Difference between revisions of "AW Groupies/Chat Logs/AWGroupies-2008-12-09"
Jump to navigation
Jump to search
(New page: *[9:33] Zha Ewry: I'm giving this about five minutes, and offer up topic and some thoughts... *[9:38] Ina Centaur: nicer sitting prims *[9:39] [...) |
m |
||
Line 482: | Line 482: | ||
*[10:49] Zha Ewry sighs | *[10:49] Zha Ewry sighs | ||
*[10:49] [[User: Zha Ewry|Zha Ewry]]: and tps off for tea | *[10:49] [[User: Zha Ewry|Zha Ewry]]: and tps off for tea | ||
[[Category:Grid_Interoperability_Chat_Logs]] | |||
[[Category:AW_Groupies_Transcripts]] |
Latest revision as of 13:10, 9 December 2008
- [9:33] Zha Ewry: I'm giving this about five minutes, and offer up topic and some thoughts...
- [9:38] Ina Centaur: nicer sitting prims
- [9:39] Zha Ewry: OK, so.. two more minutes and lets get started
- [9:39] Patnad Babii: hello nice to meet you everyone
- [9:39] Ina Centaur: hi
- [9:40] Mirt Tenk: greetings Patnad
- [9:40] Goldie Katsu finishes fixing her upload - recovering from a browser crash and looks up
- [9:40] Goldie Katsu: Hello
- [9:41] Patnad Babii: uhm server crash is never fun
- [9:41] Zha Ewry: So.. I wanted to poke at three things which tangle together into the overall interop story. Not immediately as a tech story, but as a user requirements story
- [9:42] Goldie Katsu waves at Infinity
- [9:42] Infinity Linden: hola amig{o|a}s
- [9:42] Patnad Babii: hi Infinity
- [9:42] Saijanai Kuhn: Hey INifinity WB ;-)
- [9:42] Infinity Linden: thx sai
- [9:43] Zha Ewry: So, going back to Zero's orginal AWG comments, over a year ago, and looking at funny things like people using names like "botgirl Linden" on one of the open grids...
- [9:43] Goldie Katsu: Yeah welcome back.
- [9:43] Zha Ewry: There is this lurking set of questoins about
- [9:43] Zha Ewry: how we manage name, how we manage handoffs between grids, and how we think about the user's experience if they do go hopping about
- [9:44] Zha Ewry: (Something made more cognentby the hypergrid work this month)
- [9:44] Infinity Linden scribbles notes
- [9:44] Zha Ewry hopes Infinity's notes are more legible than her own
- [9:44] Infinity Linden: there is always hope
- [9:44] Zha Ewry: So.. The three related topics.. are.. just plain naming
- [9:45] Infinity Linden: and namespace management
- [9:45] Zha Ewry: and then, the balance between grid autonomy
- [9:46] Zha Ewry: and user experience
- [9:46] Infinity Linden: right.. some users will expect BotGirl Linden to be the same person on all grids
- [9:46] Zha Ewry feels an urge to queue up "its raining aves"
- [9:46] Animation Overide - Modified: Could not find animation '---sit crossed'
- [9:46] Zha Ewry nods
- [9:46] Saijanai Kuhn: Bel and others have suggested using name @ home_grid
- [9:46] Infinity Linden: some grid operators will want to freedom to own the namespace
- [9:46] Morgaine Dinova: 'Morning
- [9:47] Zha Ewry: and some grids will have strange ideas, like thier employees whould use thier rea life names
- [9:47] Rex Cronon: hello everybody
- [9:47] Goldie Katsu notes Eddy's arrival and remembers an incomplete email.
- [9:47] Eddy Stryker: zha: that's what we do :-)
- [9:47] Zha Ewry: and some will have the strange desire to allow people to have names which match thier well konwn public ave name..
- [9:47] Zha Ewry: etc.
- [9:47] Morgaine Dinova: Wow Ina, very angelic ... and bright :P
- [9:47] Infinity Linden: strange indeed says Infinity Linden
- [9:47] Eddy Stryker: you have to login the first time using LDAP, which pulls your real life name and creates an avatar account with that name
- [9:47] Ina Centaur: yep. and if someone took your RL name already on one grid, and you get on the other grid before them, it'd be nice if you could keep your name(?)
- [9:48] Eddy Stryker: but the user server is tricky enough that it supports multiple people with the same name, as long as they have different passwords... anyways, it's a tangent
- [9:48] Ina Centaur: hehe thanks! wearing june dion's latest creation and yet another ic-skins
- [9:48] Zha Ewry nods, observing that she has the RL name cybersquated on Linden's grid
- [9:48] Infinity Linden: and there's also the issue of data portability
- [9:49] Zha Ewry: and, yeah, user service, sort of gets it right, but a lot of code in the guts has this nasty habit of looking at user names for permisinos
- [9:49] Morgaine Dinova: The idea of reserving names is totally broken, don't go there.
- [9:49] Infinity Linden: what happens when your agent domain goes belly-up and has a lock on your name registration?
- [9:49] Ina Centaur: could be the new/free version of domain name squatting..
- [9:49] Ina Centaur: but, what would happen to "botgirl linden" in the case you mentioned
- [9:50] Rex Cronon: in rl there r quite a few people that share the same name
- [9:50] Infinity Linden: right... and we're used to that
- [9:50] Ina Centaur: heh "Bill Smith"
- [9:50] Saijanai Kuhn: usually not more than one per address however
- [9:50] Zha Ewry nods
- [9:50] Rex Cronon: here they could too, as long as they have a different UUID
- [9:50] Morgaine Dinova: Infi makes a good point. We're going to need not one endpoint per AD, but multiple.
