web cors alternative advocacy
39 views
Skip to first unread message
Raoul Duke
Jan 26, 2024, 2:08:37 PM1/26/24
to cap-...@googlegroups.com
hi, I'd love to see a whitepaper explaining how bad web access is like with CORS craziness vs. how simple it could be via other, oh i dunno maybe capability style, mechanisms. It just seems like the industry keeps doubling down on the insanity and there's no significant voice of reason anywhere.
Mark S. Miller
Jan 26, 2024, 2:24:23 PM1/26/24
to cap-...@googlegroups.com
On Fri, Jan 26, 2024 at 11:08 AM Raoul Duke <rao...@gmail.com> wrote:
hi, I'd love to see a whitepaper explaining how bad web access is like with CORS craziness vs. how simple it could be via other, oh i dunno maybe capability style, mechanisms. It just seems like the industry keeps doubling down on the insanity and there's no significant voice of reason anywhere.
--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAJ7XQb5LOA3u%2B%2BiS69sGxux7m3Sk%2B%2Bhgi8AEBdpwFER5g8uE_A%40mail.gmail.com.
Cheers,
--MarkM
--MarkM
Pierre Thierry
Feb 11, 2024, 4:01:20 PM2/11/24
to cap-talk
Curiously,
Pierre Thierry
Mark S. Miller
Feb 12, 2024, 11:27:56 AM2/12/24
to cap-...@googlegroups.com
At tc39 (the JavaScript committee) altogether, we have a great track record of arguing things out on the technical merits and not getting stuck because of personalities and politics. I have trouble being objective about what happened with CORS vs UMP, so I'll let the public arguments speak for themselves. I'll just say that after these arguments, I mostly walked away from w3c and web standards disillusioned with how that world operates. Or, I should say, operated. It was so long ago that I'm sure things have changed. I just don't know in what direction.
--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/51403af0-d4b7-4c8f-a1b7-065e318e72e3n%40googlegroups.com.
Cheers,
--MarkM
--MarkM
yott...@gmail.com
Sep 11, 2024, 5:30:07 AM9/11/24
to cap-talk
Hi, it’s been a while! I’m back because I’m building a web-based 3D equation visualization whiteboard (everyone shivers). I still don’t know everything about capabilities.
I’ve assumed for a long time that tokens or certificates should be used, probably like UMP. But there should be a mapping between tokens and items in HTML. That is, you shouldn’t directly use a name (or a token identifying an element) in a web page that you are also using in a shared JSON protocol. That is, expect people to use the protocol to inject things into your web page if you are using the protocol to directly look up things into your web page. There are some solutions to this: 1) append something to your name, like a suffix, before putting it in a web page. This isn’t ideal. You can try multiple suffixes for related elements. 2) validate everything you are receiving. This is good. 3) use a mapping between protocol tokens and web ids or names, leaving out internal web ids or names 4) some combination. 5) others?
Watch out for uninitialized names.
The approach I’m looking into is using X3D+DIS, https://www.web3d.org/specifications/X3Dv4/ISO-IEC19775-1v4-IS/Part01/components/dis.html where the DIS-like protocol is a combination of a web protocol and a standardized protocol. Probably DIS is best done over VPN, so access can be revoked. With a non-official X3DOM implementation, websockets are used instead of UDP multicast. A lot of integers are used in DIS, looks very confusing to debug, a binary protocol. I have heard of XML versions of DIS.
What I’d like to see is some form of DIS for HTML and SVG. Seems challenging. What I’d like to see is DIS (or HTML-DIS) built into the browser. But to do things right, one needs <ROUTE> and <field> from X3D, I think. These are built into X3DOM and X_ITE. I’m hoping the declarative syntax won’t chase people away. It’s just XML. Scripts can be optional.
