[Opensim-dev] Trust & distributed grids

Impalah Shenzhou impalah at gmail.com
Wed Nov 25 18:07:17 UTC 2009 

Correct me if I'm wrong, please.

X.509 is based on Certificates (and Certification Authorities, and so on),
so instead of having central servers for authentication, will be created a
"ring of trust": I have a certificate from a trusted authority, I can use
some services from the "trusted domain"...

OAuth is quite similar, so the concepts are "trusted domains" and
"certification authorities", isn't it?

Anyway, it's just another way of authentication: I send a certificate
instead of an user/password pair. The "central servers" (users, inventories,
grid...) won't dissappear, only the way they talk each other for sharing
"services", I think


Greetings



2009/11/25 Infinity Linden (Meadhbh Hamrick) <infinity at lindenlab.com>

> this is what we're thinking we're going to do in VWRAP.
>
> we're going to define an authentication service that's run by the agent
> domain. (for peeps new to VWRAP, a "domain" is a collection of network hosts
> with the same "administrative authority." the "agent domain" is a domain
> that provides mostly "agent related" services, including the authentication
> service.)
>
> individual users will authenticate against this authentication service.
> then some magic happens and the user's avatar is placed in a region in a
> region domain.
>
> the "magic" that happens after user authentication and before the user's
> avatar gets placed is that the agent domain has to figure out the service
> URL of the region to place the avatar, and that region has to figure out if
> it trusts that agent domain.
>
> so the current expectation is that we'll probably have a couple large agent
> domains like secondlife, OSGrid, etc. and maybe even a few managed by large
> companies for the benefit of their employees. once the user's client
> application is authenticated to the agent domain, the client application may
> request that the agent domain place the user's avatar in a region. (note!
> with VWRAP, you can be authenticated to an agent domain for the purpose of
> participating in group chat or inventory manipulation without being rezzed
> in world.)
>
> and here's where it gets mildly funky. the agent domain and the region
> domain need to have _some_ level of trust with each other, or they have to
> be explicit about the fact that they trust everyone. agent domain
> authorities may not want to rez an avatar in an untrusted region. the
> canonical example of this is second life not wanting to rez an avatar and
> all it's attachments in the "pirate bay" region. some regions may not trust
> all agent domains. consider a series of regions administered by IBM, for the
> purpose of transacting IBM business. i'm not an IBM employee, but it seems
> reasonable they would like to know who's rezzing in their regions, so they
> may establish a policy of only allowing people with accounts on IBM's agent
> domain to be able to rez in their region domain.
>
> there are currently two proposals for managing this trust. the first
> utilizes PKIX (which is a subset of X.509) to define semantics for
> interpreting the subject name of client side certificates in transactions
> carried over HTTPS. the other is the use of OAuth for one domain to
> explicitly grant access to another domain's systems for a particular
> purpose. both systems look like they're going to be fully specified, giving
> deployers a choice as to which auth scheme they want to use.
>
> -cheers
> -meadhbh
>
> --
>   infinity linden (aka meadhbh hamrick)  *  it's pronounced "maeve"
>         http://wiki.secondlife.com/wiki/User:Infinity_Linden
>
>
> On Tue, Nov 24, 2009 at 06:59, Impalah Shenzhou <impalah at gmail.com> wrote:
>
>> Ok, maybe it's a misunderstood. I will try to explain what I wanted to
>> know:
>>
>> Imagine 100000 region servers pretending to be a grid.
>>
>> What I understood from Morgaine comment:
>>
>>             Opensim needs decentralized / distributed mechanisms for *
>> identity,
>>
>> * was
>>
>> "I have entered that grid, my authentication was managed by one region
>> server. When I try to jump to another region in the same grid I have to
>> authenticate again in the region server and that region server must contain
>> my data to authenticate me again".
>>
>> Nowadays is like: Enter in a grid, being authenticated by a common user
>> server, when I want to jump to another region in the grid, I don't need to
>> authenticate me again.
>>
>> What I understand with "descentralized" is: each opensim servers has the
>> mechanisms to authenticate an user even when it is part of a grid.
>>
>> And that is what I don't understand: why? why not to surrogate the
>> authentications to specialized and centralized servers.
>>
>> And that was the reason for my question about OpenID, maybe this is a
>> system considered "decentralized".
>>
>>
>> Anyway I can't see anything bad on centralized servers. If anyone wants to
>> enter in my server he/she have to follow my rules; if I have 1000 servers, I
>> provide you with a common auth mechanism for accessing all of them.
>>
>> Or maybe I am completelly wrong.
>>
>>
>> Greetings
>>
>>
>>
>>
>>
>> 2009/11/24 Robert A. Knop Jr. <rknop at pobox.com>
>>
>>> I don't know that this really *is* offtopic, unless it's already a
>>> settled issue amongs the OpenSim devs.
>>>
>>> On Tue, Nov 24, 2009 at 02:19:20PM +0100, Impalah Shenzhou wrote:
>>> > I could trust in you, but you need to tell me "you are really you" with
>>> a
>>> > local login (i.e. email headers can be altered to impersonate as
>>> another
>>> > person) or someone I trust should tell it to me (i.e. OpenID).
>>>
>>> Do you have any personal web pages anywhere?  Do you run any CGI or any
>>> PHP there?  Do you identify everybody who comes there?  That's the
>>> analogy we should think about.  Yes, we need a secure infrastructure so
>>> that only the small number of people you *really* trust can do scary
>>> things.  But at the level of running regions -- well, you may be using a
>>> hosting provider, or you may be hosting yourself, but you don't need
>>> full and complete trust that everybody is who they claim to be just to
>>> connect to the world.
>>>
>>> --
>>> --Rob Knop
>>>  E-mail:    rknop at pobox.com
>>>  Home Page: http://www.pobox.com/~rknop/<http://www.pobox.com/%7Erknop/>
>>>  Blog:      http://www.sonic.net/~rknop/blog/<http://www.sonic.net/%7Erknop/blog/>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.9 (GNU/Linux)
>>>
>>> iD8DBQFLC+pcfEn1oMJSrdsRApVqAKCGz8o5gt7vEqvl3HJK07jftpLi5wCg56g+
>>> oq1mcfGvljoH5K0Y6X/WX9M=
>>> =bh/M
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>>
>>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20091125/8bb894cd/attachment-0001.html>

More information about the Opensim-dev mailing list