So here is where we leave the Internet and get back to Second Life and interoperability standards between grid operators. A quick look at the MMOX Charter will show you that at least two types of documents will be produced: a set of protocols for information interchanged, and a more cryptic document, usually not mentioned on the many blog posts around this subject, which is named PKIX Profile for Inter-Simulator Communicaton Draft.
This latter document is a proposal mostly by Zha Ewry and with strong support of Zero Linden. It defines how public key cryptographic signatures ought to be exchanged between grid operators so that you can establish policies. For a grid operator, it means you’ll only accept data coming from another grid operator of whom you’ve got a valid key. And that key is only sent to someone who has agreed to sign a policy agreement with you. Prokofy Neva talks mostly about content protection, but there is a lot more than that to be placed on a policy agreement.
Here are some typical cases. Imagine that an avatar is banned on LL’s grid, and that LL signs a policy agreement with IBM. It’s pretty obvious that LL wants that avatar to be banned on IBM’s grid as well — just think about that avatar being someone who usually copies content. Clearly, “running away to IBM with all content” and getting banned on LL’s grid is not enough: that avatar has to remain banned on IBM’s grid too. Another example, of course, is cross-grid economics: LL doesn’t want that IBM “creates L$ out of nothing” and then the avatars can jump over to LL’s grid with lots of freshly minted L$ to spend. So that would also be regulated by a policy agreement, too.
But there is more. In fact, LL might enforce things like compliance with LL’s own ToS on remote grids. While you abide by LL’s ToS, you can keep your grid connected to LL’s own; but if any of your grid’s residents violates ToS, and you, as the grid operator, refuse to enforce LL’s ToS, LL will revoke your key and you lose the ability to interconnect.
Now, a lot of discussion has been flowing around the MMOX mailing list (as said, it’s a full-time job just to follow it), but it’s clear that people want to mix up permissions in the protocol layer, while IBM/LL are supporting it mostly at the policy layer. Why? The policy layer is enforced in courts of law and the ultimate penalty is to shut down the grid interconnection while the court decides.
Why is that a reasonable approach? Imagine the following scenario: two grid operators agree to interchange data using the Open Grid Protocol. Let’s imagine, for a moment, that this protocol does, indeed, attach to it permissions metadata, and that metadata is fully carried across the wire. Now it reaches one of the operators, who is not exactly a nice guy. Let’s assume, for the sake of the argument, that they simply get the no-perms data, upload it to their own asset servers, but with a single query, simply removes the appropriate tags and turns that item into a full-perms one.