User:Latha Serevi/OGP trust proposal based on secure groups

From Second Life Wiki
< User:Latha Serevi
Revision as of 12:58, 9 September 2008 by Latha Serevi (talk | contribs) (first part of initial proposal)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Preamble

In an open grid, how can the participants know which hosts, services, and individuals to interact with, and do so safely? This can be a question of resource discovery, of defining and maintaining trust relationships, of authentication, and of communication security.

This proposal is aimed at the first two of these four subjects, resource discovery and trust relationships. Latha thinks that the last two, authentication and security, are easily understood and a bit boring, so she assumes them to be solved for the purposes of this discussion.

The kinds of trust questions being asked by the participants of the open grid include, "is this individual allowed to rezz an avatar here?", "do I accept communications from this Agent Domain?", "does avatar A have permission to move object B in region R?", et cetera. The list of such questions is long, and under discussion. This proposal puts forward a mechanism by which a wide variety of such questions can be answered by re-casting them in the form "is A a member of group G?"


Assumptions

1. Individuals, services, hosts, and other entities have a unique ENTITY ID.

2. It is possible to AUTHENTICATE and to establish low-bandwidth secure communications with any entity. This verifies identity and provides a channel to exchange session keys or capabilities securely.

With these assumptions, Latha ignores authentication and message security, and moves on.


What's a group?

Eventually, the open grid world must define something like SL groups, for two general kinds of purposes: conveying of permissions (e.g. land management groups), and group chat. The former requires a high degree of security, since these permissions can control valuable assets. The latter, group chat, may sometimes want to be be equally secure, but we must also support insecure chat, as the very simplest and most lightweight interaction between wildly different virtual worlds.

This proposal discusses the former (highly secure) groups as a very useful building block once implemented, and explores the consequences of this. The latter (insecure) groups used for (some) lightweight chat are important, but not discussed further here.


Latha's secure group proposal

WHAT IF we were able to define a secure group mechanism? Then we could build the entire OGP trust apparatus on top of it quite straightforwardly. Let's do that!