AW Groupies/Chat Logs/AWGroupies-2008-08-12
Jump to navigation
Jump to search
- [9:31] Wolt Amat: These look more comfortable :-)
- [9:32] Rex Cronon: hello everybody
- [9:32] LaLa Xevious: accepted your inventory offer.
- [9:32] Miki Gymnast: good afternoon
- [9:32] Ehdward Spengler: ciao
- [9:32] Dale Innis: Hi hi! Hope I'm not sitting on anyone. :)
- [9:32] Tammy Nowotny: hey Dale
- [9:32] Tammy Nowotny: hey everyone
- [9:32] Siddhartha Fonda: hi dale
- [9:32] Rex Cronon: hi
- [9:33] Dale Innis: Tammys!
- [9:33] LaLa Xevious: hello everyone
- [9:33] Rex Cronon: hi
- [9:34] Dale Innis: Is Infinity eirself coming, do we know?
- [9:34] Wolt Amat: Goldie, thanks for your help last week.
- [9:35] Miki Gymnast: sorry kb3 havent seen you
- [9:35] Goldie Katsu: Glad to be able to help
- [9:35] KB3NZQ Haystack: np
- [9:35] Tao Takashi: Hi
- [9:35] Dale Innis: Wolt! Small world. :)
- [9:36] Rex Cronon: hi
- [9:36] Wolt Amat: Hi Dale.
- [9:36] Dale Innis: :)
- [9:37] Saijanai Kuhn: silence?
- [9:38] Dale Innis: Okay, so!
- [9:38] Dale Innis: :)
- [9:38] Dale Innis: Has everone read the current page? Is it perfect?
- [9:38] Tammy Nowotny: pluperfect!
- [9:38] Ehdward Spengler: perfectly incomplete
- [9:38] Goldie Katsu: I just finished it - it captures the areas we've discussed but obviously needs some filling in.
- [9:38] Goldie Katsu: I am pleased that the layers are spelled out
- [9:38] Saijanai Kuhn: more than a little, but it is a solid start, I think
- [9:39] Tammy Nowotny: is the opage in question: [1]
- [9:39] Wolt Amat: I'd add "Privacy Integrity" to the top User section.
- [9:39] Goldie Katsu: ah good
- [9:39] Dale Innis: Will be a good basis for deciding what needs to travel in the OGP messages for asset transfer, too.
- [9:39] Goldie Katsu: Ok I have an odd question
- [9:39] Saijanai Kuhn: you're familiar with IMrpovedInstantMessages, right Dale?
- [9:39] Goldie Katsu: Do we have anyone who could take notes during the meeting? Beyond just the transcript cature?
- [9:40] Wolt Amat: I can't, sorry, I am multitasking here :-(
- [9:40] KB3NZQ Haystack: same here
- [9:40] Dale Innis: Aren't we all. :)
- [9:40] Saijanai Kuhn: I'm barely able to keep up with transcript posting, sorry
- [9:41] Goldie Katsu: ok, we'll work it out later.
- [9:41] Wolt Amat: I'm going to try to capture bullet points, but I can't be trusted to stay on til the finish :-)
- [9:41] Goldie Katsu: :)
- [9:41] Dale Innis: Anyone with the time can post their own summary attached tot he transcripts
- [9:41] Tao Takashi: I also would like something like "the user is in control of his data" in this list (and thus decides which data is passed to which entity)
- [9:42] Goldie Katsu: Yeah post processing is always possible, just an at the time digest might be useful, but if it isn't possible oh well.
- [9:42] Tao Takashi: I need to say that as group of the steering group of the DataPortability project ;-)
- [9:42] Dale Innis: Stick it in! :) It's a Wiki.
- [9:42] Goldie Katsu: what do you mean by his data?
- [9:42] Tao Takashi: as member of the steering
- [9:42] Tao Takashi: ...
- [9:42] Tao Takashi: where does my profile go, who can see it? who can see my friends list? etc.
- [9:43] Dale Innis: You mean which other domains?
- [9:43] Tao Takashi: that's all on a higher level though, not network
- [9:43] Tao Takashi: users or domains
- [9:43] Goldie Katsu: so data about himself and relationships?
- [9:43] Dale Innis: The OGP can't control which users in some remote grid get to see what information that that grid knows.
- [9:43] Goldie Katsu: (beyond the authentication stuff that would need)
- [9:43] Dale Innis: But yeah, it could be another intent mark. :)
- [9:43] Wolt Amat: Tao, I just added Privacy Integreity.
- [9:43] Dale Innis: One that SL itself doesn't support.
- [9:43] Tao Takashi: well, all data the user put in I would say
- [9:43] Tao Takashi: Wolt: cool
- [9:44] Goldie Katsu: Ok cool.
- [9:44] Wolt Amat: With only one typo :-)
- [9:44] Tao Takashi: Dale: well, of course it depends who plays good in this game
- [9:44] Goldie Katsu: Yeah I think to some extent we need to define what markers we would want but realize that not all domains will implement them and the user will have to chose
- [9:45] Tao Takashi: but we have the same problem on social networks.. and one can put some "good citizen" sign on those services who do follow such guidelines
- [9:45] Tao Takashi: like right now either mostly everything is open or not (e.g. facebook)
- [9:45] Tao Takashi: and you cannot really change it
- [9:45] Dale Innis: There'll be lots of interesting issues; if I've said that Badguy Innis shouldn't be able to see my profile and I try to TP to a grid that doesn't support profiel access control, does the TP fail, or what?
- [9:45] Wolt Amat: I'm going to add something else in there from my work on User Profile Management.
- [9:45] Tao Takashi: Dale: Maybe I can first get some information about the grid
- [9:45] Tao Takashi: and maybe I wouldn't give this grid information in the first place
- [9:46] Siddhartha Fonda: maybe prior to TP, the viewer presents an accept/deny prompt?
- [9:46] Siddhartha Fonda: kinda like how unverified ssl certs work?
- [9:46] Tao Takashi: maybe for region domains you haven't entered yet
- [9:46] Dale Innis: And I could choose to not let that grid have my profile at all for anyone? Sounds potentially v commplicated. :)
- [9:46] Goldie Katsu: I do wonder how the user will be presented with all of the info - but I would expect an implementation to either have an accept/denyy prompt or there could be preferences that define where a person will go based on preferences.
