[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ogpx] Tourist use case

Is it reasonable to consider that in some (or all) of the normal use cases, that when some key element fails in the protocol related to authentication, inventory or the like, that we can consider completing the teleport as a "Tourist" ??
 
That might simplify debugging this monster we are creating.
 
Charles

From: Vaughn Deluca <vaughn.deluca at gmail.com>
To: Infinity Linden (Meadhbh Hamrick) <infinity at lindenlab.com>
Cc: ogpx at ietf.org
Sent: Friday, October 16, 2009 3:16:51 AM
Subject: Re: [ogpx] Tourist use case



On Fri, Oct 16, 2009 at 10:16 AM, Infinity Linden (Meadhbh Hamrick) <infinity at lindenlab.com> wrote:
i had assumed that the "tourist model" also implied that the client
assumes no transitive trust on behalf of the agent domain, or includes
the agent domain as part of a client implementation.

Not in the most basic case, Morgaine indeed defined it that way, but i feel that that is a more complicated use case, and we would benefit from treating  it separately from the more basic case.
 
also. we should tighten up the language. i would argue that from the
client's perspective, teleporting between Sim 1 and Sim 2 requires no
prior arrangement (for the client.) it does, however, require the
agent domain to trust both sims.

Yes, but note that the asset service will have its own policy in this model, so the needed reasons to distrust the destination region are limited. One obvious reason would be that promises were made to the user to protect the avatar from exposure to adult material.
But if the user indicates is has no problem, i would think in the majority of cases the Agent service can trust the region. In the worst case the avatar would have to be ruthed because the avatar shape can not be exported.
 
maybe we could define the various models in terms of who trusts whom
and how service endpoint addresses are resolved?

Yes, i like that suggestion. 
 
so the "second life" model [1] would essentially be that the client
and the agent domain trust each other, and the agent domain and all of
the region domains trust each other. service endpoints for agent
services are given to the client by the agent domain, while region
service are given to the client by the agent domain or the region
domain.

Yes, although you specify a bit more trust that is needed in my view because you do not    allow assets services there own policy, distinct from the agent service policy, but if you want to make a blanket statement this is correct. 

in the "tourist model" you would have no trust, and the client is
responsible for resolving the address of all services.

No, you loose me here. The client *does*  trust the agent service, there is no difference here with the SL case. The client logs in to an AD, and by definition trusts that service.
that AD has its own asset service,  just like in the SL case, and the user can use those assets (as far as the Asset service allows the assets to go out to other domains).
In addition to using its own asset services the Agent service can use other Asset services.
  
in the "cable beach" model, you have the same trust as the "second
life" model, but you bring the asset service into it's own domain
which is explicitly trusted by the agent domain, the region domains
and the client. asset service endpoints are resolved by the client.

I did not yet look in detail at cable beach, but I clearly  should, since this sounds a lot like what i was thinking of.  However,  I do not think its needed to put the asset service in its own domain, because by definition a domain is under a different administration, and in many cases the asset service will be in some domain. So the critical point is that the asset service in some domain exposes an interface to the world so its assets *can* be used, if by anybody if policy allows it.

-Vaughn


-cheers
-meadhbh

--
  infinity linden (aka meadhbh hamrick)  *  it's pronounced "maeve"
        http://wiki.secondlife.com/wiki/User:Infinity_Linden



On Fri, Oct 16, 2009 at 00:34, Vaughn Deluca <vaughn.deluca at gmail.com> wrote:
> The "tourist use case" has been brought up several times, but the concept is
> not always used in the same way, and needs to be more precisely defined.
> Morgaines original definition of the "Free Worlds Tourist use case" in
> http://www.ietf.org/mail-archive/web/mmox/current/msg01392.html
> mentions two characteristics:
> 1. Travel requires no prior arrangement.
> 2. Your avatar is defined by you, not by the target worlds, and it appears
> in those worlds with no prior arrangement.
> Point 1 is only dependent the policies of the users AD as well as that of
> the destination region. It is not dependent on the protocol, so in principle
> solved.
> The second point is actually extending the SL use case beyond what is in my
> view needed for a basic tourist model (and that is why the post was in the
> mmox list).  In my view  a basic tourist use case has two main
> characteristics:
> 1.  Travel requires no prior arrangement.
>         2.  Agent domains can use external asset services
> Point 2 requires that assets services expose an interface (in the current
> ogp description of the AD that is not the case).
> Note that this models does *not* assumes that all assets in a services
> should be useable by the agent in all domains, but only that an interface is
> available so an asset service in one domain can be contacted by another AD.
> I think exposing the asset service interface directly is essential for
> meaningful interop.  I think it would benefit the discussion if some
> diagrams were added to http://wiki.secondlife.com/wiki/Structural_Design
> and/or to the VWRAP wiki to document this possibility.
> -Vaughn
> _______________________________________________
> ogpx mailing list
> ogpx at ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.