gltf-extensions icon indicating copy to clipboard operation
gltf-extensions copied to clipboard

Published 20 hours ago verified publisher icon omigroup

Managing the external resources (uri paths) from gltf extensions

Open fire opened this issue 3 years ago • 3 comments

Propose an OMI extension for external resources.

  • gltf have external resources that may cause security risks.
  • Resources may become significantly more fragile due the passage of time with the links breaking.
  • Privacy may leak from access.

Process for addressing:

  1. gltf transform workflow
  2. Consent for playback and tracking
  3. Static bundles
  4. Self-contained bundles
  5. Link checking tool
  6. List exposed providers

Levels

  1. Whitelist all external resources
  2. Block all external resource
  3. All access external resources

Prior work

  • https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
  • https://datatracker.ietf.org/doc/html/rfc2577

fire avatar Feb 18 '22 05:02 fire

yes this would be great! Also I would add it would be great if this supported IPFS addresses, as that is what's often used for storing files linked to the blockchain - and with IPFS supported here you could have assets with globally unique permanent addresses that you could host yourself by pinning the content.

oveddan avatar Jun 12 '22 17:06 oveddan

Also it would be nice if it supported relative paths, that way files on the same host/domain can reference each other relatively, and you don't have to worry about a changing domain breaking things.

oveddan avatar Jun 12 '22 17:06 oveddan

See ISO X3D for a Web-ready semantic (fallbacks etc): https://web3d.org/documents/specifications/19775-1/V4.0/Part01/components/networking.html

npolys avatar Aug 01 '24 20:08 npolys