- [9:46] Tao Takashi: that's all client work though.. I mainly want to have some awareness of this when thinking about the protocol
- [9:47] Goldie Katsu: Like parental controls that might limit kid TPs
- [9:47] Dale Innis: Good point.
- [9:47] Tao Takashi: yep
- [9:47] Wolt Amat: Goldie, I just added a 5th element on responsibility.
- [9:47] Dale Innis: Need a rather open-ended way for a grid to declare what it does and doesn't support.
- [9:47] Tao Takashi: I think we don't need to worry about how to implement it at that point but maybe give the possibility for two domains to negotiate what sort of information can be given out
- [9:48] Dale Innis: agreed
- [9:48] Goldie Katsu: I think that is an important piece. That there needs to be a way for the information to be communicated and that it be extensible.
- [9:48] Tao Takashi: and maybe the region domain you want to go to needs to pull that information from the AD
- [9:48] Wolt Amat: I am going to throw some links in here that people might find interesting as background thinking on this that has occurred elsewhere.
- [9:48] Tao Takashi: so with OAuth you might first need to say "yes that's ok" and the region domain gets a token with which it can access this information
- [9:48] Goldie Katsu: And a recognition that the trust parameters may fall in a few places.
- [9:49] Tao Takashi: so without the token it might only get basic information anyway
- [9:49] Goldie Katsu: Throw them in the chat too.
- [9:49] Tao Takashi: compared to social networks it might be like joining a new social network which wants to read all your data from existing services. This will be solved with OAuth in the future, too.
- [9:49] Dale Innis: Lots of questions about the granulatiry with which to protect my information.
- [9:50] Tao Takashi: But as I haven't though about this a bit more maybe this does not fit here
- [9:50] Tao Takashi: so I will start with usecases someday :)
- [9:50] Dale Innis: No, I think it's a great topic! We should be sure to write it down for thinking about.
- [9:51] Tao Takashi: because compared to SNs you don't login to the region domain in this case.. in SNs you usually log in to the service which has the information, there you say "ok", this service sends a token to the consumer service
- [9:51] Goldie Katsu: the data share style of social networks today (where you give everyone all of your logins and passwords) really is a problem. But that is a separate issue.
- [9:51] Tao Takashi: and with that token (which can be revoked at any time) you can then access this information by signing messages with it
- [9:51] Tao Takashi: Goldie: This is what OAuth tries to solve
- [9:51] Tao Takashi: just give out a vanity key
- [9:52] Goldie Katsu: Good I still haven't had a chance to read it but it is high on my list.
- [9:52] Tao Takashi: but as said, not sure if it can be applied here as you don't login to a region domain
- [9:52] Dale Innis: So OAuth is the mechanism; we still need to figure out what chunks to divide the world into for authorizatino purposes etc.
- [9:52] Dale Innis: Eventually. :)
- [9:52] Tao Takashi: but actually you login to the AD..
- [9:52] Tao Takashi: and you are already logged in to the AD
- [9:52] Goldie Katsu: You are logged into _a_ AD
- [9:52] Tao Takashi: Dale: That's I think is where use cases are handy ;-)
- [9:52] Goldie Katsu: (or _an_ AD)
- [9:52] Tao Takashi: yes, into the AD which might give information to an RD
- [9:52] Dale Innis: yeps
- [9:53] Tao Takashi: you might need to define this then for every AD you have an agent on
- [9:53] Tao Takashi: or this information might be shared as well if you say so
- [9:53] Dale Innis: As long as we have sensible defaults. Since 99% of ppl will use them. :)
- [9:53] Goldie Katsu: Oh....that sounds like the re-entering data and settings on each social network.
- [9:53] Tao Takashi: but then again maybe no OAuth is needed because the RD does not need to login to the AD anyway because it gets all information via push
- [9:54] Tao Takashi: so you can directly define in the AD which informatin you push
- [9:54] Tao Takashi: Goldie: My hope is that we can solve the reentering problem here as well
- [9:54] Tao Takashi: how likely is it to use different agent domains?
- [9:54] Goldie Katsu: yeah the question comes when you go to a RD that doesn't trust your AD
- [9:54] Tao Takashi: except maybe when you really want to be somebody else?
- [9:55] Tao Takashi: Goldie: I guess an example would be impersonating other people
- [9:55] Dale Innis: Then log out and in again as someebody else. :)
- [9:55] Goldie Katsu: people will always be able to create multiple unlinked online identities.
- [9:55] Goldie Katsu: I think that that case we don't need to worry about.
- [9:55] Dale Innis: I certailnly hope so! :)
- [9:56] Tao Takashi: we maybe should think about linking separately.. This might really be solved by OAuth
- [9:56] Wolt Amat: Guidelines on the provision of ICT services to young children - [2]
- [9:56] Tao Takashi: because it's nothing else than social networks then
- [9:56] Goldie Katsu: The case of multiple linked identities may be useful
- [9:56] Tao Takashi: if I change my email here I might want to change it everywhere
- [9:56] Tammy Nowotny: right now, Linden Lab knows (usually) who your alts are... but other users don't
- [9:56] Tao Takashi: this is basically what DataPortability and other groups aim to solve
- [9:56] Wolt Amat: Guidelines for real-time person-to-person communication services - [3]
- [9:57] Tao Takashi: the question is if this is possible without some central server or not.. at least it would be easier with a central hub
- [9:57] Goldie Katsu: And that (what Tammy said) is what I think of as multiple linked identities.
- [9:57] Tammy Nowotny: including landowners... but with OS, you may have to share some info
- [9:57] Goldie Katsu: The protocol already touches on the multiple-linked identities
- [9:57] Tao Takashi: you should be able to decide though what is shared with whom
- [9:57] Wolt Amat: User experience guidelines; Telecare services (eHealth) - [4]
- [9:57] Tao Takashi: like if this link between agent should be visible or not
- [9:57] Goldie Katsu: You log into the agent account and chose which avatar to instantiate (whatever the right word is.)
- [9:58] Tao Takashi: use? ;-)
- [9:58] Dale Innis: Maybe you could put those links ont he Wiki also, Wolt?
