[sldev] Permissions - A content creator's view

[John Hurliman]

Callum Lerwick wrote:
> On Mon, 2007-09-24 at 14:05 -0400, michi at luskwood.org wrote:
>   
>> 1) A simple trust level - Servers that connect to the SL grid at least
>> should purport to follow a similar level of standards (i.e., 'listening'
>> to perms) as the SL grid. Of course, someone could lie. But this at least
>> establishes intent and a norm.
>>
>> 2) I think an extension of permissions to give the ability to comply with
>> copyright as well as copyleft should exist. In addition to "no copy", "no
>> transfer", "no modify"; we could indeed have "may not set nomod" or "may
>> not set no transfer". And the eternally asked-for "may not charge money
>> for trasfer".
>>
>> 3) Grid level permissions, i.e., "May rez/attach on a trusted grid" vs
>> "May rez/attach only on SL grid" or , "May rez/attach anywhere".
>>     
>
> The problem here, except maybe in the case of scripts, is all this
> "trusted grid/sim" stuff is a red herring. The real "problem" here is
> untrusted *clients*. Something you can not prevent short of a Trusted
> Computing system. How can you prevent someone from "right click,
> save"-ing an avatar, then re-uploading it as new content on whatever
> "untrusted grid" they wish? Its how the web works now, why should
> "future SL" be any different?
>
> There is no technical solution to this. Only a social one.
>   

There is a technical solution to this problem, and I think we should use 
existing standards wherever possible. All SL clients should adhere to 
RFC 3514 (http://www.ietf.org/rfc/rfc3514.txt) and any client that plans 
on not obeying any permission bits should be setting their security flag 
to 0x1 in any simulator connections. That way we can achieve the same 
level of security and honor system provided by the current protocol, but 
in a more open standards fashion.

John Hurliman