[Opensim-dev] Security: multiple or the most generic?
Michael Cortez
mcortez at gmail.com
Tue Apr 14 15:05:02 UTC 2009
Melanie wrote:
> They are very different. A key is specific for one client-server pair.
> So for each region the client visits there is a unique key that the
> other regions might not know about. When TPs are performed on the
> server-side, this is equivalent to (b) because the regions are acting on
> behalf of the agent. But for client-side Teleports, this makes all the
> difference -- the regions don't know about the other regions' keys.
>
I may be missing something, haven't had any caffeine yet this morning...
Any particular reason why the system could not use the SessionID
(established for the source region) to validate the user as they
transfer to the destination region -- but once validated, a new
SessionID is generated for the target region and the old SessionID
invalidated -- or if not invalidated, at least make it useless without
some region key, thus giving you a unique key-pair? This would give
you a unique "key" for each region, without the client having to be
modified {negotiation of new Sessions would be done between the region
and the authentication server.}
That would at least make it so that the regions don't know about the
other regions' key pairs.
That said/asked... I'm all in favor of whatever is the most secure
route as an option -- as long as we maintain support for scenarios where
the client is not the authoritative source. If we lobotomize out the
ability for a fire-walled and closed grid and regions to be
authoritative then we also cut out entire usage scenarios where the
default is not to trust the client, or anything the client says {think
remote access to closed corporate networks or game scenarios.}
Just my half-awake two cents,
--
Michael Cortez
More information about the Opensim-dev
mailing list