[Opensim-dev] Authentication and oAuth
Diva Canto
diva at metaverseink.com
Sun Mar 1 20:44:37 UTC 2009
As for documentation about CAPs in the Linden world... :-) there is
none, zip, nada. Even that simple question that Dirk asked on the sldev
list about inventory CAPs has been unanswered for 3 days.
This has been a guessing game, first by whoever did that part and then
by me as I started looking into teleports. All I know is that we can use
those client capabilities in a non-trivial manner to produce a more
secure system than what we have now. Specifically we can prevent regions
from teleporting users, which they could do maliciously, simply by not
giving them a seed cap.
Diva Canto wrote:
> I strongly recommend reading that paper I sent the reference to.
>
> The cool thing about CAPs on the web (and the reason why I'm excited
> about it, after knowing _of_ CAPs for 20 years and never really
> getting them) is that CAPs are URLs that can come and go dynamically.
> Most of the CAPs literature is within the field of operating systems,
> which is slightly different. Think of CAPs here as URLs that are
> dynamically created and revoked. If the URL is not there, you can't
> access the service even if you know about the URL.
>
> So yes, region A can get a one-time CAP for an item, and instead of
> using it, it passes it to region B. You have the same problem with
> Tokens: region A gets the authorized token, but instead of using it,
> passes it to region B. This is, as you say, a matter of certifying the
> receiver, which is a separate matter.
>
> It would be nice to have some security experts in this discussion...
> On my end I'm really excited with this idea of URLs that come and go
> in shared-secret URLs instead of fixed URLs+authentication+authorization.
>
> Tommi Laukkanen wrote:
>> Hello
>>
>> After reading a bit of that article and wikipedia about capabilities
>> based security it looks to me that the capability model requires
>> quite severe assumptions about environment they are used in. If I
>> understand the system correctly the capability framework has to be in
>> control of the client process capability list to stop it from forging
>> capabilities or altering them. This would work inside one operating
>> system but not in the internet? Even if there is somekind of
>> encryption scheme to avoid forgery the capabilities can be passed
>> around by internet client programs if they are not controlled
>> somehow. Thus if you give capability A to Alice, she can pass it to
>> Bob. I guess you can still work around this by signing the capability
>> to Alice. In the end this becomes quite complex way of writing a
>> certificate for Alice to do thing 1,2,3 to object X. If you consider
>> using this in any real system you end up with huge amount of these
>> capabilities (combination of subject, abilities and resource) which
>> you need to process.
>>
>> Is there a document on SL capabilities so I could knock some
>> knowledge in my head?
>>
>> regards,
>> Tommi
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090301/2db8976d/attachment-0001.html>
More information about the Opensim-dev
mailing list