[sldev] Re: Viewer Auth Feedback

[dirk husemann]

Nicholaz Beresford wrote:
>
> Tateru Nino wrote:
>>> -----------------------------------------------------------------
>>>
>>> Password manager for Nicholaz Beresford
>>>
>>>          Forum   Wiki  Account  inworld-restricted  inworld-full
>>> aaa111    [x]    [x]    [ ]      [x]                  [ ]
>>> q$44&9A   [ ]    [ ]    [x]      [ ]                  [x]
>>>
>>> [add Password]
>>>
>>> -----------------------------------------------------------------
>>>
>> Personally, I'd like to get out-of-band confirmation for the exercise of
>> capabilities. An email with a link, for example, before rezzing an
>> object, or doing anything that debits my account, or much else other
>> than walking and talking. So I can configure which ones are always on,
>> never on, or that the system has to ask me out-of-band to grant for the
>> rest of the session.
hmm...getting an email for rezzing objects sounds to me a
bit...well...clunky. and it certainly breaks any immersive experience.
not sure we want that (well, i don't for one).
>
> Only if you can't use the password (the one which you gave the viewer)
> to reconfigure these options.  If 3rd party viewer security is the goal,
> the only way to enforce that, is (like everything these days) server
> side by not allowing the viewer to do specific things.
in the end it comes down to trust: whose viewer do we trust? i'd trust a
viewer that's available as open source and has been widely vetted and
examined for security holes. i'd probably have my reservations about joe
random's viewer-from-the-basement that's closed source and was just
released yesterday...i might trust a viewer that i've written (then
again, knowing me, i might not).

    cheers,
    dirk

-- 
dr dirk husemann, pervasive computing, ibm zurich research lab
--- hud at zurich.ibm.com --- +41 44 724 8573 --- SL: dr scofield