Object-Capability Security in Virtual Environments

Abstract

Access control is an important aspect of shared virtual environments. Resource access may not only depend on prior authorization, but also on context of usage such as distance or position in the scene graph hierarchy. In virtual worlds that allow user-created content, participants must be able to define and exchange access rights to control the usage of their creations. Using object capabilities, fine-grained access control can be exerted on the object level. We describe our experiences in the application of the object-capability model for access control to object-manipulation tasks common to collaborative virtual environments. We also report on a prototype implementation of an object-capability safe virtual environment that allows anonymous, dynamic exchange of access rights between users, scene elements, and autonomous actors.