I also came up with a mockup role-based web-page security system based on security oriented sheets (like SQL operators or file system operators in a CSS-like stylesheet ), much like a firewall. There were three roles in an enum: USER [sic] , AUTHOR [sic], and OTHERS [sic], and 10 operators. One could do document.securitySelector(css_selector). Then I imagined putting the whole thing into the OS, and concluded it was just like a firewall. AUTHOR is remote network port 80 or 443, USER is non-networked i/o and OTHERS are web sockets, etc. But it’s role-based even if roles are hidden in the OS.
Ultimately, if resource and operation aren’t tied together, you end up with a mess. Say “no” to ambient authority.
Alan Karp
Sep 11, 2024, 1:55:36 PM9/11/24
to cap-...@googlegroups.com
Hi, it’s been a while! I’m back because I’m building a web-based 3D equation visualization whiteboard (everyone shivers).
I'm not. In fact, I could have used a tool like this last month. Is your tool anything like https://www.desmos.com/?
I still don’t know everything about capabilities.
I don't think anybody does.
I’ve assumed for a long time that tokens or certificates should be used, probably like UMP. But there should be a mapping between tokens and items in HTML. That is, you shouldn’t directly use a name (or a token identifying an element) in a web page that you are also using in a shared JSON protocol. That is, expect people to use the protocol to inject things into your web page if you are using the protocol to directly look up things into your web page. There are some solutions to this: 1) append something to your name, like a suffix, before putting it in a web page. This isn’t ideal. You can try multiple suffixes for related elements. 2) validate everything you are receiving. This is good. 3) use a mapping between protocol tokens and web ids or names, leaving out internal web ids or names 4) some combination. 5) others?
I don't understand this paragraph. Can you give an example?
Watch out for uninitialized names.
It's probably better to make sure an uninitialized name can't result in anything bad happening in case you miss one.
The approach I’m looking into is using X3D+DIS, https://www.web3d.org/specifications/X3Dv4/ISO-IEC19775-1v4-IS/Part01/components/dis.html where the DIS-like protocol is a combination of a web protocol and a standardized protocol. Probably DIS is best done over VPN, so access can be revoked. With a non-official X3DOM implementation, websockets are used instead of UDP multicast. A lot of integers are used in DIS, looks very confusing to debug, a binary protocol. I have heard of XML versions of DIS.
What I’d like to see is some form of DIS for HTML and SVG. Seems challenging. What I’d like to see is DIS (or HTML-DIS) built into the browser. But to do things right, one needs <ROUTE> and <field> from X3D, I think. These are built into X3DOM and X_ITE. I’m hoping the declarative syntax won’t chase people away. It’s just XML. Scripts can be optional.
I think you'd do better looking for a protocol designed specifically for the web. If it's for the web, I'd go with JSON instead of XML.
I also came up with a mockup role-based web-page security system based on security oriented sheets (like SQL operators or file system operators in a CSS-like stylesheet ), much like a firewall. There were three roles in an enum: USER [sic] , AUTHOR [sic], and OTHERS [sic], and 10 operators. One could do document.securitySelector(css_selector). Then I imagined putting the whole thing into the OS, and concluded it was just like a firewall. AUTHOR is remote network port 80 or 443, USER is non-networked i/o and OTHERS are web sockets, etc. But it’s role-based even if roles are hidden in the OS.Ultimately, if resource and operation aren’t tied together, you end up with a mess. Say “no” to ambient authority.
You've reached the correct conclusion.
--------------
Alan Karp
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/4a203d1a-19b2-478f-9766-03f8e88f7ca2n%40googlegroups.com.
John Carlson
Sep 11, 2024, 9:18:01 PM9/11/24
to cap-...@googlegroups.com
On Wed, Sep 11, 2024 at 12:55 PM Alan Karp <alan...@gmail.com> wrote:
Hi, it’s been a while! I’m back because I’m building a web-based 3D equation visualization whiteboard (everyone shivers).I'm not. In fact, I could have used a tool like this last month. Is your tool anything like https://www.desmos.com/?
No. Currently I just parameterize one equation, since the equation is built into the shader. I’m just focusing on a single equation with 6 parameters.
