[Opensim-users] List of banned viewers for config files?

Akira Sonoda akira.sonoda.1 at gmail.com
Tue Aug 21 10:32:45 UTC 2012


2012/8/20 Justin Clark-Casey <jjustincc at googlemail.com>

> I think serving assets directly from the service would be very interesting
> rather than having to route through the simulators.  I will note that
>

Nice !!!


> 1.  It would place more load on the service since simulators wouldn't act
> as asset caches.  I suspect this isn't a huge issue bearing in mind the
> ability of webservers to cope with massive loads.  And potentially some
> other service/process separate from the asset service could actually deal
> with GetTexture/GetMesh, though this is getting more complicated
>

Yeah i am thinking of a separate process which deals with those
GetTexture/GetMesh calls ... caching would be key, because in a globally
distributed grid you don't want to hammer the central asset server with
requests. There are solutions around like ehcache (http://ehcache.org/)
with some interesting features


> 2.  Security of asset fetching will be different.  Fetches are 'secure'
> because the capability contains a random UUID component only given to a
> particular session.  This in turn comes from the seed cap generated by the
> login service and passed along to the simulator, that the viewer uses to
> fetch specific capabilities (e.g. GetTexture, GetMesh).
>

It depends how much security is needed ... if only authenticated clients
are allowed to access the "Asset Srvice" there are means for securing that
access using a system like Kerberos. During the login process the client is
authenticated and gets a Kerberos ticket which will be presented to the
"Asset Service" ( i place the word Asset Service in doublequotes because
the client should actually deal with a local AssetServiceCache Thing ). If
the Kerberos Ticket is not valid no access is given. Just an idea floating
around in my mind.

More finer grain access to the assets is possibly not necessary otherwise
some autorisation mechanism has to be in place. But those assets are
inherently protected by the means of the simulator and that's another
story. There might  issues to solve here as well.

If the asset service (for instance) is dealing with GetTexture or GetMesh,
> then to be secure, it has to be passed the valid GetTexture/GetMesh
> capability URLs which the viewer will later fetch from the SEED Capability
> URL, or enough data to generate them correctly.
>
>
> On 18/08/12 16:07, Akira Sonoda wrote:
>
>> Right now I am thinking of factoring the whole HTTP stuff out of the
>> OpenSim into a separate Process, in order to have
>> OpenSim doing what it can best, acting as a Region Server calculating
>> physics and executing scripts and serving legacy
>> UDP Packets to the Viewers. I hope to be able to start a Proof of Concept
>> rather soon. In parallel I will do further
>> testing with the different viwers and the different combination in order
>> to get further insights.
>>
>
>
> --
> Justin Clark-Casey (justincc)
> http://justincc.org/blog
> http://twitter.com/justincc
> ______________________________**_________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/**mailman/listinfo/opensim-users<https://lists.berlios.de/mailman/listinfo/opensim-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-users/attachments/20120821/2de7ff6e/attachment.html>


More information about the Opensim-users mailing list