[Opensim-dev] secure_inventory_server ??

Michael Wright michaelwri22 at yahoo.co.uk
Fri Jul 25 15:48:51 UTC 2008 

I might be missing something but I don't see how this solution addresses  some of the problems. Maybe I wasn't very clear on some of the use cases that would currently be broke.

The use case (or one of many) that I'm talking about, is if a user has inventory on a inventory server, that user's inventory shouldn't be tied to any user server/grid. So the user should be able to use the same inventory set on multiple grids. At the moment that means they have the same userid on each grid but thats no problem (and in the future I hope we will support a better way of identifying a inventory belongs to a user). 

So lets call the Inventory server InvN like you used. My single inventory set (of folders/items) on that server is called InvSetA. Then we have Grid A and Grid B.  With user server A and B. When I log into grid A it should use InvN to receive InvSetA. But also if I log out of grid A and log into grid B then it should also use InvN to receive InvSetA. The inventory set (of folders/items) isn't tied to a single grid/avatar. It belongs to the user. The "grid" is just using a guid (avatarID) to access the correct inventory set. So as long as both grids use the same id, they should be able to use the same inventory. 

So in this case if we have the pull from user server approach to authenticating then it needs to switch between user server A and B, depending on what grid the user is currently logged into. So again it would require a push somewhere to update which is the current user server for that user. 

As far as I can tell, your solution just stops a inventory server being tied to a single grid/user server and instead ties each inventory set to a grid/user server. That is better than tying the whole server. But it doesn't support the above case.

There are a number of other use cases that would require multiple grids/instances to access a single inventory set. 

I find it helps if we think of User server and the grid server as seperate to the inventory and asset server. The user server defines what users can access a grid (plus other data like what inventory server that user is using).  The grid server defines and manages what regions are on a grid.

But asset and inventory server can (in part) be thought of more as end user servers. In that a user could use the same servers on multiple grids and that can mean using the same inventory on all grids. So then if we think about defining on the asset and inventory servers what grids/regions can access them.
 
 
liu xiaolu <lulurun at gmail.com> wrote: First, I want to clarify that, I am not against what you said
To release inventory, asset server become independent ones is also what I have been working on.

I am just trying to introduce my thoughts:
 >>[solution:]
>>* add a new table for inventoryserver, 2 fields, useruuid, userserver_url, everytime inventoryserver
 >>  extract "session_id", "user_id" from the request, get "userserver_url" by "user_id", then check the
 >>  identity of "user_id" from "userserver_url" (call check_auth_session)
>I really think rather than the inventory server calling a authenticate method on the user server. That
>the user server should send a sessionid to the inventory server when a new login happens. I guess
>your idea of the userserver_url was something silmilar in that the userserver would update it when
>a user logs in? Otherwise if it was just "hardcoded" in the db then it wouldn't solve anything.

sorry for the lack of explanation of the new table, temporary let me call it "userserver_dictionary".
* "userserver_dictionary" is a table always together with inventoryfolers, inventoryitems
 * "userserver_dictionary" has 2 column: user_id pkey, userserver_url
// user registration
when a new user registered at a GridService G1, the user will possibly have its account on G1's
userserver U1, then, no matter which inventoryserver the user is using(or going to use), assume it is called InvN,
 InvN's "userserver_dictionary" would be added 1 record <"uid", U1's url>,
// user login to VW
* user get authentication at U1, get "session_id"
* user login into a regionserver, regionserver gets user's profile and extract user's inventoryserver InvN from its profile.
 * regionserver requests getInventory("session_id", user.uuid) from InvN.
* InvN gets "U1's url" by user.uuid from "userserver_dictionary"
* InvN requests check_auth_session("session_id", user.uuid) from "U1's url"
 //
in this case, dose InvN satisfies what you want ?
* InvN is separate from any other server
* InvN is independent, not rely on any userserver, it pull identity under user's specification(get "userserver_url" by uuid)
 * InvN can store users from different gridsevices

-- 
Lulurun 
 _______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev


       
---------------------------------
 Not happy with your email address?
  Get the one you really want - millions of new email addresses available now at  Yahoo!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080725/ca3f2dcf/attachment-0001.html>

More information about the Opensim-dev mailing list