I still don’t know everything about capabilities.I don't think anybody does.I’ve assumed for a long time that tokens or certificates should be used, probably like UMP. But there should be a mapping between tokens and items in HTML. That is, you shouldn’t directly use a name (or a token identifying an element) in a web page that you are also using in a shared JSON protocol. That is, expect people to use the protocol to inject things into your web page if you are using the protocol to directly look up things into your web page. There are some solutions to this: 1) append something to your name, like a suffix, before putting it in a web page. This isn’t ideal. You can try multiple suffixes for related elements. 2) validate everything you are receiving. This is good. 3) use a mapping between protocol tokens and web ids or names, leaving out internal web ids or names 4) some combination. 5) others?I don't understand this paragraph. Can you give an example?
Say a json networked property name directly maps to a HTML id attribute through JavaScript. Without proper validation, an attacker could exploit any id on your web page, and set attribute values you might not expect.
Watch out for uninitialized names.It's probably better to make sure an uninitialized name can't result in anything bad happening in case you miss one.The approach I’m looking into is using X3D+DIS, https://www.web3d.org/specifications/X3Dv4/ISO-IEC19775-1v4-IS/Part01/components/dis.html where the DIS-like protocol is a combination of a web protocol and a standardized protocol. Probably DIS is best done over VPN, so access can be revoked. With a non-official X3DOM implementation, websockets are used instead of UDP multicast. A lot of integers are used in DIS, looks very confusing to debug, a binary protocol. I have heard of XML versions of DIS.
Yes, it’s a shared whiteboard equation visualization. No, I’ve not looked at GNAP or UCAN. No user accounts are currently planned. I’m not sure how that (Oauth) would work without some kind of account. Yes, I could obfuscate a URL or something like that. Yes, I do need to authorize servers and users contacting a meta server, so thanks for the pointers. There will probably be server filters by capability in the meta server. But I should be able to share server links to anyone and not require them to go through the meta server. The idea is to have assigned temporary identities (currently numbers), but i realize the need to be able to revoke privileges, probably by restarting a server with a different URL. The identities are mapped from the client software using socket.io “stuff”. clients cannot currently send direct messages to another user, it’s groupware.
What I’d like to see is some form of DIS for HTML and SVG. Seems challenging. What I’d like to see is DIS (or HTML-DIS) built into the browser. But to do things right, one needs <ROUTE> and <field> from X3D, I think. These are built into X3DOM and X_ITE. I’m hoping the declarative syntax won’t chase people away. It’s just XML. Scripts can be optional.I think you'd do better looking for a protocol designed specifically for the web. If it's for the web, I'd go with JSON instead of XML.
I believe DIS (the protocol) has been ported to XML. It would be another step to JSON. I believe X3D-DIS (the Interface) can be expressed in a variety of X3D encodings, including JSON, XML and VRML. It would be nice to have an HTML or JSON interface for sharing. I would say HTML wins over JSON here, but JS Proxies can be used. I wrote a Proxy based JS <ROUTE>-like thing at one point. Something similar, but distributed, is attractive. But it might be standardized. I think such things may be app specific. Something like a networked store would work here, with a declarative interface. Imagine updating a distributed data structure, similar to google docs. I don’t currently have such a data structure, I will need one, or I will need a way to query another user’s settings. I am attempting to do this *without* a persistent data store initially, just a few websites to store web pages and do distribution of parameters.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z0-gfoDgZ7HtiSWO5jV%2Bwg8hPJiyxYYs2yaSs0Mdepv6w%40mail.gmail.com.
John Carlson
Sep 13, 2024, 6:02:05 AM9/13/24
to cap-...@googlegroups.com
Alan, are you looking for something like this:
https://www3.ntu.edu.sg/home/assourin/fvrml.htm F-VRML and F-X3D (F is for functional).
That’s my flower equation right on the main page! It’s all over my website: https://coderextreme.net. I gave him the equation! But it looks like he added rainbow colors. I try to do prismatic colors.