- [9:58] Tao Takashi: maybe actually which agent to use
- [9:58] Tao Takashi: you might have an account called "mrtopf" but many agents stored under it
- [9:58] Wolt Amat: Would that be a better place than chat?
- [9:58] Goldie Katsu: log into account chose which agent - that's right.
- [9:58] Dale Innis: I suggest both chat and Wiki :)
- [9:58] Wolt Amat: k
- [9:58] Dale Innis: Yep, just like WoW! Log in, then choose a toon. :)
- [9:58] Goldie Katsu: Sorry I think I should drink my coffee that is sitting here staring at me.
- [9:59] Goldie Katsu: zackly
- [9:59] Tao Takashi: heh :)
- [9:59] Wolt Amat: Multicultural and language aspects of multimedia communications - [5]
- [9:59] Goldie Katsu: only much better skin and clothing
- [9:59] Dale Innis: coffee is important
- [9:59] Tao Takashi: so how to solve the problem of an RD not trusting the AD might be the question
- [9:59] Goldie Katsu: eep the cup was full I really forgot to drink it. (Yay thermal cups)
- [9:59] Tammy Nowotny: "contains caffeine, an essential nutrient"
- [10:00] Saijanai Kuhn: I had a nice discussion with ARgent Stonecuutter on SLDEV last night on that topic
- [10:00] Dale Innis: Can we assume that RDs will only talk to ADs that they trust strongly?
- [10:00] Wolt Amat: User Profile Management - [6] -
- [10:00] Saijanai Kuhn: AD trust...
- [10:00] Goldie Katsu: I think that would be a bad assumption
- [10:00] Dale Innis: nods.
- [10:00] Goldie Katsu: To borrow a use case from Snowcrash
- [10:00] Wolt Amat: FYI, I was author or contributor to some of these, so if anyone has any questions about them...
- [10:00] Saijanai Kuhn: how could it be otherwise? A malicious AD is the ultimate man-in-the-middle attack
- [10:00] Goldie Katsu: Public vw booths - "black and whites" log in.
- [10:00] Tao Takashi: how do we get viruses in here? ;-)
- [10:01] Goldie Katsu: The black and white agent domain probably isn't highly trusted.
- [10:01] Tao Takashi: I think if it doesn't trust maybe the avatar could be marked as such indeed
- [10:01] Dale Innis: (Viruses are easy except for that darn grey goo fence)
- [10:01] Tao Takashi: Dale: which opensim might not have yet ;-)
- [10:01] Goldie Katsu: but there are some RD that will let them log on.
- [10:01] Dale Innis: mwah ha ha ha
- [10:02] Saijanai Kuhn: well, no need for visurses. An agent from PriatesBayAD.com is really just a copybot funneling all assets straight to their asset server
- [10:02] Dale Innis: Then those agents would have to be untrusted in some strong sense too.
- [10:02] Tao Takashi: so the RD needs to know about the AD and needs to find out if it's a trusted one
- [10:02] Tao Takashi: the question is, what does "trusted one" mean and how is trust defined? by some contract? TOS?
- [10:02] Tao Takashi: by me saying "sure, trust it" ?
- [10:02] Dale Innis: Trust should generally be tied to a contract.
- [10:02] Tao Takashi: I like that
- [10:03] Tao Takashi: but it would be stressy to answer all those requests
- [10:03] Saijanai Kuhn: on your own region, you can say that, but for commercial regions, you'd need formal agreements with teeth
- [10:03] Goldie Katsu: "Trust it" is going to be an implementation thing.
- [10:03] Tao Takashi: and at least it should be made sure that the AD URL is really the AD URL
- [10:03] Goldie Katsu: How to identify it (piratesbayad) is something that can be defined.
- [10:03] Tao Takashi: this is maybe where SSL connections come into play
- [10:03] Goldie Katsu: It could be a contract, it could be a Real Time White list
- [10:04] Tao Takashi: ok, it depends on the RD how secure it wants to be
- [10:04] Goldie Katsu: the RD defines how it knows who it trusts, but the protocol can define how it knows it is the person on its list.
- [10:04] Tao Takashi: and when it's sure the AD URL is not faked it can compare it to some list and enable/disable certain features
- [10:04] Tao Takashi: like rezzing stuff
- [10:04] Dale Innis: Yeah, authentication is mostly a solved problem. Now we need to think about authorization. :)
- [10:04] Wolt Amat: Guidelines for real-time person-to-person communication services; Future requirements - [7]
- [10:05] Tao Takashi: let later generations worry about this ;-)
- [10:05] Tao Takashi: social networks also did not worry about it ;-)
- [10:05] Wolt Amat: Telecare services; Issues and recommendations for user aspects - [8]
- [10:05] Dale Innis: So I dunno; are there really use-cases for an RD getting contacted by an AD that it doesn't trust, but the RD still (say) allows an agent to rezz in and do things?
- [10:06] Tao Takashi: I think so
- [10:06] Dale Innis: Can you give an example? I'm sure I'm just being unimaginative. :)
- [10:06] Tao Takashi: I also think it's ok as long as other people see that it's an untrusted, stigmatized agent
- [10:06] Goldie Katsu: Sandbox RD?
- [10:06] Goldie Katsu: "Free trade zone" RD
- [10:06] Wolt Amat: The negotiation will have to be tiered, and each provider will have his own set of checkboxes to determine trust from available data.
- [10:07] Dale Innis: I dunno; I wouldn't be all that happy to have someone running around in SL who wasn't me, but still had "Dale Innis" over his head, even if it said "(maybe)" afterward...
- [10:07] Tao Takashi: PirateBay RD ;-)
- [10:07] Tao Takashi: that's free trade zone, right? ;-)
- [10:07] Goldie Katsu: How do we handle countries that don't allow crypto?
- [10:07] Tao Takashi: I think we will have residents with the same name anyway
- [10:07] Dale Innis: Are there still really countries that don't *allow* crypto?
- [10:08] Tao Takashi: but it needs to be somethnig like name@AD maybe
- [10:08] Goldie Katsu: China unless you have dispensation from the government.
- [10:08] Tao Takashi: and as long as AD is being able to be identified there shouldn't be a problem
- [10:08] Dale Innis: I know some places you have to register with the gov't.... yeah :)
- [10:08] Tao Takashi: then it's Dale Innis@untrusted
- [10:08] Dale Innis: Okay, that's fair.
