[Opensim-dev] AssetBase and metadata
Teravus Ovares
teravus at gmail.com
Mon Feb 2 05:46:11 UTC 2009
True, I'm not really going for security here, mostly going for
'possible'. As we edge closer and closer to a metaverse 'standard',
the biggest thing keeping us from wide acceptance is our reliance on
this idea of 100% trust with the region using it. We could use the
RegionSecret for more 'security' as well. Still not 100% secure, but
definately 'more'.
We're moving much faster then other potential standards, granted..
however if it's something that nobody will use in the future, it's
worthless. Some critics have said that in reference to OGP, but, I
think that applies here as well for hypergridding.
Another thing that would be useful, is 'remote grid region'
permissions on the user account which would prevent remote regions
from changing specific user settings (but remote account permissions
would be a thread hijack.. so I'll save that for another e-mail )
Best Regards
Teravus
On 2/2/09, Frisby, Adam <adam at deepthink.com.au> wrote:
> Hrrm, do remember however that it still isn't 'secure' since the messages can be forged easily enough.
>
> It might be worth considering a proposal I fielded about 2 years back on this list for a semi-encrypted asset shell.
>
> It's pretty simple - we encrypt all assets on upload, and we can then store the decoding key inside the inventory item. That way assets can be proxied for scaling, without increasing the risk profile. (as long as no-one starts copying the dec. keys)
>
> Adam
>
> > -----Original Message-----
> > From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
> > bounces at lists.berlios.de] On Behalf Of Teravus Ovares
> > Sent: Sunday, 1 February 2009 8:59 PM
> > To: opensim-dev at lists.berlios.de
> > Subject: Re: [Opensim-dev] AssetBase and metadata
> >
> > Is there any reason that we don't request items from the asset server
> > internally by the inventory UUID instead of the asset UUID?
> > Requesting assets by inventory UUID would make it a LOT simpler to
> > apply permissions at the trusted service level instead of at the
> > simulator level.
> >
> > Best Regards
> >
> > Teravus
> >
> > On 2/1/09, Mike Mazur <mmazur at gmail.com> wrote:
> > > Hi,
> > >
> > > On Fri, 30 Jan 2009 07:37:27 -0500
> > > Sean Dague <sdague at gmail.com> wrote:
> > >
> > > > It's fine for the object to be called AssetMetaData, just don't
> > make
> > > > the property that.
> > >
> > > On Fri, 30 Jan 2009 14:51:12 +0000 (GMT)
> > > MW <michaelwri22 at yahoo.co.uk> wrote:
> > >
> > > > I agree, I'd say call the class AssetMetaData, but just call the
> > > > property (in AssetBase) MetaData.
> > >
> > > Makes perfect sense. Thanks for the feedback.
> > >
> > > Mike
> > > _______________________________________________
> > > Opensim-dev mailing list
> > > Opensim-dev at lists.berlios.de
> > > https://lists.berlios.de/mailman/listinfo/opensim-dev
> > >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
More information about the Opensim-dev
mailing list