Here’s a near current video:
I’m not sharing code because I have embarrassing security. But I do have some validation, I need to perhaps add schema checkiing but the models go through X3D SAI.
On Wed, Sep 11, 2024 at 12:55 PM Alan Karp <alan...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z0-gfoDgZ7HtiSWO5jV%2Bwg8hPJiyxYYs2yaSs0Mdepv6w%40mail.gmail.com.
John Carlson
Sep 13, 2024, 6:19:20 AM9/13/24
to cap-...@googlegroups.com
Well, he modified the equation for his own purposes, but very similar shape.
Sonja Gorjanc also has a different equation for rhondonea! She used Mathematica. $$$ for not quite so fancy.
AFAIK these guys don’t have multiuser parameter sharing! Nor interactive animation, but I’ll keep looking!
So how do we do capabilities for this? On the URL like google docs?
What if I want to revoke a client, like a rowdy student? I have numbers and socket identifiers for each client. I’ll have to figure out how to lock the the user from modifying parameters, but still be able to view.
Keeping ahead of the competition, even though I started in 1986. Used to take 2 hours for a single image!
Back to raytracing or capabilities next?
John
Alan Karp
Sep 16, 2024, 12:16:40 PM9/16/24
to cap-...@googlegroups.com
(Sorry for the late reply. My flu and Covid vaccinations threw me for a loop.)
I take it the video shows what you are talking about. We did something very much like that back in 1992 for debugging parallel programs. My colleague, Ming Hao, then turned the idea into a product that was sold to Ford. They wanted a way for engineers in Detroit and Mexico to collaborate on mechanical designs. The trick Ming came up with was to run the same application on both machines and send mouse and keyboard events between the machines. Ford loved it because no secret designs ever went over the network. She had to hook into the OS to get the events, but they are readily available if you're running in a browser.
In that work all users had permission to perform all actions. However, I don't think adding access controls would be that hard. For example, you could have each user access the main page via a proxy web page that only has capabilities for the permissions you wanted that user to have. I'll leave to you to work out the details 😀
--------------
Alan Karp
--------------
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAGC3UE%3DWbH9Whh4vRkKaxnQU%3DK-yiwCKa84e%3DXdDKNQA9e5uNA%40mail.gmail.com.
John Carlson
Sep 17, 2024, 12:03:29 AM9/17/24
to cap-...@googlegroups.com
I don’t send mouse events or keyboard events, but it would be easy to do. I want to maintain separate views of the same model, so people can run around the room separate from each other, like the metaverse or a simulation. Link sharing is done, and also sending the model in JSON, XML and other textual formats. Only the publishers can currently edit the model code in the GUI, so there’s no issue with versioning, yet. You can’t overwrite the model editor remotely, yet. Sharing links means you can control the models at the web server, firewall, etc.
Back in 1992, there was no web security. Now we have https and ssh. Both can be employed. ssh has been done; https, we hope by Wednesday.
I’m not doing anything revolutionary, I know. I’m doing what makes me happy, sharing my life’s fascination. And I’m doing the frustrating stuff so things can be published. I understand that I need to do the capability stuff myself (eeps!), but if I attract someone interested in implementing capabilities, who wants to do network capabilities on the project, even better. I am familiar with EMonkeyEngine. This might be similar, but lots of network capability stuff needs to be added. Any libraries that work with socket.io/websockets/webtransport are welcome. I don’t know if things like CapTP are available in JavaScript, which is my primary platform for 3D.
I’m currently thinking about hooking up to different websockets to switch send and receive endpoints on the client. This might be a form of revocation, or sidelining someone. But one would also have to revoke reloading, I don’t know how to stop that yet. As you say, a proxy that is revocable would work. While I do things with location.href, I don’t send people to different webpages yet, that I know of. We’re currently stumbling through Apache proxies for web and websockets. Our backend is node.js/Express/socket.io currently.