- [10:08] Goldie Katsu: And it is a cost.
- [10:08] Wolt Amat: Universal Communications Identifier (UCI); Improving communications for disabled, young and elderly people - [9]
- [10:08] Ehdward Spengler: you all need to realize that as opensim is open source, it will have alot of eyes on it. security problems will be found and outed very quickly
- [10:09] Tao Takashi: oh, and people might disable trust systems in open source sw anyway if they think it's better without for whatever reason
- [10:09] Dale Innis: That's fine, Ehd. :)
- [10:09] Tao Takashi: so there definitely will be RDs which don't care
- [10:09] Goldie Katsu: Yes, but even with open source security problems can lie undetected for a long time
- [10:09] Ehdward Spengler: this worry about evil domains sucking up assets like a vacuum cleaner arent going to be as big a problem as you might like to think
- [10:09] Tao Takashi: maybe also because they think they can implement that later ;_)
- [10:09] Tao Takashi: indeed, Ehdward and I also think it's easier to copy with a client anyway
- [10:09] Dale Innis: The worry about evil domains stealing assets isn't about security bugs, it's about making sure we don't design the ability into the protocol!
- [10:09] Goldie Katsu: The protocol just needs to provide a way to communicate - but "ILieRD" could say "I support these trust models" and really not do it
- [10:10] Dale Innis: Right, Goldie.
- [10:10] Tao Takashi: setting up a region and getting people to come seems a lot of work compared to just going where the good stuff is
- [10:10] Ehdward Spengler: toa, yes but you will know which ones, it wont be a big mystery
- [10:10] Goldie Katsu: So there is a do you trust ILieRD to tell you the truth.
- [10:10] Saijanai Kuhn: that's where certification and so on comes in
- [10:10] Tao Takashi: but doesn't that just depend on your policy?
- [10:10] Dale Innis: Yep, so that'll work out.
- [10:10] Goldie Katsu: Each AD/RD has to set its policy - does it trust until proven otherwise, is it contractual, is it web of trust etc.
- [10:10] Goldie Katsu: yeah it is policy
- [10:10] Dale Innis: Yep.
- [10:11] Dale Innis: With good defaults in the as-shipped code. :)
- [10:11] Ehdward Spengler: and yes, someone that knows just a wee bit of mono can use copybot to grab whatever they want
- [10:11] Tao Takashi: so what is left then is that you need to be sure that the AD or RD is who it claims to be and the URL is not forged or something like that
- [10:11] Ehdward Spengler: and thats all client side
- [10:11] Saijanai Kuhn: so you have the "trust" for really getting the real identity of a domain, and the "trust" for really knowing what they say they'll do is what they will do barring accidents and crazy pople running the domain
- [10:11] Tao Takashi: but of course this does not solve things like "I allow my object only to go into trusted RDs"
- [10:12] Dale Innis: Yes; many notions of trust!
- [10:12] Tao Takashi: well, maybe it does if the RDs e.g. directly connected to LL are supposed to be trusted
- [10:12] Goldie Katsu: yeah that is why there are multiple layers (which Infinity spells out (at least to some extent - we might review that at some point.)
- [10:12] Dale Innis: Maybe we should stop using the work. :)
- [10:12] Saijanai Kuhn: well, it allows that to become a plausible thing to say in the first place
- [10:12] Tao Takashi: and respect that setting
- [10:12] Dale Innis: (the word)
- [10:12] Goldie Katsu: Trust layers is how we provide the different functions.
- [10:13] Goldie Katsu: And I think the use cases will help us identify if we have more layers needed or not
- [10:13] Tao Takashi: so what I wanted to do is basically think about how objects might travel from hand to hand and where control is needed
- [10:13] Dale Innis: So you have to trust that you have the right public key for the other party, trust (or not) that the other party is correctly announcing their capabilities and policies...
- [10:13] Tao Takashi: because I am very unclear onwhat is needed for objects moving around
- [10:13] Dale Innis: Tao: do you want to think about that within a single sim, or only in interop cases?
- [10:13] Tao Takashi: e.g. what happens if an object is rezzed on region X and then LL cancels the contract? (but that's not a technology question)
- [10:14] Tao Takashi: mostly in interop cases
- [10:14] Dale Innis: If it's only in interop, then it's basically what happens to inventory when you TP out and then rezz things.
- [10:14] Saijanai Kuhn: well, it is to the extent that you have to build something into the protocols to handle that
- [10:14] Goldie Katsu: I think you can't retroactively implement policies.
- [10:14] Dale Innis: Since there's no cross-sim llRezObject(). :)
- [10:14] Tao Takashi: like what happens if I sell object X to user A on AD somewhere else?
- [10:14] Ehdward Spengler: i think it would be better to keep a blacklist maybe of "bad" domains
- [10:14] Ehdward Spengler: instead of some complex certification scheme
- [10:14] Tao Takashi: no you only can attach metadata to an object and hope the RD or AD respects it
- [10:15] Goldie Katsu: I think the implementation of bad/good lists is going to be implementation specific.
- [10:15] Saijanai Kuhn: all domains are bad unless provent otherwise
- [10:15] Dale Innis: Yeah, a given domain can decide whether to use whitelist / blacklist / whatever.
- [10:15] Tao Takashi: I also think we shouldn't specify too much and demand too much in the protocol
- [10:15] Tao Takashi: because otherwise it's dead ;-)
- [10:15] Wolt Amat: I think the current owner still owns the object and it should be returned to him if the inter-domain trust is closed.
- [10:15] Ehdward Spengler: sai: i cant say i like that
- [10:15] Goldie Katsu: ok so first AD and RD agree that they are who they say they are
- [10:15] Tao Takashi: but we need to come up with a sensible set of means which need to be implemented
- [10:15] Tao Takashi: Goldie: sounds like normal SSL certs in web traffic
- [10:16] Ehdward Spengler: i think ad should be good until proven otherwise
- [10:16] Wolt Amat: I think we need more detailed requirements before we need means.
- [10:16] Goldie Katsu: Then they verify that they have a level of trust "he says truth/not truth/maybetruth"
- [10:16] Saijanai Kuhn: basic principle of data security, I think.
