[Opensim-dev] Security: multiple or the most generic?
Diva Canto
diva at metaverseink.com
Mon Apr 13 18:25:06 UTC 2009
Melanie wrote:
> Well, if a key is an arbitrary string, then it may also be a constant
> UUID value, e.g. the standard session id we have now, so (c) really
> includes (b).
They are very different. A key is specific for one client-server pair.
So for each region the client visits there is a unique key that the
other regions might not know about. When TPs are performed on the
server-side, this is equivalent to (b) because the regions are acting on
behalf of the agent. But for client-side Teleports, this makes all the
difference -- the regions don't know about the other regions' keys.
> [...]
> So, for now, (c) is the way to go, just don't forget the (b) use case.
> Interregion trust should remain possible.
Right. Even though my main focus is the Hypergrid, I'm a little
reluctant in letting go of (b), and even of (a). The problem I'm
debating is how to architect OpenSim so that these different schemes can
co-exist without the code and configuration being a mess.
More information about the Opensim-dev
mailing list