewhat muddled by conversational athletics. And the implementation is TBD in process and will be damned easy to deal with. So the question comes down to where it is going and timetables.
- [9:24] Zero Linden: I see that several people said pretty much what I was saying while I was typing my short tome
- [9:24] Zero Linden: So - that tells me that we have achieved a common basis of understanding
- [9:24] Cadis Blackadder: haha
- [9:24] Dale Innis: yay! :)
- [9:24] FWord Utorid: OGP is real.
- [9:25] Dale Innis: When I TP from SL to somewhere else, and rez something from inv, I guess it's the RDs that talk?
- [9:25] FWord Utorid: it loves you.
- [9:25] Dale Innis: ( So maybe ADs don't have to talk to each other; we need to write this matrix down in the wiki somewhere.)
- [9:25] FWord Utorid: it will protect and nurture you. and it will be done in 5 days when Dale has written all the stuff.
- [9:25] kerunix Flan: zero, do that mean that 2 different AD can communicate eachother ?
- [9:25] Cadis Blackadder: wb G2
- [9:25] G2 Proto: hehe
- [9:26] G2 Proto: sorry coding and listening
- [9:26] Zero Linden: <3's "conversational athletics."
- [9:26] Dale Innis: I wish we were that close to done, FWord. :)
- [9:26] Cadis Blackadder: that's ok I stole ur chair the minute youo left
- [9:26] Cadis Blackadder: :)
- [9:26] Tree Kyomoon: anyone else just havea low level OS crash?
- [9:26] Zero Linden: Dale - no TP is an operation between AD and two RDs
- [9:26] Tree Kyomoon: anyone else just havea low level OS crash?
- [9:26] G2 Proto: lol
- [9:26] FWord Utorid: ok. So my question about the aforementioned is, will 'viewer level objects' be fundamentally affected in being able to read / write / and process interactions on this level?
- [9:26] Rex Cronon: not here
- [9:26] Zero Linden: Rezin'g inventory is a transaction ebtween an AD and RD
- [9:27] Dale Innis: Zero: even when assets are involved? I believe you I'm just now sure. :)
- [9:27] Dale Innis: ah, okay. ty :)
- [9:27] Zero Linden: we - what are "viewer level objects"
- [9:27] kerunix Flan: asset are part of the AD, right
- [9:27] Lillie Yifu: simple present example: cahrign something to your credit card. Your credit card AD and your SL AD ahve a nice chat about whther or not to let the Lillie Yifu account on SL charge something to the L***** ***** account ont he credit card
- [9:27] kerunix Flan: ?
- [9:27] Zero Linden: Dale - yes - even when assets are involved
- [9:27] FWord Utorid: zero, anything equivalent to a viewer... like a bot, a 'listener', a 'login', though not necessarily an avatar
- [9:27] Lillie Yifu: so at least one exampe of ADs tlaing to each other might be to see whether to be able to spend Herebucks over there.
- [9:28] FWord Utorid: for instance I had previously dropped in my interest of IM only clients and similar maniacal schemes that will make the world a better place without your approval
- [9:28] Zero Linden: assets need to be part of the domain where the object lies: If the object is in inventory - then the asset is in the AD that contains that inventory
- [9:28] Dale Innis: Yeah, the money protocols will be itnersting.
- [9:28] Dale Innis: Do we know yet who has to talk for money to work?
- [9:28] Tree Kyomoon: /if some one could pass me the Log, as I crashed that would be fantastic!
- [9:28] Zero Linden: if the object is in world then there is no asset, or you could say the asset is in the sim state - and hence in the RD
- [9:28] Dale Innis: nods.
- [9:28] Zero Linden: if the object is in object inventory in world, then ditto - it is in the RD
- [9:28] Tree Kyomoon: /if some one could pass me the Log, as I crashed that would be fantastic!
- [9:28] kerunix Flan: understood
- [9:29] kerunix Flan: that exactly how it currently work in opensim then
- [9:29] Lillie Yifu: Well an asset in an RD could be both in the AD and the RD
- [9:29] FWord Utorid: so by 'viewer level object' i would say anything that connects to a grid, multiple grids, etc. so, i have clarified, and reiterate my question, will every entity logging into the 'meatverse' need to communicate with these trust authoritays?
- [9:29] Lillie Yifu: The AD says "this is the license to rez this object." The RD has an instantiation of that license.
- [9:29] Cadis Blackadder: wiht email to IM you already have an IM only interface
- [9:30] Dale Innis: We haven't said anything about trust authorities...
- [9:30] Zero Linden: FWord - then yes - the viewer can't actually make changes unless it authenticates with and AD, gets that AD to trust it at least somewhat - and then have that AD be willing to present that avatar, on V's behalf, to RDs
- [9:30] Dale Innis: In general the viewer probably doesn't have to make trust decisions, as Ze3ro said earlier.
- [9:30] Dale Innis: The viewer may, as Zero said, simply trust it's own "native" AD. v simple :)
- [9:30] Zero Linden: Well - the V *does* need to be sure that the AD it connects with is the one it expects
- [9:30] Zero Linden: but this is probably just SSL certs like the web is now
- [9:30] kerunix Flan: nods
- [9:31] FWord Utorid: dale, a trust authoritay is implied if there is a trust relationship. but zero answered my inquiry. mostly, i am interested in low footprint clients which leverage the network by walking on the surface of the grid, not the simulators.
- [9:31] Zero Linden: OKAY
- [9:31] Lillie Yifu: The viewer makes trust decisiosn about the AD, and communicates the trust decisions the user has made to theAD>
- [9:31] Dale Innis: Yep, vg. Viewers can be very lightweight wrt trust.
- [9:31] Zero Linden: that was a rollickin' good time! Can't wait to see this write up on the website
- [9:31] Zero Linden: er, the transcript
- [9:31] Dale Innis: ( and no, a trust relationship doesn't imply a trust authority. :) )
- [9:31] kerunix Flan: about trust authority, we talked about "AD super server"
- [9:31] FWord Utorid: yes, dale will be writing all of this
- [9:31] kerunix Flan: is it something possible ?
- [9:31] Tree Kyomoon: speaking of which...if someone could pass me the transcript...
- [9:31] FWord Utorid: dale, someone has to make decisions about trust
- [9:31] Zero Linden: I actually think this was good and will try to extract our final understanding statments
- [9:31] Tammy Nowotny: TY Zero & Dale
- [9:32] kerunix Flan: see you later :)
- [9:32] FWord Utorid: it could be peer to peer authoritay, it could be peer to service authoritay, it could be mom is the authoritay
- [9:32] Zero Linden: Thank you all for coming
- [9:32] Xugu Madison: Thanks everyone!
- [9:32] Zero Linden: until next week!