- [10:16] Goldie Katsu: (implementation specific)
- [10:16] Dale Innis: We don't need to solve the whitelist v blacklist thing here. Please? :)
- [10:16] Goldie Katsu: then they exchange "what they do"
- [10:16] Tao Takashi: right Dale, that's up to the RD or AD to do what they think is good
- [10:16] Ehdward Spengler: sai, maybe but this certification think sounds complicated and potentially annoying
- [10:17] Dale Innis: The certificates are just to verify that you're really who you are. End users will never even see them.
- [10:17] Tao Takashi: Goldie: Do you need to exchange more? If asked for something you just don't give it out if you don't want to
- [10:17] Rex Cronon: there is a very simple way to do certification:)
- [10:17] Dale Innis: They're used on the web in SSL all the time.
- [10:17] Ehdward Spengler: dale, ah ok
- [10:17] Tao Takashi: or you don't accept it if offered
- [10:17] Goldie Katsu: and then based on policy they determine if assets from users on AD can be rezzed in RD? Or Sold on RD?
- [10:17] Tammy Nowotny: unless they pop up like they do on the WWW sometimes
- [10:17] Saijanai Kuhn: Ehdward, the Agent Domain is potentially the most powerful bit of malicious software in the entire system
- [10:17] Ehdward Spengler: yeah, those mismatch certs are irritating
- [10:17] Tao Takashi: Goldie: I think we need use cases to collect what can happen in the first place and see how it can be handled and what's needed in the protocol to handle it
- [10:17] Dale Innis: I would hope that the domains wouldn't expose expired certificates etc like browsers do. :)
- [10:18] Tao Takashi: I would expect so ;)
- [10:18] Dale Innis: Let's try the "I TP to grid X and give a transferabble object in my inventory to someone there" case. Are there hard questions?
- [10:18] Goldie Katsu: I guess the question is - is trust for behavior something that the AD and RD just define internally once they verify the identiy or do they exchange policy information?
- [10:18] Tao Takashi: how cool would that be if I cannot access my inventory because my AD forgot to renew the cert ;-)
- [10:18] Rex Cronon: u make 1000USD deposit to connect your grid to the main, if your grid is used for unlawfull activities u loose the deposit, your grid is disconnected, and if u want connect again the deposit increases 10 times
- [10:18] Tao Takashi: Goldie: that would mean to somehow formally define policy decisions
- [10:18] Dale Innis: ( Like that time MS forgot to renew with NetSol, and all of Passport broke heehee )
- [10:19] Goldie Katsu: oh no big provider ( like google) would forget to renew their cert
- [10:19] Tao Takashi: Goldie: sure
- [10:19] Ehdward Spengler: 1000usd deposit??? noway, never nope
- [10:19] Tao Takashi: we hope at least ;-)
- [10:19] Wolt Amat: Will it have to differentiate between loaned, given or sold?
- [10:19] Rex Cronon: is very simple:)
- [10:19] Tammy Nowotny: and what if someone uses a stolen credit card to pay the bill?
- [10:19] Ehdward Spengler: thats not very free or open
- [10:19] Goldie Katsu: So do we need to define a way to transmit policy information?
- [10:19] Dale Innis: Let's try just given first. :)
- [10:19] Tao Takashi: Goldie: Maybe the policy bit can be encapsulated inside a service catalog on service discovery
- [10:20] Tao Takashi: you just serve a different list of services depending on who asks
- [10:20] Goldie Katsu: I would expect it would be handled on first establishing relationships with AD and RD - not with each user loging.
- [10:20] Rex Cronon: people already pay 1000USD to have a private island:)
- [10:20] Dale Innis: That sounds right, Goldie.
- [10:20] Goldie Katsu: so I guess there is the AD/RD trust establishment process
- [10:20] Saijanai Kuhn: you can easily run a REgion domain without trust of any kind. However, running an Agent DOmain without trust is a different color of seahorse...
- [10:20] Goldie Katsu: (not to state the obvious)
- [10:20] Goldie Katsu: and what goes on there?
- [10:21] Dale Innis: Goldie, I don't think that's an online process, isit?
- [10:21] Dale Innis: If the RD is contacted by an AD,
- [10:21] Goldie Katsu: Well there are parts that are online
- [10:21] Dale Innis: it just authenticates the AD, and then looks in its "how m uch to I trust this AD" table.
- [10:21] Goldie Katsu: Like the ssl connection establishment where they verify identities.
- [10:21] Dale Innis: Right, but aside from identity, there's nothing else to the online part? Is there?
- [10:21] Ehdward Spengler: rex: yeah but i dont want to pay another 1000 just so people can log onto my sim
- [10:21] Tao Takashi: the service catalog could be cached, yep
- [10:22] Saijanai Kuhn: Dale, I think any AD that is allowed into a region has to peg the trustometer by default
- [10:22] Tao Takashi: but maybe each user also has such a thing.. but that's probably more interesting to the viewer
- [10:22] Goldie Katsu: So the rest would just be a service catalogue?
- [10:22] Dale Innis: Sai: talk to Tao about that. :)
- [10:22] Goldie Katsu: not a matter of trust?
- [10:22] Tao Takashi: either SC or trying and getting a 403
- [10:23] Dale Innis: Yeah, the way I see it, ADx says "Hi, I'm ADx", and RDy makes sure it really is, and then looks up in its policy book h ow much to trust ADx.
- [10:23] Goldie Katsu: Ok, so AD and RD are talking, AD semi-trusts RD. What gets communicated to the Agent?
- [10:23] Tao Takashi: it might also be that you get some data but not the complete set or so
- [10:23] Dale Innis: "semi-trusts" isn't very specific. :)
- [10:23] Saijanai Kuhn: a region domain need not be trusted to allow visiters from otheer places, but an agent domain HAS to be the most trusted thing in the system
- [10:23] Goldie Katsu: lol
- [10:23] Tao Takashi: trust level is probably the amount of services allowed to a service
- [10:24] Tao Takashi: from none to all
- [10:24] Goldie Katsu: Agreed
- [10:24] Goldie Katsu: So even though the protocol on the AD/RD may not define what that is
- [10:24] Tao Takashi: where none unfortunetaly includes rez_avatar
- [10:24] Tao Takashi: ;-)
- [10:24] Goldie Katsu: That may become relevant to the agent level.
