[sldev] Scalable Sim Question

[Lawson English]

Argent wrote:
> On Mon, Aug 11, 2008 at 8:58 AM, Lawson English <lenglish5 at cox.net 
> <mailto:lenglish5 at cox.net>> wrote:
>
>     I don't know about inefficient. If you think it is than why don't
>     you contact ZEro and Zha and Tess and so on to help them fix the
>     design or at least have them explain to me why my analysis is off.
>
>
> If I understand you correctly, every asset request by the client will 
> be sent to the agent domain, which will contact the resource domain, 
> fetch the asset, and forward it to the client.

Not what I meant to say. My understanding is that the pattern will 
continue what is used for TP.  The AD vouches to the asset server that 
the client is really that specific agent that is rezzed currently in 
that specific region/grid, obtains the initial seed cap for asset 
transactions for that specific agent/region combo, passes it on to the 
client, and then bows out. After that any communication involves the 
client, region and asset server, not the AD. I would expect that there 
are time limits on how long a given capability is valid and that once 
the client logs out or leaves a given grid, the cap is deauthorized in 
some way.


>
> That doesn't seem scalable.
>
> Are you sure you're interpreting the design correctly? It doesn't seem 
> to me that the agent domain could be doing the proxying you're suggesting.
>  
The details are murky to me, but I think that that is the gist of it:

The AD validates the client during initial login, and validates the 
grids that the client visits. But it only performs introductions for the 
initial connections with the various services. But that is enough to 
make it the ultimate man-in-the-middle malware if it was untrustworthy 
because it could grab the real CAP and pass a faux-CAP onto the client 
and transfer whatever data the client is asking for to its own pirate  
server before passing it on.


>     And as far as "never" allowing something goes, I never said that.
>     However, an Agent Domain is in a unique position to do mischief
>     and has to be at least as trusted as the most trusted external
>     grid that the SL servers agree to deal with.
>
>
> That means that you wouldn't ever be able to log on to Opengrid and 
> teleport to Secondlife, no?
>
> Pirates Bay would be an extreme case, but the same logic would apply 
> to every other agent domain.
Unless the Agent Domain has trust agreements in place with a specific 
grid or set of grids, I don't think that you can log into an arbitrary 
Agent Domain and automatically expect to get into any arbitrary region 
(grid). This is certainly only MY interpretation of things, and I may be 
totally out there as far as my understanding of the design goes. But I 
think I'm right. The AD is the keeper of the accounts of multiple 
agents. It must be deemed trustworthy by wide range of destination 
regions AND a wide range of asset servers and other services and not 
just by default, but only by agreements/contracts/certificates/whatevers.


Lawson