Talk:Open Grid Protocol
Choosing an Agent
Round 1 : Choosing an Agent
The credential presented by the viewer may be valid for more than one agent. If so, then the viewer must specify the agent it wishes to control. If none is specified, and there are multiple possible agents, then log in will fail, and contain a list of possible agents. The viewer can then choose and reattempt login.
That looks like a security hole, because it means that a person who gets login credentials now knows something they did not prove they knew before, namely the agent list. It should not include a list of agents, instead, an identifiable agent should be considered part of the credentials necessary for login.
Lillie Yifu 09:36, 22 August 2008 (PDT)
Round 2 : Agent Uniqueness is Checked After Account Authentication
Hey Lillie... sorry for taking so long to get back to this one...
If you look real close, you can see that the specification expects a compliant implementation to check for the multiple agent condition only after the account has been authenticated.
So... if you're a bad guy, you still have to know the account shared secret in order to get a list of agents on an account.
One "issue" with the specification is it's descriptive, not proscriptive. We don't define this as a requirement in the spec, because the spec defines stuff that flows over the wire. There are still interoperability profiles that will need to be hashed out, and defining that account authentication MUST occur before agent uniqueness is checked is one part of such an interoperability profile.
Infinity Linden 13:42, 6 October 2008(PDT)
Capability Lifetime
Since cryptologically secure means the amount of time since creation to forge, break, or steal. Shouldn't all capabilities expire? Shouldn't there be a way of indicating when a capability is set to expire, so that clients of that capability can renew the lease on it? Also having capabilities with known numbers of uses is very valuable, so that clients could hand them out, confident that if they were overly broadly disseminated, the risk is limited to so many invocations, even if that number is a larger number.
Lillie Yifu 09:43, 22 August 2008 (PDT)