[Opensim-dev] Authentication and oAuth

Diva Canto diva at metaverseink.com
Sun Mar 1 20:44:37 UTC 2009 

As for documentation about CAPs in the Linden world... :-) there is 
none, zip, nada. Even that simple question that Dirk asked on the sldev 
list about inventory CAPs has been unanswered for 3 days.

This has been a guessing game, first by whoever did that part and then 
by me as I started looking into teleports. All I know is that we can use 
those client capabilities in a non-trivial manner to produce a more 
secure system than what we have now. Specifically we can prevent regions 
from teleporting users, which they could do maliciously, simply by not 
giving them a seed cap.



Diva Canto wrote:
> I strongly recommend reading that paper I sent the reference to.
>
> The cool thing about CAPs on the web (and the reason why I'm excited 
> about it, after knowing _of_ CAPs for 20 years and never really 
> getting them) is that CAPs are URLs that can come and go dynamically. 
> Most of the CAPs literature is within the field of operating systems, 
> which is slightly different. Think of CAPs here as URLs that are 
> dynamically created and revoked. If the URL is not there, you can't 
> access the service even if you know about the URL.
>
> So yes, region A can get a one-time CAP for an item, and instead of 
> using it, it passes it to region B. You have the same problem with 
> Tokens: region A gets the authorized token, but instead of using it, 
> passes it to region B. This is, as you say, a matter of certifying the 
> receiver, which is a separate matter.
>
> It would be nice to have some security experts in this discussion...
> On my end I'm really excited with this idea of URLs that come and go 
> in shared-secret URLs instead of fixed URLs+authentication+authorization.
>
> Tommi Laukkanen wrote:
>> Hello
>>  
>> After reading a bit of that article and wikipedia about capabilities 
>> based security it looks to me that the capability model requires 
>> quite severe assumptions about environment they are used in. If I 
>> understand the system correctly the capability framework has to be in 
>> control of the client process capability list to stop it from forging 
>> capabilities or altering them. This would work inside one operating 
>> system but not in the internet? Even if there is somekind of 
>> encryption scheme to avoid forgery the capabilities can be passed 
>> around by internet client programs if they are not controlled 
>> somehow. Thus if you give capability A to Alice, she can pass it to 
>> Bob. I guess you can still work around this by signing the capability 
>> to Alice. In the end this becomes quite complex way of writing a 
>> certificate for Alice to do thing 1,2,3 to object X. If you consider 
>> using this in any real system you end up with huge amount of these 
>> capabilities (combination of subject, abilities and resource) which 
>> you need to process.
>>  
>> Is there a document on SL capabilities so I could knock some 
>> knowledge in my head?
>>  
>> regards,
>> Tommi
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>   
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090301/2db8976d/attachment-0001.html>

More information about the Opensim-dev mailing list