- [10:24] Dale Innis: Hold on , Sai, couldn't an AD be trusted only to the extent that the RD believes it when it says "here's JoeJones@ADfoo rezzing in">
- [10:24] Dale Innis: What could a malicious AD do, exactly?
- [10:25] Saijanai Kuhn: how would you trust them not to have a man-in-the-middle proxy of some kind?
- [10:25] Tao Takashi: send a "broken" Dale Innis ;-)
- [10:25] Dale Innis: As long as it's DaleInnix@ADfoo, that's okay with me. :)
- [10:25] Wolt Amat: The user will have to be brought into the negotiation if the tiered authorization limits some functionality, and needs to be accepted.
- [10:25] Tao Takashi: who in reality is Plasticduck
- [10:25] Goldie Katsu: lol
- [10:25] Tao Takashi: ok, but it shouldn't be able to forge the ADfoo part
- [10:25] Dale Innis: All the proxy would be able to do is get access to anything that JoeJones@ADfoo could. Is that a problem?
- [10:25] Tao Takashi: but that's an SSl thing
- [10:26] Saijanai Kuhn: and funnel all assets it is viewing straight to the PiratesBayAD.com asset server
- [10:26] Dale Innis: Right, we're assuming the AD can't forge its identity; that's a solved problem.
- [10:26] Tao Takashi: it could maybe also buy items and copy them
- [10:26] Goldie Katsu: or as solved as we're going to bother with
- [10:26] Dale Innis: Sure, but the real JoeJones@ADfoo could do that also.
- [10:26] Saijanai Kuhn: but an untrusted AD doesn't have to forge its identity, just what it does
- [10:26] Dale Innis: So it's n ot a new threat, is it?
- [10:26] Tao Takashi: it might also send 1000s of avatars over
- [10:26] Saijanai Kuhn: its a threat on the level of you can have 10,000 copybots entering any and all sims funneling everything to one server
- [10:26] Tao Takashi: you might want to block such ADs
- [10:27] Dale Innis: Sure, you could certainly limit the number of AVs an untrusted AD can send in. that's fine.
- [10:27] Saijanai Kuhn: just oe would be sufficient to piss off every content creator on a grid
- [10:27] Tao Takashi: we should invite griefers to these meetings and ask them ;-)
- [10:27] Tammy Nowotny: LOL Tao
- [10:28] Goldie Katsu: well if it is truly untrusted then the agents on that AD won't be able to access the RD
- [10:28] Dale Innis: Sai, are you saying that the ability to have a copybot AD is somehow worse than the ability to have a copybot client? Why?
- [10:28] Saijanai Kuhn: by default, and Agent Domain is to be considered a giant copybot scheme, IMHO
- [10:28] Saijanai Kuhn: because you could take REAL people and turn them unknwoingly into copybots as well
- [10:28] Ehdward Spengler: content creators are hysterical from what ive seen. open source exposes security problems. if someone tried that, theyd be exposed very quickly
- [10:28] Tao Takashi: I think clever people take an account on a trusted AD, send in their bots and copy stuff
- [10:29] Tao Takashi: not setup an AD which then is blocked after a day
- [10:29] Dale Innis: Exactly. Doesn't seem like a new threat.
- [10:29] Tao Takashi: or maybe trying to get access in the first place
- [10:29] Goldie Katsu: Open source can't fix a bad protocol.
- [10:29] Tao Takashi: open source can't fix bad people ;-)
- [10:29] Goldie Katsu: Open source is not a cure all for security, it addresses some things but not all things.
- [10:29] Goldie Katsu: that too
- [10:29] Saijanai Kuhn: yes, but its still different than having an Agent Domain that automatically makes all avies logged in part of the copybot system
- [10:29] Goldie Katsu: some of it is a social problem.
- [10:29] Tao Takashi: technology in general can't
- [10:29] Goldie Katsu: yes but if the AD did that it would become untrusted.
- [10:29] Ehdward Spengler: true but it is a good mechanism for exposing problems
- [10:29] Wolt Amat: Maybe agent log in will require a human only test.
- [10:29] Tao Takashi: Sai: sure every AD owner might have access to the whole inventory of all their users
- [10:30] Saijanai Kuhn: I thought we were assuming that this particular AD WAS untrusted but still had the right to rez_avatar
- [10:30] Tao Takashi: that influences also where an object can go
- [10:30] Goldie Katsu: agreed. Just pointing out that just because it is open source doesn't mean it addresses all concerns.
- [10:30] Tao Takashi: and it depends whether an object is copied to a customer's agent domain or stays on the creator AD
- [10:30] Dale Innis: Anyway, I think this is sort of drifting off of the protocol question, into the "how careful do you have to be what ADs you believe?" question, which is really for each RD to decide for itself.
- [10:30] Saijanai Kuhn: Wolt a human controlling an avie logged in through PiratesBayAD might still be a copybot via man in the middle
- [10:30] Ehdward Spengler: of course, im not suggesting oss is going to solve world hunger or something ;)
- [10:30] Tao Takashi: while the latter would be more safe for the creator the first one would be more safe for the customer
- [10:30] Goldie Katsu: So my question is
- [10:31] Wolt Amat: Yes, thx, I was addressing the "1000s of bots".
- [10:31] Tao Takashi: so I at least would like to have the objects I bought to reside on my AD
- [10:31] Goldie Katsu: does the trust defined in the AD/RD relationship (what they trust each other to do) have any implication in the trust further up in the nature of the decision the agent may make about going to a place or chosing to rez an object
- [10:32] Saijanai Kuhn: if a client is logged in through an AD, anything the AD introduces the client to is potentially hacked
- [10:32] Goldie Katsu: or are these only thigns that impact what the AD or RD does?
- [10:32] Saijanai Kuhn: to whatever level the client can see/use assets on the region domain
- [10:32] Wolt Amat: Sounds like a business opportunity for a third party UUID registrar.
- [10:32] Tao Takashi: I need use cases for this I think ;-)
- [10:32] Goldie Katsu: Ah that is a client->AD trust issue
- [10:32] Tao Takashi: esp. because I am getting quite tired here..