- [9:50] Ina Centaur: "Nancy Doe"
- [9:50] Morgaine Dinova: Just like pri and sec nameservers per domain
- [9:50] Zha Ewry: The related bits of fun include
- [9:50] Infinity Linden: if we went the way of the DNS system and ICANN...
- [9:51] Zha Ewry: how many passwords do you need to enter/cache, etc.as you travese the grid
- [9:51] Infinity Linden: we would hope the central registry did not fail
- [9:51] Zha Ewry: and between grids
- [9:51] Infinity Linden: and just make AD's registrars
- [9:51] Ina Centaur: yep pay LL $10,000 to become your own avatar name registry o.O
- [9:51] Zha Ewry: and what happens to presence in various grids and your name and what other can see/do, as you hop between them
- [9:51] Morgaine Dinova: Everything fails, there's no hope involved
- [9:51] Ina Centaur: (and godaddy enters to offer $6.95 avatar name registrations)
- [9:51] Zha Ewry mutters, can people find out that I am "on IBM Private Grid:Zha's Private sim?"
- [9:52] Infinity Linden is having nightmares thinking about what happens if the DNS roots fail
- [9:52] Mirt Tenk: hmm
- [9:52] Ina Centaur: rhetorical question.. so why doesn't LL have its own data center?
- [9:52] Mirt Tenk: how many Gmail users w/unique names?
- [9:52] Mirt Tenk: userids for google
- [9:53] Infinity Linden: i keep wondering if Google would ever one day become an agent domain
- [9:53] Morgaine Dinova: If all the root nameservers failed, I bet we'd have replacements appearing all over long before the majority of TTL's expired ;-)
- [9:53] Ina Centaur: is it possible to not have a unique gmail handle? o.O
- [9:53] Ina Centaur: ...
- [9:53] Infinity Linden: after pulling out of lively... it might be a way to maintain google cred in the VW community
- [9:53] Infinity Linden: hola Whump
- [9:54] Mirt Tenk: point is people don't expect to use their real names online
- [9:54] Morgaine Dinova: Well Google has lots of resources, but it doesn't have any VW cred whatsoever ;-)
- [9:54] Mirt Tenk: many would refuse to
- [9:54] Whump Linden: Howdy. Sorry. Got out of the hanger late.
- [9:54] Zha Ewry imaines a closet with whumps on hangers
- [9:55] Rex Cronon: hi
- [9:55] FWord Utorid: is there a topic today?
- [9:55] Morgaine Dinova: Like a Batman suit?
- [9:55] Infinity Linden: identity, naming
- [9:55] FWord Utorid: wb infinity
- [9:55] Infinity Linden: cross grid
- [9:55] FWord Utorid: ;)
- [9:55] Infinity Linden: thx FWord
- [9:55] Whump Linden: I live not far from Hangar One. LOL.
- [9:56] Morgaine Dinova: Roswell? ;-)
- [9:56] Zha Ewry: So... the other part of this,is what happens when people traverse grids
- [9:56] Zha Ewry: Ames, and the giant blimp hanger
- [9:56] Eddy Stryker: identity is only as good as the person authorizing it. you can't be Zha Ewry, only Zha Ewry @ agni.lindenlab.com
- [9:57] Morgaine Dinova: Let's hammer out Infi's point first. It's important to have at least a pri/sec structure for ADs same as DNS has ... at a minimum.
- [9:57] Zha Ewry: I am inclinded to agree with Eddy
- [9:57] Morgaine Dinova: Agree with Eddy too
- [9:57] Zha Ewry: The downside of that is that it tends to lock people into
- [9:58] Zha Ewry: "zha. ewry@lindenlab.com"
- [9:58] Zha Ewry: as in the @lindenlab.com
- [9:58] Zha Ewry: and.. sometimes
- [9:58] Infinity Linden: but with federated identity schemes
- [9:58] Zha Ewry: They will have to deal with federate
- [9:58] Morgaine Dinova: Notice that you can have a shortcut of "Zha Ewry" everywhere ... but just not an authoritative one. That'll have to be @blah qualified
- [9:58] Infinity Linden: sometimes msh@hbmobile.org CAN BE the same as infinity@lindenlab.com
- [9:59] Zha Ewry: the only deep token,IBM ever wants as my ID is "dwl@us.ibm.com"
- [9:59] Eddy Stryker: not if you are on the lindenlab.com server, or one on of their partner grids that share a user server. but if you are on my grid, yes i want to know that you are zha.ewry@lindenlab.com
- [9:59] Infinity Linden: right.. introducing the authoratative / non-authoratative concept from DNS does make things easier
- [9:59] FWord Utorid: eddy, you went daddy warbucks with stubble on us.
- [9:59] Zha Ewry: and.. one shudders to think what name I should show on a regoin which does not have its own user hosting at all
- [9:59] Eddy Stryker: fword: every time i login i have some random avatar applied. i don't know where they come from
- [10:00] Morgaine Dinova: There are more John Smiths than atoms in the universe after all ... the idea of a non-qualified name is a non-starter.
