[Opensim-dev] Global identifiers
Melanie
melanie at t-data.com
Tue Aug 31 13:01:04 UTC 2010
This isn't an issue, the URL includes the authority, so no malicious
collisions are possible unless the UUID is used in isolation. That
should not be done. If a resource is to be used in a contect where a
local identifier is required, a new UUID should be generated and
attached to the URI, then that should be used. Never trust the UUID
in the URI for anything but calling the URI itself.
Melanie
Karen Palen wrote:
> It was buried in another post, but I maintain that the definitive problem is
> not th eone where the "authority" simply disappears (wait to update the
> cache), but where there are multiple "authorities" claiming the same UUID!
>
> There are numerous reasons why this could happen, ONE of which is
> "malfeasance" (fraud)!
>
> More likely is the case where the cached "authority" is very much out of
> date and there have been several changes since the last cache update! In
> some situations this could happen in only a few minutes!
>
> Every other case resolves to (a) it is in the cache (update whenever we can)
> or (b) the (single) authority can tell us what we should use as the
> "name"/UUID
>
> While Diva has pointed out that EVERY "name" is really a UUID (not obvious
> in the "global" case) many of the comments imply that the "name" is some
> arbitrary text string!
>
> I claim that Diva is exactly correct - the UUID *IS* the name BOTH global
> and local, and the "text string" (of whatever form) is merely the "human
> compatible liveware" version. ANYTHING else leads to an enormous number of
> identity collisions!
>
> I think that it is all available in the "open" literature now, but in the
> 1960's/1970's the US Military spent an enormous effort ($$$) to be certain
> that the person with the badge "General Jack D. Ripper" really WAS that
> person! With Nuclear Weapons the stakes really ARE that high!
>
> Our problem is very similar although not with such dramatic consequences.
>
> Karen
>
> On Tue, Aug 31, 2010 at 1:17 AM, Ai Austin <ai.ai.austin at gmail.com> wrote:
>
>> myticaldemina makes a lot of good points... one thing that could be
>> problematic though relates to this comment...
>>
>> From: <mysticaldemina at xrgrid.com>
>>> ...I would suggest any
>>>
>>> proxies would give the external system and identifier and not chain proxy
>>> to
>>> proxy unless there is a reason to do it, and the assets should be copied
>>> from the original source.
>>>
>>
>>
>> I agree with the first half... no chains, just hand over the external
>> system "authority" and its given identifier pair for the identity involved.
>>
>> But I don't agree at all with the idea that you then have to get the asset
>> from that original authority. The permissions could have changed,
>> corruptions could have occurred or much more likely the authority simply
>> will no longer be there. The asset "as is" (with its textures, scripted
>> content and what not) should be provided to the destination location/grid if
>> the object permissions allow it, with proper transfer of the permissions to
>> next owner exactly as if an avatar to avatar transfer or rez in world took
>> place on the local grid, without trying to reload the asset from an original
>> source.
>>
>> .
>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
More information about the Opensim-dev
mailing list