I think I only show the rendering in the GUI in the video, as the rest of the UI/UX is not great yet. The X_ITE renderer is courtesy of Holger Seelig. He also helped with the shaders, performance and some JavaScript limitations. With enough initialization time, figures as complex as 1000x1000 grid or more can be done.
The full development over the last few of weeks is shown here:
The current version retains the capability of the old versions, they are hidden in recent demos.
Most recently i have created a slider PROTO, similar to a JavaScript prototype, but in X3D XML, Essentially, this makes writing clients easier, because your socket.io client code for X_ITE is embedded in X3D scripting. I believe, but haven’t shown, that this could be done for X3D JSON and Classic VRML.
It would be nice to have all X3D app coding in XML, etc., like DIS. I’m not there yet. DIS has shown the capability to have avatars. I’m trying to do better than FreeWRL.
John.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z1ysBF9UmyzW%2BUm4u5ht1D8nRDJ_pcwqWTwwhLLvHiqkQ%40mail.gmail.com.
Alan Karp
Sep 17, 2024, 1:35:25 PM9/17/24
to cap-...@googlegroups.com
I'm beginning to grasp what you're after. Let's step back and set up for an access control analysis.
--------------
Alan Karp
- What are the protected resources?
- What rules control access to them, e.g., who can access when, delegation, revocation?
- Who is the attacker, e.g., outsider, authorized user, both?
- What are the threats, e.g., misuse, data theft, destruction?
- What mechanisms are available to mitigate the threats?
This list of questions is a subset of what you'd ask for a full security analysis. You'll notice that I'm not including threats like DoS, network security, data at rest, etc. Those are questions for a real security team. For now I want to concentrate on the parts that are relevant to capabilities.
--------------
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAGC3UEkehWHLy7YbU271%3D6_ZirdKt5mCr%3Ds_UXoGfAvsSUZtvQ%40mail.gmail.com.
John Carlson
Sep 18, 2024, 8:55:51 PM9/18/24
to cap-...@googlegroups.com
Alan,
1. It just occurred to me that I’m trying to achieve something with multiuser X3D scenes for HIPPA compliance. Something like shared manipulation of X3D scenes over Zoom without screen sharing. Multiuser virtual remote surgery, or surgery education, but without expensive video feeds. Digital Twin humanoids.
I’m guessing medical schools and students will be my first potential income source. But this is a hobby right now. Things change daily.
============
What I’m not doing is video/audio conferencing; currently, I’m working on groups for chatting (and sharing scene updates) and to understand how tokens can be used in the Metaverse and socket.io and how to manage tokens in a personal entity-relationship database, etc. Christoph Valentin suggested that I add Session Description Protocol (SDP) so I added temporary users—beyond simple numbers for each connection and rooms (as supported by socket.io). Thus there becomes a need to separate scene traffic.
Here’s the design of a *local* database.
Entity/Group/Being Table
* Pet name
* Token (access to remote chat group)
* Type
* Link (Scene, Avatar, Room, possibly a BLOB)
Petname Relationship Table
* Parent Pet name
* Relationship type
* Child Pet name
Plus IDs and dates (sessions)
I had not heard of Pet name relationships before, so this might interest the group.
Currently, the scene update traffic and group traffic are separated by API only. The scene should probably have a token filled in through a template. I already planned for templates for SDP.
2. I don’t have a development yet for revocation yet, but if you exit the client or go to another group, you will be removed from the original group. You can currently use your original token to resume. It’s kind of up to you to continue to use tokens or not.
I know about token granting tokens. I know how to kick someone out of a group. I guess can create an internal mapping from a group entrance token (single use) to a group token (not revealed), then remove the mapping from the group entrance token to the group. You can still use the unlinked group entrance token to talk to the person, if they return to the entrance, or remap the tokens if the issue is resolved. One problem is, I would have to currently exit the group to talk to the offender. Users currently only have one group they are in. Only one scene can be shown at a time. What I plan to do is separate group chats into separate tabs in the browser, for simplicity.
