[Opensim-dev] Accessing textures via HTTP [bayes]

Justin Clark-Casey jjustincc at googlemail.com
Wed Mar 18 19:24:23 UTC 2009 

+1 from me too - I think there may well be uses of OpenSim where one may want to do the opposite of securing assets and 
actually make them as accessible as possible.

Configurability is key.


Stefan Andersson wrote:
> General +1's, cheers and yays.
> 
> Best regards,
> Stefan Andersson
> Tribal Media AB
> 
> 
> 
>  
> ------------------------------------------------------------------------
> Date: Wed, 18 Mar 2009 11:38:41 -0700
> From: diva at metaverseink.com
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] Accessing textures via HTTP [bayes]
> 
> The road to security is like an obstacle course in the Olympics. The 
> obstacles range from really easy (what's happening out there with 
> OpenID, and the current opensim access to inventory) to really hard 
> (have the server disconnected from the public network and require the 
> physical presence of users in the server room). Honestly, I don't think 
> OpenSim should decide on "the right" level of hardship -- that should be 
> up  to the people who set up grids to decide.
> 
> What we can do is to provide a few reasonable function points along that 
> obstacle course. And I think that one of those points is, indeed, the no 
> obstacles whatsoever -- there are many use cases for OpenSim where 
> security is not an issue; standalone applications, for example, and 
> applications purely inside firewalls.
> 
> Having said that, I think this discussion is diverging. The issue at 
> hand here is MXP, and what Tommil/Dahlia want to do in the Idealist 
> viewer with respect to images. Given how easy it is to configure things 
> in OpenSim, this discussion is theirs. OpenSim does not need to (and 
> should not) converge to one single strategy. Make it configurable, always.
> 
> Kyle Hamilton wrote:
> 
>     I was under the impression that the asset server was going to require
>     authentication regardless.  It would be possible to keep track, for
>     each agent, what textures have been 'authorized' (by being in view).
>     Remember, we can't protect content in the cache of the client, and the
>     client can be hostile.  Anyone can do it, and it doesn't matter what
>     kinds of roadblocks are put in the way.
> 
>     This is why some means of detecting copyright violations is necessary.
>      I'm sorry that my proposal, 6 months ago, was dropped.  It seems to
>     be the only sustainable way to ensure that these kinds of violations
>     get noticed.
> 
>     -Kyle H
> 
>     On Wed, Mar 18, 2009 at 11:08 AM, Dahlia Trimble
>     <dahliatrimble at gmail.com> <mailto:dahliatrimble at gmail.com> wrote:
>       
> 
>         The current j2k assets transferred over via the xfer protocol provides a
>         rudimentary protection for texture assets. Opening the doors to jpeg
>         textures via http effectively makes all textures available for download by
>         any web browser. This is significantly reduced asset security and may
>         violate license distribution agreements for existing texture assets.
>         Any position to reduce asset security in such a manner may be seen as
>         hostile toward copyright holders of existing content.
>         Personally I will *not* allow any of my non-open content to be distributed
>         in this manner.
> 
>         On Wed, Mar 18, 2009 at 10:57 AM, Tommi Laukkanen
>         <tommi.s.e.laukkanen at gmail.com> <mailto:tommi.s.e.laukkanen at gmail.com> wrote:
>             
> 
>             I would not go so far that I would suggest we should go and try to
>             protect our assets by using semi supported image format instead of
>             well supported format...
> 
>             -Tommi
>             _______________________________________________
>             Opensim-dev mailing list
>             Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>             https://lists.berlios.de/mailman/listinfo/opensim-dev
>                   
> 
>         _______________________________________________
>         Opensim-dev mailing list
>         Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>         https://lists.berlios.de/mailman/listinfo/opensim-dev
> 
> 
>             
> 
>     _______________________________________________
>     Opensim-dev mailing list
>     Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>     https://lists.berlios.de/mailman/listinfo/opensim-dev
> 
>       
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev


-- 
justincc
Justin Clark-Casey
http://justincc.wordpress.com

More information about the Opensim-dev mailing list