[Opensim-dev] Asset Server Rest Interface
Michael Wright
michaelwri22 at yahoo.co.uk
Sat Nov 3 13:48:52 UTC 2007
The one thing we need to keep in mind when thinking about adding auth/permissions etc on these asset interfaces. It that more and more of the Asset and inventory things are moving to CAPS, I'm not actually sure, if in the last few versions, the SL has started to use CAPS for texture downloads (it didn't about a month or two ago). But it certainly (can) use CAPS for texture uploads and other asset uploads/changes.
We do in opensim, actually use CAPS for some of these things; like texture uploads. Its just our caps handlers are stuck on the region server which then forwards the requests onto the asset server. So we don't really get the benefit of what CAPS is meant to bring. We need, in the future is to move those CAPS handlers, for those services, onto the backend servers. So the servers (or some proxy) deal directly with the client requests. (and I'm not saying we should do it now, think we need to get the base asset system working correctly first)
But what I'm trying to say is any auth we add on the current "Region fetches assets and sends back to the client" system, may not be relevant to the direct client- server CAPS system.
Sean Dague <sean at dague.net> wrote: I wanted to kick off some scribling about the specifics of the REST
interface for the asset server, to get as many eyes looking at this as
possible.
In the early stack today we have:
GET /assets/UUID - returns that asset
POST /assets - pushes an asset, UUID taken from XML
I think that we should move to a url interface more like:
GET /assets/by-uuid/UUID
DELETE /assets/by-uuid/UUID
POST /assets/by-uuid/UUID - this is an update call
PUT /assets/new - asset server creates new UUID, returns
object in the response stream to get
asset server allocated UUID
The next thing that I think we need to figure out is some level of auth
on the /assets/. Today, anyone can do anything, obviously wrong.
However, what is the right answer here?
Should we have trusted regions? Should the asset server ask the grid
server about a region on each request? Should we move permission bits
into assets, and should those be user or region based?
Comments encouraged.
-Sean
--
__________________________________________________________________
Sean Dague Mid-Hudson Valley
sean at dague dot net Linux Users Group
http://dague.net http://mhvlug.org
There is no silver bullet. Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
---------------------------------
Yahoo! Answers - Get better answers from someone who knows. Tryit now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20071103/750c8d21/attachment-0001.html>
More information about the Opensim-dev
mailing list