[Opensim-dev] Lively
Dr Scofield
DrScofield at xyzzyxyzzy.net
Tue Jul 15 12:37:35 UTC 2008
Stefan Andersson wrote:
> Well, I've been nagging everybody about us starting to think of what
> the 'base cases' are; for example,
>
> if our base-base-base case was "the standalone region open to
> unauthenticated and anonymous access, but allowing no editing
> whatsoever" then one could start thinking about how that region would
> actually set up sessions, fetch needed data (what data?) and how you
> would hand-off sessions between such regions (like, what would
> 'teleport' mean between disconnected regions?)
>
> Just to give you an idea; If we had "avatar appearance" implemented as
> a REST service, the only thing the base case would need to create the
> avatar would be a web page that it could GET an avatar appearance from.
>
> This would mean that ANY region could use your static (xml?) web page
> as a template to show your avatar to the others in the region - you
> don't have an 'avatar appearance domain service' - merely a web page.
>
> Of course, if you would POST an avatar appearance to it, it couldn't
> be a static web page, it would have to be some simple php page
> accepting that data and storing it.
>
> Now, the security problem; you would never do a php page that would
> take whatever from whoever, so, either the region had to provide some
> authentication, or you simply have a "home region" which is the only
> one allowed to post appearance from. In effect, you would only be able
> to modify your avatar when being in a trusted region.
>
> This kind of scenario would solve quite a lot of features with a
> minimal amount of protocol design.
>
> And yes, assets; it would be quite doable to create an asset model
> where all local asset id's were dynamically translated to and from
> URLs - hence solving quite a lot of other features and problems with a
> minimal amount of effort.
>
> The asset Id could (should, imnsho) be seen as an affair purely
> between the client and the region; ie, no two regions would have the
> same asset id for the same url data. Or, it could be the regions sha-1
> hash or the binary data, if a region wants to communicate with a
> shared and trusted asset cache instead of directly to the url.
>
> No, I'm not talking specific solutions here, just trying to wedge us
> away from the predominant mind-set onto something truly new and glorious.
i've to say, i like all that.
--
dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab
SL: dr scofield ---- drscofield at xyzzyxyzzy.net ---- http://xyzzyxyzzy.net/
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/
More information about the Opensim-dev
mailing list