- [10:33] Dale Innis: Yeah, the user will have to trust the RD not to make stupid trust decicions... :)
- [10:33] Tao Takashi: like only allowing the user in naked ;-)
- [10:33] Saijanai Kuhn: Goldie, it is a trust issue with AD's period. an AD that is accepted into a comercial region's whitelist has to be at the top tier of trust, period (IMHO)
- [10:33] Dale Innis: You ARE getting tired. :)
- [10:33] Tao Takashi: and then banning the user because he was naked
- [10:33] Goldie Katsu: The user has to be smart and know not to log into Ketchup
- [10:34] Tao Takashi: user!=smart though
- [10:34] Goldie Katsu: True
- [10:34] Goldie Katsu: and some will be stupid
- [10:34] Dale Innis: Can I quote you on that? :)
- [10:34] Tao Takashi: or tired ;-)
- [10:34] Twa Hinkle: ha
- [10:34] Goldie Katsu: some smart ones will be stupid - anyone can fall for a sucker punch.
- [10:34] Goldie Katsu: lol
- [10:34] Ehdward Spengler: this stuff needs to be pretty much transparent to the user
- [10:34] Dale Innis: Agreed, Ehd.
- [10:34] Latha Serevi: Perhaps some brain-assist client software that has a blacklist and graylist and warns loudly
- [10:34] Dale Innis: Good defaults! :)
- [10:34] Goldie Katsu: The user will make a choice on their provider.
- [10:34] Goldie Katsu: for the initial AD
- [10:34] Tao Takashi: Microsoft will come up with a good security solution
- [10:35] Tao Takashi: ;-)
- [10:35] Ehdward Spengler: LOL
- [10:35] Dale Innis: So I can imagine very paranoid grids using Sai's "only talk to very very trusted ADs" policy, and very open ones using Ehd's "good until proven bad". We just need to support both in the protocol. :)
- [10:35] Tammy Nowotny: glad otehrs said that
- [10:35] Tao Takashi: actually they have smart people working on cool things.. I met one at the IdentityCamp. but somehow they always seem to screw it up in the end ;-)
- [10:35] Goldie Katsu: Then the question is what happens when they go to a grid that requests a new AD - that can have the account created automagically but with a lower trust.
- [10:35] Tao Takashi: maybe not always..
- [10:36] Latha Serevi: (I do have the general idea that the viewer can represent the user's interests, and therefore the user needn't be assumed to be an idiot all the time, just sometimes)
- [10:36] Tao Takashi: "requests a new AD"?
- [10:36] Dale Innis: Yeah, what did that mean? :)
- [10:36] Goldie Katsu: sorry
- [10:36] Goldie Katsu: let me try englishing it.
- [10:36] Goldie Katsu: I'm on Linden Sims logged into the Linden AD
- [10:37] Goldie Katsu: I go to TP to notLindenRD
- [10:37] Tao Takashi: why would you do that? LLRDs are the best!
- [10:37] Dale Innis: pokes Tao.
- [10:37] Goldie Katsu: It doesn't trust Linden AD but trusts someotherAD
- [10:37] Tao Takashi: . o O ( my patriotism... )
- [10:37] Tammy Nowotny: (Is this one of the famous regions behind the IBM forewall? I am wondering... though I guess this is LL Region Domian.)
- [10:37] Goldie Katsu: someotherAD can create an account using OpenID for all LindenAD accounts because Linden is awesome.
- [10:38] Tammy Nowotny: *firewall
- [10:38] Tao Takashi: this region here?
- [10:38] Goldie Katsu: does this happen transparently?
- [10:38] Dale Innis: Gah!
- [10:38] Dale Innis: Hadn't thought of that usecase before. :)
- [10:38] Tao Takashi: I wouldn't make this automatic, I would like to know where I have accounts
- [10:38] Tammy Nowotny: mm hmm, Tao
- [10:38] Dale Innis: If notLinden doesn't trust Linden, but someotherAD does trust Linden, I wouldn't think notLinden nshould trust someOther??
- [10:38] Tao Takashi: it maybe can streamline it though
- [10:39] Tao Takashi: the client actually could streamline it
- [10:39] Tao Takashi: and then you have a linked agent
- [10:39] Dale Innis: That usecase would have to be spelled out in more detail for me, I think. Seems weird. :)
- [10:39] Latha Serevi: Goldie's story reminds us that we may need to support more models than "1 person has one AD always", even if it is the most common/important case. Perhaps "I" have different knds of assets, or there's more than one interesting kind of AD. Can I "link" my identities between two AD's, and if so how, I wonder?
- [10:39] Tao Takashi: well, it might be Facebook ;-)
- [10:40] Wolt Amat: We will all have multiple identities on multiple sites with varied trust, and each time it needs to be negotiated, all available paths should be available for selection by the user.
- [10:40] Tao Takashi: it might be a corporate AD and RD
- [10:40] Saijanai Kuhn: There might be times when a walled garden grid (WoW) requires that only a copy of an avie be allowed in...
- [10:40] Tao Takashi: but I'd rather think that you login to the new AD then.. I wonder how this could be made transparent
- [10:40] Saijanai Kuhn: so a new AD takes over for that stay
- [10:41] Latha Serevi: Wolt, I don't expect that most of us will have access to that full multiple-identity-ordering-capability most of the time, even if it's a nice idea in principle.
- [10:41] Wolt Amat: We have that problem today in comms - user uses personal or company phone, on public, his company, or other company net, for personal or company session.
- [10:41] Dale Innis: The viewer could show you your various identities and ask which one you want right now, and go to the appropirate AD.
- [10:41] Saijanai Kuhn: but the state transfer is one way in that case. You can't log back into a trusted AD from a non-trusted AD
- [10:41] Tao Takashi: well, changing AD also might mean different inventory, friends list etc.. leaving group IMs ...
- [10:41] Dale Innis: ( When does this meeting actually end? :) )
- [10:41] Tao Takashi: so you should be informed about that change esp. as the client needs to log you in to the new AD anyway
- [10:42] Saijanai Kuhn: when people get tired or have a nother meeting or RL
- [10:42] Rex Cronon: 11
- [10:42] Dale Innis: :)
- [10:42] Goldie Katsu: LOL
- [10:42] Wolt Amat: Latha, I think it exists today - buy stuff on the Web - you can use multiple options.
