On Wed, Apr 15, 2009 at 6:40 AM, Diva Canto <[email protected]> wrote: > As I zoom in on issues of trust and security, I'm getting to the point > where I need a sharp definition of "grid". What is a grid, besides being > a map/lookup service and a user accounts service? > > a) nothing more than that > b) a trust domain > > If we choose b) then we need to think about OSGrid-like grids. How can > we trust that a collection of regions administered by different people > will behave? Can OSGrid-like grids survive without ToS being signed > between the grid operator and the region operators? What if the ToS is > such that it delegates to the region admins any liability on bad things > happening in their regions? -- that leaves the user with no central > authority to complain, which is as good as not having a trust domain. >
Linked domains tend to generate trust in two ways: 1) Self organising Data and UGC is built up over time and often specialists come on top to provide some kind of ranking metric Examples: the www and google, the blogosphere and technorati, web of trust, last.fm and audioscrobler etc. 2) Centralized Heirarchical Examples: SSL and root CA's, Anti Virus and Norton etc. The centralisation model works if you incenitvise people to offer that service. The decentralised method also works if you put the data out there and it becomes useful to remix. > If OSGrid-like grids (i.e. no contracts, or very loose ones; just a map > service) are to exist, then it's clear that b) doesn't hold in general. > It means that there can be grids that are simply a collection of regions > that come together in virtual space, but whose trustworthiness as a > whole doesn't exist. The same is true on the web as a whole, but somehow the untrusted documents get visited less, right? > > The Hypergrid is specifically designed to cross trust boundaries. Should > the OSGrid-like grids become HG-ed sims that share the same map, and let > "grids" be, fully, trust domains? > > You may think I'm getting into philosophy, but this is critical for the > technical work I'm doing right now related to authentication, > server-side vs client-side authority, etc. If we can assume that a > "grid" is a uniform trust domain with a central authority, things will > be simpler in many ways. If not, things will be a bit more complicated. Does SSL / PKI cover all of the points that you illustrate? You are flexible to chose client side and server solutions, either with central signing or self signing (note: self signed certificates are free). An asymmetric key technology allows the client to authenticate and sign. You can use this for self authentication, lookup of public credentials, access control etc. Im guessing that for secuirty/trust you will either have to use SSL or something like it, if so, why not leverage what's already been written and tested. What use cases are potentially not solved? > > Thoughts? > > > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev > _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
