On Jul 19, 2006, at 11:37 PM, Jesse Nesbitt wrote:
Wow, a RESTfull API. That's really cool. Could you give us an example of a "capability" that would be provided by said web service? (BTW, Great to have LL "on-board" so to speak) --Jesse
I'll sketch a rough overview of one of the first things we're planning on doing.
One of the things the viewer does is display a map. Right now, as many of you may know, there is a message in the message system for this. The viewer sends this message to the sim it is connected to. However, the sim does not have the map data, so it must request it from the data server. The sim then splits this data up (it is a large amount of data about which tiles go where) and shuttles it back across the message system, breaking it up in order to fit in UDP packets, handling the retry because UDP is unreliable. Since there is so much map data, this lags the sim while it makes sure the viewer gets the map data it needs, preventing other more interesting activities from taking place in the sim.
So, how can we apply capabilities to this system? Well, the viewer has a trusted connection to the sim, and the sim has a trusted connection to the data server. This is why in the old system, all the data had to be shuttled through the sim to the viewer, instead of directly from the data server to the viewer. We couldn't allow arbitrary viewers to request arbitrary data directly from the data server. We will use capabilities to _delegate authority_ from the sim to the viewer.
When a viewer connects to the sim, once the sim has determined that it trusts the viewer, the sim will _grant a capability_. This process is very simple -- the sim simply goes to the _capability proxy_ and says "I would like to allow someone to access a url on the data server". The capability proxy makes a new unguessable url, creates a mapping between this _public_ url and the _private_ url, and returns it to the sim.
At this point, there is now a URL which anyone in the world can request to get map data directly from the data server (through the public capability proxy). However, nobody but the sim knows it. The sim then _delegates authority_ by giving this url to the viewer. The viewer can now request the map data directly from the data server (through the public capability proxy), bypassing the sim entirely and leaving more CPU and network bandwidth for more interesting sim tasks!
One more thing, if the sim ever decides it doesn't trust the viewer any more, perhaps because the agent got kicked from the sim, the sim _revokes_ the capabilities it had previously granted by telling the capability proxy to break the link between the public and private urls. After this point, nobody who possesses the old capability url can use it to get map data any more!
Donovan _______________________________________________ libsecondlife-dev mailing list libsecondlife-dev@gna.org https://mail.gna.org/listinfo/libsecondlife-dev
