[X3D-Public] [x3dom-developers] on demand loading of inline nodes; security implications

Tue Dec 16 07:22:59 PST 2014

Looking into loading and unloading of nodes, I understand that javascript
does not have a concept of explicit unloading. It seems the most an author
or user could do is to assign a null value to all references to an object
(node) and hope that the javascript interpreter of  the browser removes the
object from memory in the next garbage collection. In terms of security in
the case of x3dom this may mean that it will be hard to guarantee that
content once it is loaded will not be accessible with some dedication at a
later time.
As a point of discussion security may be divided into security on the
server (content provider, see Sony trouble), security during transmission
(ssl), security in the browser (client, decryption), and DRM (digital
rights management). There are also levels of security: government strength,
industrial strength, consumer strength, light.
Some thoughts, Andreas

On Tue, Dec 16, 2014 at 5:34 AM, Don Brutzman <brutzman at nps.edu> wrote:

> cc: x3d-public list
>
> Thanks for the details Max and Andreas.  Yes the original motivation for
> controlled loading was for controlling performance of large tile trees.
> (GeoInline was then merged into Inline for simplicity.)
>
> One of our planned tasks for the coming year, as part of X3D v3.4
> development, is to perform a security review of the full X3D specification.
>
> Controlling Inline loading definitely sounds like a feature that authors
> might want to use for security purposes, allowing authors to give users
> strict control of when a scene retrieval or query is made.  There are a
> number of cases where users want to control when their web browser
> retrieves content.
>
> I expect that we will begin collecting such issues of interest on the wiki
> and making X3D Security a weekly topic on the working group
> teleconferences.  Further insights are always welcome.
>
>
> On 11/27/2014 4:30 AM, Limper, Max wrote:
>
>> Hi,
>>
>> I don’t think it was a design decision not to support the „load“ field.
>> It’s simply not implemented.
>>
>> Regards,
>>
>> Max
>>
>> *Von:*Andreas Plesch [mailto:andreasplesch at netscape.net]
>> *Gesendet:* Mittwoch, 26. November 2014 19:13
>> *An:* x3dom-developer mlist
>> *Betreff:* [x3dom-developers] on demand loading of inline nodes
>>
>> For large scenes it would be convenient or necessary to control the
>> loading (downloading and adding to the scene graph) of provided inline
>> nodes either by x3d facilities or by javascript. Is this possible ? Is
>> there then a way to unload inline nodes when they are not required anymore
>> ? Unloading would be different from removing the node completely in that
>> only the previously added (children) nodes from the inline scene are
>> removed but not the inline node itself.
>>
>> I noticed in the example below that all inline nodes used in a LOD are
>> downloaded and added to the scene even when they are not yet in range:
>>
>> https://googledrive.com/host/0BwIhFzkLaQ9XSWh1cGZRdlBZZm8/Mars.xhtml
>>
>> The initial loading of the inline nodes happens early when the node is
>> first encountered. It is necessary that this is the default behaviour for
>> nodes in general. To override this, inline nodes have a field called 'load'
>> which is supposed to prevent immediate loading when set to false but it
>> does not seem to be supported. If it is not, was there a design decision to
>> not have this capability ?
>>
>> Thanks, Andreas
>>
>
> all the best, Don
> --
> Don Brutzman  Naval Postgraduate School, Code USW/Br
> brutzman at nps.edu
> Watkins 270,  MOVES Institute, Monterey CA 93943-5000 USA
> +1.831.656.2149
> X3D graphics, virtual worlds, navy robotics http://faculty.nps.edu/
> brutzman
>

-- 
Andreas Plesch
39 Barbara Rd.
Waltham, MA 02453
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20141216/63c94c5c/attachment-0001.html>