- [10:42] Dale Innis: Yeah, I wouldn't want to change ADs (thus changing identities) without knowing about it!!
- [10:43] Goldie Katsu: Well maybe we should wrap up soon.
- [10:43] Dale Innis: We got some good issues out.
- [10:43] Goldie Katsu: I think we should put down use cases, and questions we have on the layers of trust.
- [10:43] Goldie Katsu: I agree.
- [10:43] Dale Innis: Use-cases to the wiki? :)
- [10:43] Dale Innis: Yes!
- [10:43] Goldie Katsu: where should they go on the wiki
- [10:43] Latha Serevi: Wolt ... support for multiple options exist, but the super-smart-let-me-choose-automagically-client doesn't. Support first, do magic later.
- [10:43] Dale Innis: On that same page from Infinity, or elsewhere?
- [10:43] Tammy Nowotny: Trust, but Verify
- [10:44] Wolt Amat: I wasn't as compolicated as "automagically" :-)
- [10:44] Goldie Katsu: chuckles recalling one of the lines of the forsaken
- [10:44] Tammy Nowotny: (I just felt like saying that)
- [10:44] Dale Innis: (haha)
- [10:44] Dale Innis: So we can just stick usecase ideas onto that same Trust page?
- [10:44] Saijanai Kuhn: cerate a usecase section?
- [10:44] Dale Innis: ( I guess silence is assent :) )
- [10:44] Goldie Katsu: I think there should be a sub page for the use cases
- [10:44] Goldie Katsu: but I suppose that could be created
- [10:45] Tammy Nowotny: I think so too
- [10:45] Saijanai Kuhn: usecases go _here_
- [10:45] Dale Innis: there? :)
- [10:45] Tao Takashi: nearly asleep anyway.. need to get out of the office I think
- [10:45] Saijanai Kuhn: Where
- [10:45] Latha Serevi: I'll add to a trust page (set-of-four-pages), but apparently I'm too chicken to make one as my first action on the wiki.
- [10:45] Dale Innis: You said [10:45
- [10:45] Goldie Katsu: Yeah
- [10:46] Rex Cronon: i have to go
- [10:46] Saijanai Kuhn: here as in a page link...
- [10:46] Rex Cronon: bye everybody
- [10:46] Bartholomew Kleiber: bye rex
- [10:46] Goldie Katsu: bye Rex
- [10:46] Dale Innis: We ahve [10] to build on
- [10:46] Dale Innis: oh I get it! lol
- [10:46] Dale Innis: bye Rex
- [10:46] Rex Cronon: have fun:)
- [10:46] Tammy Nowotny: bye Rex
- [10:46] Dale Innis: Is "User Stories" intended for use cases?
- [10:46] Dale Innis: On that page?
- [10:46] Goldie Katsu: can someone add the subpage for the use cases
- [10:46] Goldie Katsu: I think it might fit in that section.
- [10:47] Goldie Katsu: I'm a bit...hesitant to edit something with a table of contents.
- [10:47] Saijanai Kuhn: might be the same. YOu should ask INifinity
- [10:47] Dale Innis: I'll stick something in and we can fix it later. :)
- [10:47] KB3NZQ Haystack: hate to do thos but i need to get off for a bit
- [10:47] Tammy Nowotny: if it's like wikipedia, the page updates its TOC automatically
- [10:47] Dale Innis: I do too, have a meeting at 11 myself to prepare for.
- [10:47] Dale Innis: eah, the TOC should be automatic.
- [10:48] Saijanai Kuhn: yeah, just add a ==section header== at the level you want it in
- [10:48] Tao Takashi: maybe it can go into the AWGroupies namespace
- [10:48] Wolt Amat: Done.
- [10:48] Tammy Nowotny: is yr name a ham radio callsign, KB3?
- [10:48] Goldie Katsu: ok lets pick a place
- [10:48] Dale Innis: In the "User Stories" section of Infinity's p;age for now.
- [10:48] N3WHC Serevi: I bet it is, Tammy
- [10:48] Dale Innis: lols
- [10:49] Saijanai Kuhn: just create a page and stick a link in the user stories section
- [10:49] Tammy Nowotny: LOL N3WHC
- [10:49] Goldie Katsu: LOL lotsa hams!
- [10:50] Tammy Nowotny: I never got around to getting my license
- [10:50] Tammy Nowotny: and then the 'net was invented
- [10:50] N3WHC Serevi: Never really did ham radio, but took the test before a sailing voyage.
- [10:50] Tammy Nowotny: cool!
- [10:50] Goldie Katsu: They've removed the code requirement.
- [10:50] Dale Innis: Yeah, the code always put me off. :)
- [10:50] Goldie Katsu: I consider myself an accidental ham
- [10:50] Tammy Nowotny: code might come in handy when it's laggy
- [10:50] Goldie Katsu: My husband was taking the test and they talked me into taking it.
- [10:50] Tao Takashi: is off
- [10:50] Dale Innis: whoops? :)
- [10:50] Tao Takashi: cya soon!
- [10:50] Dale Innis: haha
- [10:50] Dale Innis: Bye Tao!
- [10:50] Tao Takashi: good discussion
- [10:50] Bartholomew Kleiber: bye tao
- [10:50] Goldie Katsu: Bye!
- [10:51] Goldie Katsu: Yeah good discussion
- [10:51] LaLa Xevious: take care - very good discussion
- [10:51] Tammy Nowotny: there is a way to send email from ham radio
- [10:51] Wolt Amat: I pput an empty page under User Stories for now.
- [10:51] Goldie Katsu: Great
- [10:52] Wolt Amat: OJY Wiki editing :-)
- [10:52] Wolt Amat: OJT*
- [10:52] Wolt Amat: Or OTJ rather
- [10:52] Wolt Amat: Note keyboard skills.
- [10:52] Goldie Katsu: yay!
- [10:52] Dale Innis: haha I was just adding some content
- [10:52] Tammy Nowotny: TYVM, interesting discussion
- [10:52] Goldie Katsu: stylish keyboard skills.
- [10:53] Saijanai Kuhn: so we done?
- [10:53] Goldie Katsu: Yep for now.
- [10:53] Saijanai Kuhn: KK wikifying