Sessions are timed groups. If the session token is presented before or after the time interval, it won’t work.
I know that delegation can supposedly be monitored. I’ll just say that capabilities can be transmitted, hopefully through secure means.
3. Both. Mostly the attackers are annoying communicators (I’m feeling a little hot under collar), bots and hackers in general. I don’t have a plan for competing teams yet.
4. If it’s surgery, someone’s life could be at stake. I can’t deal with that yet. Malpractice insurance?
Hopefully scenes are downloaded through links. The links are shared among the group. Security is up to referenced link sites, and there will probably be some digital currency exchanged.
5. Tell me more.
6. Maybe this will be a Roku channel. I never learned how to use a console controller.
John
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z3opVHCi2tgXptp0c_ghuyYD_Vk9YYhzHLaRVW3TZHjng%40mail.gmail.com.
Alan Karp
Sep 24, 2024, 7:12:07 PM9/24/24
to cap-...@googlegroups.com
Sorry for the late reply. It's a lot to think about. Comments inline.
--------------
Alan Karp
--------------
Alan Karp
On Wed, Sep 18, 2024 at 5:55 PM John Carlson <yott...@gmail.com> wrote:
Alan,1. It just occurred to me that I’m trying to achieve something with multiuser X3D scenes for HIPPA compliance. Something like shared manipulation of X3D scenes over Zoom without screen sharing. Multiuser virtual remote surgery, or surgery education, but without expensive video feeds. Digital Twin humanoids.
That's why I think the idea of sending mouse and keyboard events is appropriate. Much less data to transmit; much lower latency.
I’m guessing medical schools and students will be my first potential income source. But this is a hobby right now. Things change daily.============What I’m not doing is video/audio conferencing; currently, I’m working on groups for chatting (and sharing scene updates) and to understand how tokens can be used in the Metaverse and socket.io and how to manage tokens in a personal entity-relationship database, etc. Christoph Valentin suggested that I add Session Description Protocol (SDP) so I added temporary users—beyond simple numbers for each connection and rooms (as supported by socket.io). Thus there becomes a need to separate scene traffic.
Are you talking about access tokens a la OAuth2?
Here’s the design of a *local* database.Entity/Group/Being Table* Pet name* Token (access to remote chat group)* Type* Link (Scene, Avatar, Room, possibly a BLOB)Petname Relationship Table* Parent Pet name* Relationship type* Child Pet name
What's a parent/child pet name?
Plus IDs and dates (sessions)I had not heard of Pet name relationships before, so this might interest the group.Currently, the scene update traffic and group traffic are separated by API only. The scene should probably have a token filled in through a template. I already planned for templates for SDP.2. I don’t have a development yet for revocation yet, but if you exit the client or go to another group, you will be removed from the original group. You can currently use your original token to resume. It’s kind of up to you to continue to use tokens or not.
One mistake made by Google Wave was that they didn't record who invited whom to the group. As a result, you could eject an abusive member but not someone who kept inviting abusive participants. So, if you need a token to join, it should either encode the delegation chain or point to an encoding.
I know about token granting tokens. I know how to kick someone out of a group. I guess can create an internal mapping from a group entrance token (single use) to a group token (not revealed), then remove the mapping from the group entrance token to the group. You can still use the unlinked group entrance token to talk to the person, if they return to the entrance, or remap the tokens if the issue is resolved. One problem is, I would have to currently exit the group to talk to the offender. Users currently only have one group they are in. Only one scene can be shown at a time. What I plan to do is separate group chats into separate tabs in the browser, for simplicity.
It sounds like all group communication is mediated by the "group," whatever that is. Do you plan to support private communication the way Zoom chat works?
Sessions are timed groups. If the session token is presented before or after the time interval, it won’t work.I know that delegation can supposedly be monitored. I’ll just say that capabilities can be transmitted, hopefully through secure means.
