Diva Canto wrote: > I confess I didn't understand CAPs until they hit me in the head > yesterday. I always knew the way we were using them was "wrong" in the > sense that it defeats their purpose of being security devices. Yes, the > viewer doesn't complain, but they are mute for security purposes. So, > really, I'm just trying to find the right story for them in the context > of this black-box viewer, and starting from basic principles. It seems > that there are many ways of managing capabilities, one of them being > what we are doing now. I have no idea how Linden Lab does it; but that > doesn't matter. What matters is that this viewer has some buttons that > we can push -- not all the buttons we would like, but some. > > Maybe capabilities are, indeed, a nifty idea, after one gets passed the > initial "this is way too complicated" phase. Maybe other viewers would > use them too, if we have a simple story for them. I really like their > model of using secret URLs for accessing security-critical services -- > that's very nice.
...and CAPS should have a limited live-time and need be renewed every so often. i've always liked the CAPS idea... -- dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab SL: dr scofield ---- [email protected] ---- http://xyzzyxyzzy.net/ RL: [email protected] - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/ _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
