Site Tools

en:identification

Single Authentication

We use different services in the Khaganat project to manage different aspects, like: phpbb forum, dokuwiki wiki, ryzomcore game client. This may change over time by adding or migrating services as we find needed. For user comfort issues, it would be better to use only one created account for access to everything, and a single authentication to be connected to all the services. This would also allow for better management of robot registrations(only one service to be secured).

Authentication, all services: this is the goal!

An excellent article on the subject, also listing various possibilities, is available on wikipedia:Unique Authentification.

There are different possibilities. We can create our own module(which may be weak on an security level) or rely on already existing modules of this kind. Currently there are two quality solutions: “Openid” and(er.. I forgot, but it was even more technical.. “lapd” perhaps?).

Constraints on identity

Security

To increase security, we had at one point envisioned that a single profile would be linked to an identifier and a password(used to log in), but that identifier is not the same as username. On the forums(or the wiki) we would see a username, without being able to know the identifier connected to the account.

So, when creating an account, define an identifier(some use the mail, why not.. but it seems a little weak! We'll specify that nobody will be able to see this name(nowhere!!) and that it just serves what it should serve, an general pseudo(which will be seen on wiki and forum) and a password.

When logging in, only the username and password are entered. And we appear connected with the nickname.

Role-play

If for all that is “HRP”, it's the player and therefore only one pseudo simplifying the task, but for the roleplay.. it's necessary to leave the possibility to the people of having more than one name. They must also be allowed to have several gaming clients(see article Reroll and multiboxing).

Perhaps the best thing would be to change the way you connect and manage your customers?

Log in with its login + password(with the option to “remember” it by checking a checkbox) and choose what client account to launch(dropdown of linked accounts + possibility to add a new one) with the last client started by default? Perhaps of interest: greatly limits the possibility of lending out accounts. The risk: those who still want to lend out an account will be the subject of getting into much more trouble.

Level forum(the second place where the multi-account can be interesting) would be the ability to see everything that his characters can access without having to “deco-reco” an account every time.. would be a big plus!! To post, choose from the list(of the related author) to our account with the related post(and having a limited choice to those who can post when we are in a limited access party). There is(as of now) no “phpbb plugin” that does this. An plugin is in development but it is not really that good yet( not allowing to switch between linked accounts). I have yet to see anything like this type on other forums.

Always try to avoid this as much as possible(through the login window).

Choosing a solution

Here we can talk about the “cons and pros” and about different possibilities!

More information(in French) on OpenID: http://fr.wikipedia.org/wiki/OpenID

en/identification.txt · Last modified: 2017/01/07 20:34 by Domperss