In general, delegation cannot be monitored. For example, OAuth bearer tokens are delegated via token exchange. You submit your token to the Authorization Server asking for a new token with a subset of the submitted token's permissions. You then give that token to whomever you please. Even with certificates, there doesn't have to be a way to attach an identification to the public key the certificate is issued to.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAGC3UE%3DTvSiVADPvpAA7MahQBS8SXq2Cqn0sXq9k4WveoCOodA%40mail.gmail.com.
John Carlson
Sep 24, 2024, 8:37:18 PM9/24/24
to cap-...@googlegroups.com
Replies inline.
On Tue, Sep 24, 2024 at 6:12 PM Alan Karp <alan...@gmail.com> wrote:
Sorry for the late reply. It's a lot to think about. Comments inline.
--------------
Alan KarpOn Wed, Sep 18, 2024 at 5:55 PM John Carlson <yott...@gmail.com> wrote:Alan,1. It just occurred to me that I’m trying to achieve something with multiuser X3D scenes for HIPPA compliance. Something like shared manipulation of X3D scenes over Zoom without screen sharing. Multiuser virtual remote surgery, or surgery education, but without expensive video feeds. Digital Twin humanoids.That's why I think the idea of sending mouse and keyboard events is appropriate. Much less data to transmit; much lower latency.
It’s a terrific idea, I leave option to either provide an HTTPS or HTTP link, or alternatively provide and X3D encoded editable text file in a variety of encodings (hopefully as a single file, but sometimes separate files do work). But the collaboration can work with either HTML or X3D, down to individual parameter levels (slider values owned by separate sessions or together).
I’m guessing medical schools and students will be my first potential income source. But this is a hobby right now. Things change daily.============What I’m not doing is video/audio conferencing; currently, I’m working on groups for chatting (and sharing scene updates) and to understand how tokens can be used in the Metaverse and socket.io and how to manage tokens in a personal entity-relationship database, etc. Christoph Valentin suggested that I add Session Description Protocol (SDP) so I added temporary users—beyond simple numbers for each connection and rooms (as supported by socket.io). Thus there becomes a need to separate scene traffic.Are you talking about access tokens a la OAuth2?
Probably access tokens, yes, but I plan for them to be revoked if they are created through delegation. OAuth2 is a very daunting specification, that’s probably why there are so few providers.
I personally do not know all the uses of tokens. I’d use password, but there’s currently no user information besides a changeable handle, an incrementing connection number and an encoded socket id. There’s a concept of a private petname and a shared session/group petname for collaboration purposes.
Here’s the design of a *local* database.Entity/Group/Being Table* Pet name* Token (access to remote chat group)* Type* Link (Scene, Avatar, Room, possibly a BLOB)Petname Relationship Table* Parent Pet name* Relationship type* Child Pet nameWhat's a parent/child pet name?
A personal way to organize petnames in the user interface. Think a hierarchy of petnames, or a network/table of petnames. Hopefully there will be different ways to organize petnames. Right now, one selects petnames in the table to create JSON “session descriptions” (entities/groups/beings) that you share with the collaboration app (currently through copy/paste). One can flip between sessions. I will add a scene URL to the entity table as well. Currently, we use the existing link to point (secure) websockets socket.io at a remote server. Or we leave null to connect to the current server. Probably we won’t try to defeat CORS.
Plus IDs and dates (sessions)I had not heard of Pet name relationships before, so this might interest the group.Currently, the scene update traffic and group traffic are separated by API only. The scene should probably have a token filled in through a template. I already planned for templates for SDP.2. I don’t have a development yet for revocation yet, but if you exit the client or go to another group, you will be removed from the original group. You can currently use your original token to resume. It’s kind of up to you to continue to use tokens or not.One mistake made by Google Wave was that they didn't record who invited whom to the group. As a result, you could eject an abusive member but not someone who kept inviting abusive participants. So, if you need a token to join, it should either encode the delegation chain or point to an encoding.