- [10:00] Zha Ewry: always *domain.org"
- [10:00] Zha Ewry: I suppose
- [10:00] Zha Ewry: Right, and social history with with dded qualifiers
- [10:00] Zha Ewry obseves that John Smith.. is pretty much from John the Smith
- [10:00] Infinity Linden: non-qualified names are probably acceptable in worlds where ambiguity is acceptable
- [10:00] Zha Ewry: to distinuish from John the Taylor
- [10:01] Infinity Linden: but for certain tasks.. like "who owns this land" or "where do i route this message"
- [10:01] Ina Centaur: has openid been considered btw
- [10:01] Infinity Linden: ambiguity is considered harmful
- [10:01] Eddy Stryker: i'll throw out that the second life protocol doesn't restrict everyone from having the same name, but it's not useful to see 12 Zha Ewry's logged in if half of them are Zha Ewry @ pirategrid.org
- [10:01] Infinity Linden: people may notice that SL does not currently support OpenID
- [10:02] Morgaine Dinova: And even the top-level domain may not be enough. There are for example at least 10 Stuart Davies @ bt.com ;-) [friend of mine :P]
- [10:02] Eddy Stryker: ina: my user server uses openid for all of this, yes
- [10:02] Zha Ewry nods right, and at one time, first middle last, pretty much worked for the world
- [10:02] Morgaine Dinova: Infi: why don't you?
- [10:02] Ina Centaur: @infinity, it looks like any sort of verification would require more code, so why not adopt openid?
- [10:02] FWord Utorid: eddy: what exactly is this user server you've been referring to lately? is this a plugin for simian?
- [10:02] Zha Ewry: as soon as you can google globaly, that's pretty badly broken
- [10:02] Infinity Linden: @Morgaine... no comment
- [10:02] Eddy Stryker: for lack of time, only the ldap plugin is finished. but once you do an ldap login, the user server becomes an openid provider for you
- [10:03] Zha Ewry sighs
- [10:03] Infinity Linden: (but mostly because it's a long discussion that could derail the current one)
- [10:03] Ina Centaur: http://signin.world.secondlife.com/user/Ina%20Centaur (?)
- [10:03] Eddy Stryker: fword: it could be used for simian. the plan is to land it in opensim trunk though
- [10:03] Zha Ewry: Why does everyone want to be a provider, not a consumer of openId?
- [10:03] Infinity Linden: because of the dot-com dictum that "thou shalt control the eyeballs"
- [10:03] Ina Centaur: well, SL user name would be another openid passport..
- [10:03] FWord Utorid: eddy: i'll keep an eye out. glad to also see the save oar in simian ;) [now back to the show]
- [10:04] Rex Cronon: i guess as a provider u control it, while as a consumer u don't
- [10:04] Morgaine Dinova: Infi: we're talking about technical reasons. You may have business or policy reasons, but they're interesting to us in this context. I'd like to know if there are engineering issues though ... or still no comment?
- [10:04] Ina Centaur: although it would be cool to be able to log into SL with yahoo or flickr or the other more popular openid supporters
- [10:04] Eddy Stryker: zha: all of the other grid services are consumers
- [10:04] Morgaine Dinova: Infi: I missed a "not" in front of "interesting"
- [10:04] Ina Centaur: o.O
- [10:05] Ina Centaur: tension..
- [10:05] Eddy Stryker: it can't be too technical if LL already has openid working in the sandbox
- [10:05] Infinity Linden: at the end of the day... OpenID is not completely without flaws
- [10:05] Infinity Linden: but none of them are insurmountable
- [10:05] Infinity Linden: from an engineering perspective
- [10:05] Ina Centaur: lol
- [10:05] Ina Centaur: anything's possible;-P
- [10:05] Zha Ewry nods, right. but, being an issuer, implied, that rh elogin server isn't acting as a consumer, which in many cases is what you want.
- [10:05] Infinity Linden: i will award bonus points to whomever notices that OpenID could be layered on top of the OGP Auth Spec
- [10:06] Infinity Linden: well... draft 3 anyway
- [10:06] Goldie Katsu: um...but if we noticed it now wouldn't it kind of....be because you pointed it out.
- [10:06] Morgaine Dinova: The key thing about OpenID is that "support" should not be only only as a provider of identities. You have to accept those provided by other suppliers as well.
- [10:06] Ina Centaur: hmm haven't had a chance to look into ogp yet. i'm told that ogp would become dinosaur'ed by the time you can actually do anything useful with it o.O
- [10:06] Infinity Linden: oh! did i use my outside voice for that?
- [10:06] Eddy Stryker: zha: that needs to come soon, yes
- [10:06] Zha Ewry: /sprinkles bonus points around liberally, just because
- [10:06] Eddy Stryker: to finish securing hypergrid
- [10:06] FWord Utorid: there seem to now be about 10 layers of authentication and multi-grid connectivity going on the drawing board.
- [10:07] Ina Centaur: curious though, would OGP auth also allow for a universal $L balance?
- [10:07] FWord Utorid: none of them seems to adequately address the issue of having to shut down and start a new viewer with each grid shift in order to authenticate into another grid
- [10:07] Goldie Katsu knows she wants more hours in her day but is afraid that if she had them the projects might multiply leaving her just as behind.
- [10:07] FWord Utorid: it would be interesting if there was a mechanism for a login dialog when teleporting to other grids
- [10:07] Eddy Stryker: fword: hypergrid doesn't have that issue
- [10:08] Infinity Linden: Auth just transports the assertion that the end user is in possession of a shared secret
- [10:08] Ina Centaur: ah no access to account info?
- [10:08] Infinity Linden: it's up to the system behind the Auth implementation to decide whether the authenticated party has access to a linden dollar account
- [10:08] FWord Utorid: eddy: I doubt that hypergrid has a full implementation for maneuvering from one grid to another and accomodating an identity in each world.
- [10:08] Infinity Linden: so
- [10:08] Infinity Linden: it's kinda orthogonal
- [10:08] Eddy Stryker: fword: you don't need to re-login at all. you already have a sessionid that can be used in the openid authentication process, so your identity proving happens automatically
- [10:08] Infinity Linden: brb
- [10:09] Morgaine Dinova: You don't shut down a viewer to login to another, lol. That's just a temporary abberation, legacy from the non-interop world of SL.
- [10:09] Eddy Stryker: fword: it's close
- [10:09] Ina Centaur: and... the system/decision is presumably LL?
- [10:09] FWord Utorid: eddy: the issue I'm referencing is this... I go to another grid, I have a different identity on that grid, I should authenticate to that grid
- [10:09] Eddy Stryker: only if you want to use a different identity on that grid
- [10:09] Ina Centaur: @morgaine, but the viewer will likely crash as you ig tp ;-P
- [10:09] Ina Centaur: same difference. shutting off though gives less of an unexpected arrival
- [10:09] Ina Centaur: or.. unarrival..
- [10:09] Morgaine Dinova: Ina: that would be a bug
- [10:10] Goldie Katsu: If the authentication isn't carried over, and you don't have a widget that turns multiple id's into a single sign-on function.
- [10:10] Zha Ewry laughs
- [10:10] Zha Ewry: I never crash on tp. Never.
- [10:10] FWord Utorid: I realize what you are saying regarding maintaining the same session.
- [10:10] Morgaine Dinova chuckles
- [10:10] Eddy Stryker: if you start out as fword@osgrid.org and you move to the openlife grid, you can stay as fword@osgrid.org. if you want to be someoneelse@openlife.org then you need to login
- [10:10] Zha Ewry pushes her nose back into her face
- [10:10] Goldie Katsu: Does that mean y ou don't TP?
- [10:10] Ina Centaur: see, same grid TP's for heavier traffic/large build sims typically involve in crashes
- [10:10] Ina Centaur: i usually don't tp without expecting a crash
- [10:10] Goldie Katsu: lol
- [10:10] FWord Utorid: eddy: understood. it's... still not the same. there needs to be the opportunity on connect to the new grid to auth to that grid
- [10:10] Zha Ewry: But, that is all bugs not wrkig as designed
- [10:10] Infinity Linden: back... if anyone was keeping track
- [10:11] Zha Ewry: and.. that, fworkd is the tension
- [10:11] Rex Cronon: wb
- [10:11] Eddy Stryker: but the relogging is a Simple Matter of Programming in the walled garden of the client
- [10:11] Zha Ewry: the user wants the seamless experience
- [10:11] Morgaine Dinova: Infi: we're stateless :P
- [10:11] Ina Centaur: prob is the bugs are pretty random. but especially apparent in 64bit systems.. the memory leak on vista x64 is quite horrible
- [10:11] Zha Ewry: the grid wants an authentication opportunity
- [10:11] Goldie Katsu: The client would have to be designed to handle the "You are entering a region that needs you to reauth"
- [10:11] FWord Utorid: zha: agreed.
- [10:11] Zha Ewry: and *some* users want thier ave to change on the tp
- [10:11] FWord Utorid: goldie: yep
- [10:11] Goldie Katsu: And we hope it isn't paypa1.com
- [10:11] Ina Centaur: so infi was talking about orthogonal auth systems o.O
- [10:11] Goldie Katsu: Talk about a new phishing scheme.
- [10:12] Ina Centaur: lol really?
- [10:12] Ina Centaur: (in other news, paypal dev is really quite together -- well, relative to LL regapi at least.. just finally had the excuse to look into IPN recently)
- [10:12] Goldie Katsu: Sure if I'm dressed for the night club and tp to work I might want to be more appropriately dressed.
- [10:12] FWord Utorid: I am sure we will see plenty of phishing, the same way we see plenty of little sl hacks
- [10:12] Goldie Katsu: (that was with a 1 instead of l btw.)
- [10:12] Morgaine Dinova: The Meerkat viewer was designed to be user-centric rather than provider-centric, maintaining multiple simultaneous connections to different ADs.
- [10:13] Ina Centaur: @goldie, that's assuming inventory xfer is seamless across grids
- [10:13] Goldie Katsu: How do you not create an obvious phishing setup with needing to reauth to the region you TP'd to?
- [10:13] Ina Centaur: i'd assume there's content rights issue.. though it would be nice if you arrive dressed in the same glorious outfit from grid to grid
- [10:13] Goldie Katsu: True or if it wasn't I guess I'd want local clothing in the new grid with my av shape rather than being a cloud of bit essence.
- [10:13] Zha Ewry: afk 1 mine
- [10:14] Eddy Stryker: ina: inventory doesn't technically need to "transfer" anywhere, as long as the grid/simulator knows how to point the client back at it's home inventory. or, with a proper client, the client can go back to its home inventory server directly
- [10:14] FWord Utorid: i think it sort of all falls apart invisibly and nobody really notices.
- [10:14] Goldie Katsu: And the home inventory server will serve to the new grid.
- [10:14] Ina Centaur: true, but for avatar attachments and accessories, it would have to render - and get "loaded" into the local sim
- [10:15] Ina Centaur: so, in that case, content is transferred and can be abused if someone basically mod's their opensim to "log" avatar appearances
- [10:15] FWord Utorid: there will never be a seamless experience wherein all of the grids are interconnected with absolute trust between them.
- [10:15] Eddy Stryker: ina: yes, and anything you rez would literally have to be pulled across grids
- [10:15] Goldie Katsu: I think the quesiton is how can we make it as seemless as possible and where does it break - and what does "break" mean.
- [10:15] Ina Centaur: yep, that's basically a xfer imho
- [10:16] Eddy Stryker: it's up to the asset server storing the content to determine if it really wants to give up copies of its skins to pirategrid.org
- [10:16] Eddy Stryker: whitelist+blacklist support at the asset level
- [10:16] Ina Centaur: well, as i understand the opensim server would need that information to load the avatar(?)
- [10:17] FWord Utorid: you have to assume all of this is beta for the future internet wherein everything is P2P,
- [10:17] Eddy Stryker: "this bin of stuff is public, it can transfer to any grid". "this bin is premium, it can only transfer to our partners that subscribe to the auditing service"
- [10:17] Morgaine Dinova: I suggest we solve the issues for CC-licensed content first ... we can always block comms, that's trivial, but let's get unencumbered assets moving dirst.
- [10:17] Morgaine Dinova: first*
- [10:17] Zha Ewry: Back.
- [10:17] Ina Centaur: p2p is kinda scary. with SL-esque sims that aren't meant for events with more than 10 people, your IP gets easily compromised
- [10:17] Ina Centaur: (IP address IP... not intellectual property)
- [10:17] Infinity Linden: speaking of authentication across grids
- [10:18] Zha Ewry thinks her ave today shoudl be a teapot.. As she is on her 4th cup of tea so far
- [10:18] Infinity Linden: i'm curious if anyone has thought about multiple levels of authentication within the same grid?
- [10:18] FWord Utorid: the notion of premium digital content that one can keep from being copied falls apart when it goes to another service provider to proxy it
- [10:18] Infinity Linden: it's a related question
- [10:18] Ina Centaur: zha, please entertain us with a round of karaoke: "I'm a little teapot"
- [10:18] Infinity Linden kringes
- [10:18] FWord Utorid: infinity: as in per sim passwords?
- [10:18] Goldie Katsu puts on her headphones
- [10:18] Ina Centaur: k-brand!
- [10:18] Eddy Stryker: infinity: yes
- [10:18] Morgaine Dinova: Infi: nope, but I've though of fewer levels instead: just CC and local-only ;-)
- [10:18] Whump Linden: Infinity group authentication?
- [10:19] FWord Utorid: imagine trying to fly across the sim and getting a password dialog every 16m?
- [10:19] Infinity Linden: i was just thinking that in the future, some might want to have a base level auth
- [10:19] Whump Linden: Like assert_ima_linden, assert_ima_spook?
- [10:19] Infinity Linden: that lets you place yourself in a sim
- [10:19] Ina Centaur: what's a spook?
- [10:19] Infinity Linden: right whump
- [10:19] Goldie Katsu: like compartment mode?
- [10:19] Infinity Linden: another assertion like...
- [10:19] Ina Centaur: lol
- [10:19] FWord Utorid contemplates an aunt jemima avatar, and assert_ima_jemima
- [10:19] Eddy Stryker: multiple user levels in a single grid are required if you want to support the notion of local users vs. those weird guys from pirategrid.org
- [10:19] Goldie Katsu: Authenticating up to secret?
- [10:19] Eddy Stryker: and different permissions for each group
- [10:19] Goldie Katsu: sudo?
- [10:20] Infinity Linden: i put my thumbprint on a thumbprint reader and it seems to match the thumbprint my bank has
- [10:20] Ina Centaur: oh i was about to get one of those new thinkpads with the thumbprint auth
- [10:20] FWord Utorid: cloned extremities will defeat thumbprint authentication
- [10:20] Rex Cronon: someody could make a duplicte:)
- [10:20] Zha Ewry cringes, and then recalls she uses a fingerprint on the laptop every morning
- [10:20] Infinity Linden: right... sort of like sudo for VWs... plus the feature that sudo knows how long ago you authenticated yourself
- [10:20] Ina Centaur: except i saw this scary cantonese movie where they lopped off your hands when they steal your laptop x.x ... just to get past the auth
- [10:20] Rex Cronon: duplicate*
- [10:21] Infinity Linden thinks how far she's fallen... using biometrics as an example in a serious conversation
- [10:21] Morgaine Dinova: Today's discussion sure is moving around. Would be nice to examine just one, and make progress.
- [10:21] FWord Utorid: infinity: still not able to appropriately determine where the extra auth layer would be useful?
- [10:21] Infinity Linden: but without getting into too much rabbit hole exploring
- [10:21] Ina Centaur wonders if in the future hackers would be real hackers and just chop off people's hands for brute force thumbprints >.>
- [10:21] Eddy Stryker: ina: seems excessive, when there are perfectly good fingerprints all over the laptop that can be cloned :-p
- [10:21] Zha Ewry hands infinity a hanky. "there there'"
- [10:21] Infinity Linden: how is the one use case (sudo for VWs) like the other (multi-grid auth)
- [10:21] Infinity Linden: ?
