[sldev] Scalable Sim Question
spot at napalmriot.com
Tue Aug 12 21:10:43 PDT 2008
I don't post on here much, but I've been following your discussion and
this one is burning in the back of my mind.
Since we are more or less dealing with virtual 'worlds' here, doesn't it
make some sense to base trust/authority on how well a particular grid is
governed? Much like travel/extradition agreements between national
entities. Do you let people from this foreign country into your country?
Can that depend on how quick that foreign entity is to enforce things
you care about, such as copyright issues, etc?
I am kind of running on a impulsive train of thought here. Feel free to
smack me down.
> On Mon, Aug 11, 2008 at 5:39 PM, Lawson English <lenglish5 at cox.net
> <mailto:lenglish5 at cox.net>> wrote:
> it could grab the real CAP and pass a faux-CAP onto the client and
> transfer whatever data the client is asking for to its own pirate
> server before passing it on.
> Good point.
> But... that raises another question.
> If the CAP can't be authenticated as being from the region domain you
> think you're connecting to then any kind of transproxy will have the
> same problems... and the point of a transproxy is that you don't know
> it's there. That's why SSL requires certificate authorities and PGP
> requires the web of trust and SSH requires an unchanging host key.
> Unless the Agent Domain has trust agreements in place with a
> specific grid or set of grids, I don't think that you can log into
> an arbitrary Agent Domain and automatically expect to get into any
> arbitrary region (grid).
> I'm not sure that buys you much practical protection, so long as you
> can get a free account on SL with no meaningful authentication, since
> it's unlikely that there will be any regions that refuse to allow
> logins from the Second Life agent domain.
> It must be deemed trustworthy by wide range of destination regions
> AND a wide range of asset servers and other services and not just
> by default, but only by agreements/contracts/certificates/whatevers.
> What I'm saying is that the AD really can at most be trusted to
> provide a unique name and UUID that it guarantees represents the same
> person each time it's used.
> Policies and (un)subscribe information available here:
> Please read the policies before posting to keep unmoderated posting privileges
More information about the SLDev