I had planned a table of originating to delegating tokens. That seems kind of risky to keep a global table of delegations, so I moved it to a list of delegations on each token, but that’s risky too. I understand the need to record the delegations with the each token, so I’ll probably use at table *at each original token*, and not delete any delegation, just record a non-negative number. Without any real sense of identity, it’s hard to target abuse at one or two individual. One can keep track of number of delegations of a token for a root token though. Or one can have “free sessions” and “accounted sessions.” Generally sessions are when groups meet and where groups meet. The where will be customizable by the end user, based on a session invite.
Session descriptions will probably be separately shared as a different link to each individual participant in a session.
I know about token granting tokens. I know how to kick someone out of a group. I guess can create an internal mapping from a group entrance token (single use) to a group token (not revealed), then remove the mapping from the group entrance token to the group. You can still use the unlinked group entrance token to talk to the person, if they return to the entrance, or remap the tokens if the issue is resolved. One problem is, I would have to currently exit the group to talk to the offender. Users currently only have one group they are in. Only one scene can be shown at a time. What I plan to do is separate group chats into separate tabs in the browser, for simplicity.It sounds like all group communication is mediated by the "group," whatever that is. Do you plan to support private communication the way Zoom chat works?
I don’t know how Zoom chat works. But yes you can have a group/session token you share with one person, which they can delegate.
Sessions are timed groups. If the session token is presented before or after the time interval, it won’t work.I know that delegation can supposedly be monitored. I’ll just say that capabilities can be transmitted, hopefully through secure means.In general, delegation cannot be monitored. For example, OAuth bearer tokens are delegated via token exchange. You submit your token to the Authorization Server asking for a new token with a subset of the submitted token's permissions. You then give that token to whomever you please. Even with certificates, there doesn't have to be a way to attach an identification to the public key the certificate is issued to.
Agreed that tokens can be abused. But token usage can be tracked, probably by IP address (sorry VPN/TOR abusers). Ideally sessions will be an hour or so. It’s pretty easy to sign off a session, just remove the session description and update. I’m pretty sure rooms disappear in socket.io when they aren’t used.
My idea of a group is a group of people who aren’t communicating per se. Like your contact list. When you start communicating, it’s a session.
John
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z1p8y_P73fMKBMJEMYKyusfvH1e1O17n1cW%2B-g%3DTYcTug%40mail.gmail.com.
John Carlson
Sep 25, 2024, 9:27:05 PM9/25/24
to cap-...@googlegroups.com
So here’s me currently ideas:
Group contains irrevocable token and is closely held. Free Session is derived from Group and has revocable token instead of irrevocable token and a start time and optional end time. Accounted Session are derived from Free Session and has charges.
The Sessions collection is an online collection of Groups.
John Carlson
Sep 26, 2024, 12:37:40 PM9/26/24
to cap-...@googlegroups.com
I’m imagining session descriptions like a phone contact list. There’s a contact name, and then a list of phone numbers or messaging accounts. This is intuitive. Ideally, I’d like to or organize one’s contact list anyway you like, and not just have two levels.
Alan Karp
Sep 26, 2024, 12:49:04 PM9/26/24
to cap-...@googlegroups.com
On Thu, Sep 26, 2024 at 9:37 AM John Carlson <yott...@gmail.com> wrote:
I’m imagining session descriptions like a phone contact list. There’s a contact name, and then a list of phone numbers or messaging accounts. This is intuitive. Ideally, I’d like to or organize one’s contact list anyway you like, and not just have two levels.
Where each contact name is associated with a capability, I presume.
--------------
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAGC3UEk0yRY43%2BXQSRQ90rEfZAfVQNc_puvfp4OPcgbT7hCA%3Dg%40mail.gmail.com.
John Carlson
Sep 26, 2024, 12:59:37 PM9/26/24
to cap-...@googlegroups.com
Yes, at a fundamental level. But there should be a wide variety of ways to organize contact names, and contact name relationships, including group contact lists.
John
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z0hhW4pGO6fZvGm3X%2BD87E9HXkhsWXeHaEqohrwrAEQfg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages