Difference between revisions of "Talk:Open Grid Protocol"

From Second Life Wiki
Jump to navigation Jump to search
Line 1: Line 1:
== Choosing an Agent ==
== Choosing an Agent ==


=== Problem Statement ===
=== Round 1 : Choosing an Agent ===
  Choosing an Agent


  The credential presented by the viewer may be valid for more than one agent.
  The credential presented by the viewer may be valid for more than one agent.
Line 14: Line 13:
[[User:Lillie Yifu|Lillie Yifu]] 09:36, 22 August 2008 (PDT)
[[User:Lillie Yifu|Lillie Yifu]] 09:36, 22 August 2008 (PDT)


=== Solution Statement ===
=== Round 2 : Agent Uniqueness is Checked After Account Authentication ===


Hey Lillie... sorry for taking so long to get back to this one...
Hey Lillie... sorry for taking so long to get back to this one...

Revision as of 12:44, 6 October 2008

Choosing an Agent

Round 1 : Choosing an Agent

The credential presented by the viewer may be valid for more than one agent.
If so, then the viewer must specify the agent it  wishes to control. If none is specified, 
and there are multiple possible agents, then log in will fail, and contain a list of possible agents. 
The viewer can then choose and reattempt login. 


That looks like a security hole, because it means that a person who gets login credentials now knows something they did not prove they knew before, namely the agent list. It should not include a list of agents, instead, an identifiable agent should be considered part of the credentials necessary for login.

Lillie Yifu 09:36, 22 August 2008 (PDT)

Round 2 : Agent Uniqueness is Checked After Account Authentication

Hey Lillie... sorry for taking so long to get back to this one...

If you look real close, you can see that the specification expects a compliant implementation to check for the multiple agent condition only after the account has been authenticated.

So... if you're a bad guy, you still have to know the account shared secret in order to get a list of agents on an account.

One "issue" with the specification is it's descriptive, not proscriptive. We don't define this as a requirement in the spec, because the spec defines stuff that flows over the wire. There are still interoperability profiles that will need to be hashed out, and defining that account authentication MUST occur before agent uniqueness is checked is one part of such an interoperability profile.

Infinity Linden 13:42, 6 October 2008(PDT)

Capability Lifetime

Since cryptologically secure means the amount of time since creation to forge, break, or steal. Shouldn't all capabilities expire? Shouldn't there be a way of indicating when a capability is set to expire, so that clients of that capability can renew the lease on it? Also having capabilities with known numbers of uses is very valuable, so that clients could hand them out, confident that if they were overly broadly disseminated, the risk is limited to so many invocations, even if that number is a larger number.

Lillie Yifu 09:43, 22 August 2008 (PDT)