[Opensim-users] Call to discussion: code environment [Was: recent secondlife client versions don't support OSSL functions]

dr scofield drscofield at xyzzyxyzzy.net
Sat Sep 27 13:18:19 UTC 2008 

John Ward wrote:
> Dr Scofield wrote:
>   
>> Diva Canto wrote:
>>     
>>> Seriously, my group here has been experimenting with all sorts of
>>> completely different clients to get/post all sorts of different things
>>> from/into the world. Once the Http server was made accessible to region
>>> modules, there's no limit to what can be done, really... But for this to
>>> scale beyond experimentation, we need to figure out trust.
>>>       
>> no. we need to have clear protocol specs and our grids need to be coded in such
>> a way that they guard themselves.
>>
>> trust comes in at much higher level (for example, do i trust that grid to adhere
>> to the licenses i attach to my objects?). trust should never replace caution and
>> self-defense.
>>     
>
> Trust is the inseparable heart of any permissions based system.  One 
> needs ways to establish trust to set appropriate permissions at what 
> ever level they come up.   One might have their system codified to 
> control all actions, but that's often not the case or necessarily the 
> goal.  If I want someone to participate I may have to allow them 
> potentially negative actions to participate.  Sometime you can't code 
> around that.  Without some tools for building trust I will likely need 
> to caution and defend others from participation.  Trust can be a more 
> powerful tool then caution and defense.
>   
i'm not arguing against trust. the discussion started with the
observation that 1.21 series clients do client side vetting of scripts
--- and then we got into discussing whether an explicit trust
relationship would somehow help.

my points are:

    * to build a robust internet connected system we cannot assume
      benign clients (even if they present a certificate), we have to
      build our servers such that they are able to defend themselves;
      for example, assuming (and relying on  that assumption) that the
      client is only going to present vetted code to me as a server, is
      very bad design
    * trust relationships come in at a different level; for example, at
      the permission level.

    dr scofield

-- 
dr dirk husemann ---- math & computer science ---- ibm zurich research lab
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/ 
SL: drscofield at xyzzyxyzzy.net --------------------- http://xyzzyxyzzy.net/

More information about the Opensim-users mailing list