[sldev] Scalable Sim Question
lenglish5 at cox.net
Mon Aug 11 15:39:46 PDT 2008
> On Mon, Aug 11, 2008 at 8:58 AM, Lawson English <lenglish5 at cox.net
> <mailto:lenglish5 at cox.net>> wrote:
> I don't know about inefficient. If you think it is than why don't
> you contact ZEro and Zha and Tess and so on to help them fix the
> design or at least have them explain to me why my analysis is off.
> If I understand you correctly, every asset request by the client will
> be sent to the agent domain, which will contact the resource domain,
> fetch the asset, and forward it to the client.
Not what I meant to say. My understanding is that the pattern will
continue what is used for TP. The AD vouches to the asset server that
the client is really that specific agent that is rezzed currently in
that specific region/grid, obtains the initial seed cap for asset
transactions for that specific agent/region combo, passes it on to the
client, and then bows out. After that any communication involves the
client, region and asset server, not the AD. I would expect that there
are time limits on how long a given capability is valid and that once
the client logs out or leaves a given grid, the cap is deauthorized in
> That doesn't seem scalable.
> Are you sure you're interpreting the design correctly? It doesn't seem
> to me that the agent domain could be doing the proxying you're suggesting.
The details are murky to me, but I think that that is the gist of it:
The AD validates the client during initial login, and validates the
grids that the client visits. But it only performs introductions for the
initial connections with the various services. But that is enough to
make it the ultimate man-in-the-middle malware if it was untrustworthy
because it could grab the real CAP and pass a faux-CAP onto the client
and transfer whatever data the client is asking for to its own pirate
server before passing it on.
> And as far as "never" allowing something goes, I never said that.
> However, an Agent Domain is in a unique position to do mischief
> and has to be at least as trusted as the most trusted external
> grid that the SL servers agree to deal with.
> That means that you wouldn't ever be able to log on to Opengrid and
> teleport to Secondlife, no?
> Pirates Bay would be an extreme case, but the same logic would apply
> to every other agent domain.
Unless the Agent Domain has trust agreements in place with a specific
grid or set of grids, I don't think that you can log into an arbitrary
Agent Domain and automatically expect to get into any arbitrary region
(grid). This is certainly only MY interpretation of things, and I may be
totally out there as far as my understanding of the design goes. But I
think I'm right. The AD is the keeper of the accounts of multiple
agents. It must be deemed trustworthy by wide range of destination
regions AND a wide range of asset servers and other services and not
just by default, but only by agreements/contracts/certificates/whatevers.
More information about the SLDev