Hi Donovan, I'm curious about the "unguessable URL" you mentioned. URLs are inherently insecure because many ISPs, proxies, and other systems cache them. In fact, that's a large part of the HTTP cacheability you mentioned earlier. Are these URLs the only thing securing our resources?
Also, is this being offered through https? (Please say yes!) Thanks, Sam -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Donovan Preston Sent: Wednesday, July 19, 2006 10:26 PM To: Development list for libsecondlife Subject: Re: [libsecondlife-dev] Hello from The Lindens On Jul 19, 2006, at 9:22 PM, Phoenix wrote: > Now on to what I can do for you. > > We are in the midst of creating an http based capabilities system > which maps into system resources. During login and as you move > around the grid, those capabilities will will be made available to > a connected client through a REST-like interface. We will provide > some documentation for how those services work. Thanks, Phoenix, for publicly announcing our intentions in this area. I am Donovan Preston, and I have been recently hired by Linden Lab to help spearhead this web services effort. We are just getting started but will be moving quickly once we have some required infrastructure in place. We have several goals with this project. * Improve scalability by distributing load and data storage across machines, taking advantage of cacheability inherent in HTTP * Improve security by presenting a uniform way which access is granted to internal services * A "capability" is an unguessable url which confers upon the owner the right to access a resource * A "capability proxy" is a machine which responds to this public url and vouches for the bearer's right to access a private resource * Improve accessibility by presenting a uniform machine readable view of the world of second life * Resources will be expressed in a simple XML format * Access and mutation will be through HTTP GET and POST (as well as the other verbs), in a REST style So, to put it simply, the system is designed to: * Decrease lag by distributing load * Increase security by simplifying access * Increase developer ease-of-use by reducing reliance on binary protocols and UDP I look forward to working together with the libsecondlife team to make your lives easier, Second Life better, and the world a better place! Donovan _______________________________________________ libsecondlife-dev mailing list [email protected] https://mail.gna.org/listinfo/libsecondlife-dev _______________________________________________ libsecondlife-dev mailing list [email protected] https://mail.gna.org/listinfo/libsecondlife-dev