- [10:21] Rex Cronon: u will have to give them the finger:)
- [10:22] FWord Utorid: brute force fingerprints? means making a projector and passing along every possible fingerprint pattern :/
- [10:22] Goldie Katsu looks for her gummi bears
- [10:22] FWord Utorid: infinity: sudo for vw property in this case seems like donning a group title
- [10:22] Zha Ewry: Its even worse, when you look at the various things we use auth for. The whole Linden scheme is very limited, compared to RL
- [10:22] Ina Centaur coughs... no, much *more* brute force. (literally chop off the thumb.)
- [10:23] FWord Utorid: then that sort of brute force would require everyone's fingers in a vault.
- [10:23] Infinity Linden: ah Ina! I see you _do_ know how to revoke a fingerprint!
- [10:23] Eddy Stryker: sudo is a good example, because it's deceptively simple. it just lets you become root temporarily. so you don't have to deal with the complexities of (partial or full) delegated authority, you just *are* root
- [10:23] Ina Centaur: although i also heard the newer thinkpads come with remote self-destruct so even if your laptop gets stolen and your hands get chopped off you can just access the web service to nuke it all x.x
- [10:23] Infinity Linden: i was thinking really about the namespace management issue
- [10:23] Morgaine Dinova: They used to chop off fingers with signet rings a lot, not so long ago.
- [10:24] Ina Centaur: (but how do you do it without hands!)
- [10:24] Infinity Linden: in cross-grid, we have a set of grids that may want to subscribe to a federated identity scheme
- [10:24] FWord Utorid: eddy: in an opensim context, what could you do with a sudo that you couldn't by being the estate owner?
- [10:24] FWord Utorid: I suppose one could make commands in chat go to the console
- [10:24] Infinity Linden: in the sudo example... we may also want to ask...
- [10:24] Eddy Stryker: fword: run untrusted code
- [10:24] Ina Centaur: (lol sorry for the digression. i really wanted to get one until the paranoia possibility occurred... well, except, as zha pointed out, the fingerprint auth isn't really useful for much other than to impress your friends >.>)
- [10:25] Infinity Linden: how do we know that the semantics of sudo on one grid are the same as on another
- [10:25] Whump Linden: Ina Centaur, you bite down on the hollow tooth with the cyanide capsule. The self-destruct is tied to your heartbeat monitor.
- [10:25] Infinity Linden: and i think that answering that question will inform the debate of namespace management for the cross grid use case
- [10:25] Zha Ewry: One also ends up interesting questions of what we permit other to see in thesee stories
- [10:25] Ina Centaur: well, so ibm's going to expand to dental implants?
- [10:25] Zha Ewry: and I agree, Infinity
- [10:25] FWord Utorid: infinity: therein comes security through obscurity. make your grid have your own security
- [10:25] Ina Centaur: lol
- [10:25] Rex Cronon: why do i suddenly feel like i am in 007 movie?
- [10:26] Goldie Katsu: wait. We aren't in a 007 movie?
- [10:26] Whump Linden: Rex, I thought you were in a Marvel Comics movie.
- [10:26] Ina Centaur: see now's the time when it would be really cool if there were a 007 windlight mode or something
- [10:26] Eddy Stryker: infinity: the semantics are not the same. what you have to do to become root@intel.com is wildly different from root@mygarage.com
- [10:26] Infinity Linden: it's secure... but like the Win2k system that had to be removed from the network to get common criteria certification
- [10:26] FWord Utorid: this is a B-Movie, not a Bond Movie.
- [10:26] Infinity Linden: it's not especially useful
- [10:26] Zha Ewry: Just for fun,contemplate, when you log into a new grid, with a new name, do people on your oldgrid get to see your new name?
- [10:26] Whump Linden forces self back on topic and task.
- [10:26] Ina Centaur: (yes i did mention i saw the chopped-stolen-hand-for-thumbprint was in an old nobudget cantonese movie)
- [10:27] Eddy Stryker: zha: they don't see you at all, you're on a different grid
- [10:27] FWord Utorid: well, the multi-grid scenario causes a pickle with the issue of getting IMs from more than one grid at a time
- [10:27] Ina Centaur: (grammarfixthatmentally)
- [10:27] Morgaine Dinova: infi: even in a federated scheme, you still have to accept connections from unknown parties. Because, if you don't, that simply means that everyone will have to have accounts that can be federated, which is (i) non-scalable, and (ii) meaningless, since when everyone has a trusted account then trust == nil.
- [10:27] Zha Ewry: Well, now, as a user, a TPd
- [10:27] Zha Ewry: In some cases, I want them to
- [10:27] Zha Ewry: in others, I don't.
- [10:27] Infinity Linden: yes Zha... but it's always fun when you enter a room with coworkers still wearing the group affiliation of the bondage club you visited the night before
- [10:27] FWord Utorid: zha: I think more than one identity in IMs results in a restructuring of the user interface for messaging, at the very least
- [10:28] Zha Ewry imagines "Forutune500CIO John is now known as "PandaBurFurry Slave"
- [10:28] Zha Ewry nods
- [10:28] Ina Centaur: yep, and we wonder how to apply this to the 15 million no-payment-info-on-file's..
- [10:28] Eddy Stryker: zha: you're asking if grid B will act as an openid provider for grid A, assuming that grid A acted as a provider for grid B? not necessarily, no
- [10:28] FWord Utorid: you now have multiple friends lists, multiple 'selves' to manage. Imagine trying to be on WoW and RP both the Lich King and a fairy.
