[Opensim-dev] Identity Management, Inventory Management and Asset Management from MXP Perspective

Mon Mar 9 20:21:48 UTC 2009

Hello

I have tried to collect a viewepoint from MXP perspective to the
OpenSimulator UGAIM architecture discussion. This text is based on the
discussion on this list and on formulation of an overall picture using
MXP terminology. I would like to hear your comments. Have I understood
things correctly and written it in understandable form? Is there
problems or mistakes on how I wrote the things down?

When we had the previous MXP version ready our conclusion was that we
needed some serious contribution from OpenSimulator to help fill in
the blank spots. I am happy to say that both technical details and
missing architecture areas have come to focus as a result of working
with OpenSimulator and reading this list.

Identity Management

Identity management, authenticaton and authorization are well
established areas. Identities are managed by open identity providers.
Participant identity consists of identity provider URI and participant
UUID. Participant may authenticate to identity provider by any means
available. Identity provider hands out one time tokens to participant.
These tokens are then used to to authenticate to bubbles and other
services. Bubbles and other services verify the tokens by invoking
verification requests to the identity provider. See OpenId and OAuth
for detailed description.

Inventory Management

Inventories are analogous to remote file systems with metadata
support. User has own directory where data can be stored. The
inventory service is not bound to identity provider or home bubble but
can be freely acquired from any compliant provider. Each user and user
group can have zero to many inventories. If no inventory is available
for user it is not possible to store data to inventory.

Asset Management

Asset management, storage and delivery are challenging from
ideological, theoretical and engineering view points. MXP is not an
asset delivery protocol. In ideological level it is enough to state
that any asset can easily be extracted with a specialized client.
Because of this there is no feasible technological way to absolutely
protect assets in an open system. MXP currently relies on the same
model as world wide web does. If a better model is introduced it will
be adopted. In practice this means that assets are delivered to all
connected participants by the asset cache of a bubble over HTTP.
Original assets are stored in an inventory of user or organization.
When user creates an object he assigns his own inventory or an
organization inventory to the object. The assigned inventory contains
assets of the object. This inventory is then used by bubble to load
the assets to local cache for further delivery to clients. In this
scheme the asset distribution is load balanced through bubbles and
inventory owners can control spread of their objects by limiting the
bubbles which may access the inventory in question. Asset ids are all
always assigned by inventories according to the proper UUID generation
algorithm which will effectively remove threat of id collisions
between assets from different inventories. See OpenSimulator
AssetServer Proposal for detailed description of protocol proposal.

- Tommi