Hypergrid Inventory Access
From OpenSimulator
This article or section is a Proposal It does not represent the current state of OpenSim, but is an idea for future work in OpenSim. Please feel free to update this page as part of the proposal discussion. |
Proposal for Restricting Access to Inventory in Open Grids
Problem Statement
Open grids that allow arbitrary people to plugin their opensims pose a serious threat to the security of users' inventories and grid assets. A malicious host can simply copy the entire visitor's inventory, and can even wipe it out. It can also issue a long stream of requests to the asset server, in the hopes of copying as many grid assets as possible.
Analysis of the Problem
The kernel of the problem is that there exists an implicit trust between regions and storage-related servers. This trust comes from Linden Lab's grid architecture, where all regions are run by the same organization that runs the storage-related servers. This trust does not hold in open systems.
Proposed Solution
- Make "home" mean a lot more than a place on the map. In an open system, "home" can be the place where the user can safely access her inventory without fear of theft. When users go out of their home regions, access to their inventory (GET) is restricted to only one special folder called "Suitcase". The only items that can be accessed while the user is out and about are those placed in the Suitcase, all other items are refused service. The user should be aware that those items, as well as the attachments the user carries, can be stolen by malicious hosts.
- Establish a function for users to be able to specify foreign additional regions that they trust.
Ai Austin adds: The suitcase proposal is a very good one. I already use a single prim object called an avatar suitcase with contents that I want to take into a new Opensim grid I join. I keep it limited to entities that are not prims within that object. I then have the set of extra prims (hair, name badge and so on) I want to take over as well. I do that so that Second Inventory can do the transfer. Having a folder that you KNOW will be accessible on the grid you go across to would be a great way to do this, and be compatible with Second Inventory transfer of that entire folder. We need to make sure that prim attachments on the avatar do transfer though.