- [10:28] Ina Centaur notes that it's Forutune
- [10:28] Zha Ewry: Actually, I'm just pondering
- [10:28] Ina Centaur: alas. that's become a tabloid too?
- [10:28] Zha Ewry: that the user makes a seamless TP
- [10:29] FWord Utorid: everything is a tabloid.
- [10:29] Zha Ewry: which, causes them to take on a new ID on a new grid (which is what thtey want)
- [10:29] Zha Ewry: but.. do they want people on thier old friend's list to see where they went?
- [10:29] Zha Ewry: Or some of them
- [10:29] Zha Ewry: or all of them?
- [10:29] Ina Centaur: zha, do you mean an intergrid map?
- [10:29] Zha Ewry: I'm dodging the mechanisms for th emoment
- [10:29] Eddy Stryker: that's making a lot of assumptions about how universal friends lists work
- [10:29] Zha Ewry: Well, just presence
- [10:29] FWord Utorid: zha: ok. new friends list, new im dialogs, new permissions to contend with
- [10:29] Whump Linden: ah, the going from the shop training sim to the union organizing sim
- [10:29] FWord Utorid: 'can see me on map' 'can see me on other grids'
- [10:29] Zha Ewry: That's very non seamless, which is why I ask
- [10:30] Infinity Linden: fwiw... the PGP/MIME community mailing lists from the 90's have a lot of good discussions about being multiple, different things to distinct user communities
- [10:30] FWord Utorid: 'knows i am someone else on grid x'
- [10:30] Eddy Stryker: ok, back to coding. thanks guys
- [10:30] Morgaine Dinova: Eddy: ADs are all peers. The idea that one authenticates the other and not vice versa is all wrong. The fact that one is bigger doesn't change that.
- [10:30] FWord Utorid: ultimately, i wonder if the 3d view doesn't start to get divided into multiple view windows as well
- [10:30] Eddy Stryker: yes morgaine
- [10:30] FWord Utorid: like, looking at the internet through bees eyes
- [10:30] FWord Utorid: tc eddy
- [10:31] Ina Centaur: yep. me too.
- [10:31] Eddy Stryker: that's not what i was getting at
- [10:31] FWord Utorid: remember, load oar for simian :P
- [10:31] Infinity Linden: Morgaine... that's right.. size does not always imply value
- [10:31] Eddy Stryker: fword: next week
- [10:31] FWord Utorid: bitchin
- [10:31] Infinity Linden: LL's AD is valueable because it is big... but if someone like "papercraft modelers in arizona with lots of disposable income".com offered an AD
- [10:32] FWord Utorid: ok. so, we need a fly-eyed viewer that will allow us to make sense of what zha was asking about
- [10:32] Infinity Linden: it woul dbe valuable in a completely different way
- [10:32] Zha Ewry chuckles
- [10:32] Infinity Linden: okay... i hate to bring this up
- [10:32] FWord Utorid: either that, or an alt-tab type thing on the bottom
- [10:32] Rex Cronon: how many graphics card would u need to handle multiple viewes?
- [10:32] Infinity Linden: is anyone familiar with MOSS?
- [10:33] Morgaine Dinova: Stirling?
- [10:33] Infinity Linden: Message Oriented something Security
- [10:33] Infinity Linden: it was "the" standard for message security on the itarwebs between the passing of PEM
- [10:33] FWord Utorid: ok. put it in a sentence and you might win the prize
- [10:33] Infinity Linden: and the rise of S/MIME
- [10:33] Infinity Linden: (modulo the popularity of PGP)
- [10:33] Zha Ewry chuckles
- [10:33] Zha Ewry: Oh, those people who want privacy. Sheesh.
- [10:34] Infinity Linden: it was a wonderfully flexible system
- [10:34] Goldie Katsu: MIME Object Security Services. RFC 1848
- [10:34] Goldie Katsu: ?
- [10:34] FWord Utorid: brb
- [10:34] Zha Ewry: Don't they know the NSA only reads their mail for thier own good, and never to compiler best of bad erotic peotry by geeks lists?
- [10:34] Infinity Linden: oh oh... hmm... totally barfed on what teh acronym meant
- [10:34] Infinity Linden: but anyway... it was quite flexible
- [10:35] Infinity Linden: to the point that you were guaranteed NOT to have interoperability
- [10:35] Infinity Linden: simpy because the design space was so large
- [10:35] Infinity Linden: i bring it up
- [10:35] Morgaine Dinova: Well we'll need end-to-encryption for comms at some point, since neither the ISP nor the VW provider are trusted parties. But we're not really looking at that yet.
- [10:35] Zha Ewry mutters "Oh, profiles are dangerous beyond words, becuase you end up with so many of them"
- [10:35] Infinity Linden: because i fear we may be headed towards an over-the-wire protocol that
- [10:35] Infinity Linden: abstracts out smeantics
- [10:35] Infinity Linden: er
- [10:35] Infinity Linden: semantics
- [10:36] Goldie Katsu: I am particularly fond at looking at previous work because it can help avoid recreating old security holes.
- [10:36] Infinity Linden: allowing everyone to say.. "oh... well... to me.. being 'root' means x,y and z"
- [10:36] Infinity Linden: while to someone else it means a,b and c
- [10:37] Infinity Linden: and this is where it gets weird... when the protocols go up the 7 layer stack and emerge into thte political financial and religious layers
- [10:37] Rex Cronon: there is a religious layer on the stack?
