[Opensim-dev] The essence of "grid"

Cristina Videira Lopes lopes at ics.uci.edu
Wed Apr 15 20:24:07 UTC 2009 

I'm trying to understand what it is that we are supposed to secure, 
because security depends entirely on that :-)

I've seen way too many talks/chats/posts/blogs talking about a Web of 
VWs in some form, while making the unwritten assumption that the concept 
of "grid" (aka Virtual World unit, or whatever you want to call it) 
aligns with the concept of a domain of trust (i.e. a bunch of simulators 
that trust each other, under the control of one authority). Then, a Web 
of VWs is the interconnection of those domains of trust.

Well, OSGrid doesn't align with that. So either OSGrid is not a 
valid/sustainable use case for OpenSim or there's something wrong with 
that unwritten assumption. In my infinite tolerance towards variety, and 
given the empirical evidence here, I'm leaning towards the latter (i.e. 
there's something wrong with that assumption).

Yes, OSGrid, as is, will always be extremely vulnerable towards insider 
rogues; technically, it's impossible to secure OSGrid's UGAIM servers 
from malicious sims connected to it. But so what? Maybe people want it 
like that, maybe the OSGrid community wants to perform human 
surveillance instead of applying technical solutions such as the 
Hypergrid (once it's matured). Should we stop supporting that use case?

If we continue to support the existence of grids like OSGrid, then we 
need to think what it means for the users to visit such grids, and how 
they can visit them securely -- that's all I'm trying to figure out.


Justin Clark-Casey wrote:
> Charles Krinke wrote:
>> OSGrid exists with two goals.
>>
>> 1. Test OpenSim SVN on a regular basis and report results to aid in 
>> software development.
>> 2. Nurture a community.
>>
>> We need to start by considering that OpenSim splits the asset storage 
>> between regions and the OpenSim assetServer. So, the OpenSim asset model 
>> is a little different then SecondLife since we already distribute some 
>> assets between regions and the UGAIM.
> 
> I didn't know you were doing this already.  Is there anywhere you could point to with more details?
> 
>> Are we saying that OSGrid is doing something problematic and pertubating 
>> the OpenSim development? I am confused about the OSGrid comments in this 
>> philosophical discussion. As I see the whole situation, OSGrid is 
>> testing the mainline trunk SVN from OpenSim in a manner consistent with 
>> the desires of the community.
> 
> Not at all.  I think the debate is more about how the architecture will move forward in the future.  As you know, 
> regions on OSGrid have to be pretty trustworthy so as not to abuse the central grid services.  This classic architecture 
> won't go away, but it might be that active development and research switches to other architectures (e.g. client side 
> asset/inventory access, hypergrid), which can be better secured for a robust distributed virtual environment.
> 
> OSGrid may want to consider at some point whether it wants to migrate or switch to other architectures once these have 
> matured further.  I doubt that this maturity is all that imminent.
> 
> Anyway, I'm probably putting words into Diva's mouth now.
> 
>> Charles
>>
>> ------------------------------------------------------------------------
>> *From:* Justin Clark-Casey <jjustincc at googlemail.com>
>> *To:* opensim-dev at lists.berlios.de
>> *Sent:* Wednesday, April 15, 2009 8:24:45 AM
>> *Subject:* Re: [Opensim-dev] The essence of "grid"
>>
>> Diva Canto wrote:
>>  > As I zoom in on issues of trust and security, I'm getting to the point
>>  > where I need a sharp definition of "grid". What is a grid, besides being
>>  > a map/lookup service and a user accounts service?
>>  >
>>  > a) nothing more than that
>>  > b) a trust domain
>>  >
>>  > If we choose b) then we need to think about OSGrid-like grids. How can
>>  > we trust that a collection of regions administered by different people
>>  > will behave? Can OSGrid-like grids survive without ToS being signed
>>  > between the grid operator and the region operators? What if the ToS is
>>  > such that it delegates to the region admins any liability on bad things
>>  > happening in their regions? -- that leaves the user with no central
>>  > authority to complain, which is as good as not having a trust domain.
>>  >
>>  > If OSGrid-like grids (i.e. no contracts, or very loose ones; just a map
>>  > service) are to exist, then it's clear that b) doesn't hold in general.
>>  > It means that there can be grids that are simply a collection of regions
>>  > that come together in virtual space, but whose trustworthiness as a
>>  > whole doesn't exist.
>>  >
>>  > The Hypergrid is specifically designed to cross trust boundaries. Should
>>  > the OSGrid-like grids become HG-ed sims that share the same map, and let
>>  > "grids" be, fully, trust domains?
>>  >
>>  > You may think I'm getting into philosophy, but this is critical for the
>>  > technical work I'm doing right now related to authentication,
>>  > server-side vs client-side authority, etc. If we can assume that a
>>  > "grid" is a uniform trust domain with a central authority, things will
>>  > be simpler in many ways. If not, things will be a bit more complicated.
>>  >
>>  > Thoughts?
>>
>> I think that you could adopt b) without having a philosophical problem 
>> with OSGrid.  I would say that even the 'loose
>> contracts' on OSGrid are a form of trust.  If someone were to abuse that 
>> trust then I be very surprised if they were not
>> removed from the grid.
>>
>> If OSGrid wanted better security by not sharing the current central 
>> services then perhaps they could stipulate that new
>> regions had to connect by Hypergrid rather than the current model (once 
>> the various gaps in Hypergrid are ironed out)?
>> Then, in a sense, all the directly connected regions becomes a large 
>> Hypergrid node in the federation that makes up OSGrid.
>>
>>  >
>>  >
>>  > _______________________________________________
>>  > Opensim-dev mailing list
>>  > Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>>  > https://lists.berlios.de/mailman/listinfo/opensim-dev
>>  >
>>
>>
>> -- 
>> justincc
>> Justin Clark-Casey
>> http://justincc.wordpress.com
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
> 
>

More information about the Opensim-dev mailing list