[sldev] Re: [ARCH] Permissions

[John Hurliman]

Argent Stonecutter wrote:
>
> From: "Andre Roche" <roamingryozu at gmail.com>
>> With that question in mind, is there good reason why at least a
>> cursory permissions system with cursory enforcement by the official LL
>> client shouldn't be standard, aside from the DRM just doesn't work
>> argument?
>
> I can't think of any, so long as it's possible for the region to 
> notify the client what permissions apply in that region where they 
> don't match the SL standard... so you don't get to CompletelyOpenGrid 
> and discover that the client is keeping you from reading the source to 
> a script just because it's in an object you don't own.
>
> That is, I think the policy needs to be that the region is the arbiter 
> of permissions, and the creator of an asset is the arbiter of what 
> kind of regions they're willing to let their content be delivered to, 
> and the architecture should make sure that this is possible.
>

I agree with you, I think there was a general consensus at the 
architecture working group meeting that there needs to be a concept of 
domain trust that applies to transferable assets. I don't want to get 
that issue confused with the bitmasks being sent to clients that is 
supposed to pass as a permission system though. Something like that can 
easily be implemented through an extension. Just like on the web you can 
add Javascript to disable right-clicking of images which is a fine honor 
system, but there is nothing in the HTTP protocol to attach permission 
bits to html and images.

Domain trust != bitmasks being sent to the client

John Hurliman