- [10:37] Goldie Katsu: yes the 8th (and 9th layers)
- [10:37] Morgaine Dinova: Infi: well OGP just talks REST, and REST resources are abstract representations, not the real thing (necessarily). So yeah, OGP is kinda semantic-free to some extent.
- [10:37] Zha Ewry laughs
- [10:38] Zha Ewry: Don't tell them about the secet 10th layer, infinity, you konw what happens to people who mentoine that.
- [10:38] Goldie Katsu: shhhh!
- [10:38] Zha Ewry blnks and curses.
- [10:38] FWord Utorid: they become IBM employees!
- [10:38] Infinity Linden: right.. but in OGP we are also trying to be good to spell out the expectations of Resource accesses
- [10:38] Whump Linden: The IETF comes for them in the middle of the night?
- [10:38] Zha Ewry: and..as importantly, if we're goingto suceeed, we also haveto pay attentoin to the user experience
- [10:38] Infinity Linden: like ninjas the IETF strikes
- [10:39] Zha Ewry: Since, VWs are so user centric, messing that up is doom
- [10:39] Infinity Linden: oh wait.. you mean there's a user involved?
- [10:39] Morgaine Dinova: Well one day we'll get a list of REST nouns ... then we might have some idea about the implied semantics ;-)
- [10:39] Zha Ewry nods
- [10:39] Morgaine Dinova looks sternly at Zha
- [10:39] Zha Ewry even says something about "first hour, first week, first year"
- [10:41] FWord Utorid: did the connection die, or was everyone simultaneously taking a bathroom break?
- [10:41] Infinity Linden: so.. is it worth moving back to where we started?
- [10:41] Infinity Linden: iterate again?
- [10:41] Infinity Linden: given what's been discussed?
- [10:41] Morgaine Dinova: We ran out of red herrings. Maybe it's time for the meeting to start now :-)
- [10:41] FWord Utorid: the original topic was name conflicts with this ubergrid scheme?
- [10:41] Infinity Linden: identity. it's cool. discuss
- [10:42] Goldie Katsu looks at the time and realizes she has to go.
- [10:42] FWord Utorid: ok. identity, in the context of what? the ubergrid? it's feasible that we would have multiplicity beyond comprehension in that arena
- [10:42] Rex Cronon: it doesn't really matter if u have multiple names as the keys are different for each of them
- [10:42] FWord Utorid: tc goldie
- [10:42] Rex Cronon: bye goldie
- [10:42] Goldie Katsu: I need to go off to fiddle with an open sim :)
- [10:42] Infinity Linden: cheers G
- [10:42] Zha Ewry: OK. So.. Two things I got out of this
- [10:43] FWord Utorid: a diagram of user + stuff + multiple places + ims for each place + appearances for each place
- [10:43] Zha Ewry: one, lots of issues, so I'm going to go wiki the page
- [10:43] Zha Ewry: so we have a place to actually keep track
- [10:43] Infinity Linden: yay! the way of the long tail warrior! putting it on the wiki!
- [10:43] Zha Ewry: and. 2) at a minmum, expect "foo bar@issuing domain" to be in our future
- [10:44] Zha Ewry: and then chew on the rest and maybe people can actually make few useful proposals
- [10:44] Morgaine Dinova: Infi: Well nobody disputes that FQDN-type identities are non-optional, so that issue is kind of "sorted" ... now just have to design it. :-) But we haven't addressed availability, or a pri/sec structure yet.
- [10:45] Zha Ewry: saij? Will you post a transcript of the chaos?
- [10:45] Morgaine Dinova: But maybe even @domain isn't enough. Perhaps we should use PGP keys instead.
- [10:45] Zha Ewry: I'm going to waner off to RL and pour tea into my virus infested RL body
- [10:46] FWord Utorid: drugs are the answer.
- [10:46] FWord Utorid: DIGITAL REALITY USER GROUP SYSTEM
- [10:46] Infinity Linden: cheers all
- [10:46] Infinity Linden: thx for the good conversation
- [10:46] FWord Utorid: tc
- [10:47] Morgaine Dinova: Cya Infi
- [10:47] Rex Cronon: bye everybody
- [10:47] Morgaine Dinova: Cya Rex
- [10:47] Zha Ewry: Ok all. Seesome of you at Zero's office ours. (Most likely hosted by Infinity)
- [10:47] Whump Linden: later all
- [10:47] Rex Cronon: have fun
- [10:47] Mirt Tenk: ty
- [10:47] Freemason Magic: can we create groups
- [10:48] Morgaine Dinova: Cya Zha
- [10:48] Morgaine Dinova: Cya Whump
- [10:48] Freemason Magic: within AwGroups
- [10:48] Freemason Magic: i have 7 in mind
- [10:48] Zha Ewry: Sure, if there is sufficient interest, we can certainly do that informally
- [10:48] Zha Ewry: Oh, dear lord
- [10:48] Zha Ewry: Go look at VAGs in the AWGroupy topic
- [10:49] Zha Ewry: Take a look at that, and see how well it went
- [10:49] Morgaine Dinova: VAGs never took off, sadly
- [10:49] Freemason Magic: Process-Tools-Measurements-Malware-Acquisition-Education-Business
- [10:49] Zha Ewry sighs
- [10:49] Zha Ewry: and tps off for tea