|
Author |
Thread Statistics | Show CCP posts - 8 post(s) |
Dragonaire
Caldari Corax. SOUL CARTEL
|
Posted - 2011.01.30 18:56:00 -
[1]
Ok in an attempt to keep this short I added a wiki page explaining how I see this being done that IMHO will work well. You can look at my proposal at http://code.google.com/p/yapeal/wiki/KeyManagementProposal
I'd also like to add myself to the list asking for a non-time limited key option.
We need an APIs add to tell us what access a key grants.
We need an API that at least let us know how many characters they have on the same account and a way for they to grant others access to the list of them. Think accountCharacters with just character and corporation names and IDs not all the other stuff. I've thought for a while to many things have been being add to that one API instead of adding new ones that are simpler to make, parser, and manage.
Off topic rant For all of you that think OAuth etc are such a great ideas you are really just a hack waiting to happen. The problem with it and any of the others like it is it's totally based only on WHAT YOU KNOW which means anyone else can intercept or figure that out then they become you and no one else can tell the difference online.
Before I would trust any system like that with the stuff many people are doing now it would need to require something you have something as well i.e. a smart key. Then it takes something you know and something you have to access it. Is something like that overkill for use with an online game account? Yes it is. Is putting Your game account access, FaceBook account with all of your personal information, bank accounts, etc into a system based on just stuff you know that can be intercepted or figured out a stupid thing to do too? I think so but people do it every day then cry about it when they lose their whole life when someone breaks in because they picked a poor password or some programmer on a site you might not even use but has access to the OAuth system had a bug that dumped everyone's info to some remote hacker that then posted it all online for everyone to use.
Not having a single point of failure and multiple sign-ins and passwords is still much better if used correctly. Rant off
Hopefully everyone find my ideas useful and maybe some of you will have ideas to improve upon it which would be great the more the better so CCP has a wide range to choose from when making the final decision and we can work together with them in making the APIs and even Eve itself better for a change and not just b*%ching about they not know what they are doing or how they did it wrong. -- Finds camping stations from the inside much easier. Designer of Yapeal for Eve API.
|
Dragonaire
Caldari Corax. SOUL CARTEL
|
Posted - 2011.02.11 15:04:00 -
[2]
I'll assume my proposal got lost on the first page after the whole Oauth debate so now that it's died down I post it again for those that don't want to go back and find it. http://code.google.com/p/yapeal/wiki/KeyManagementProposal
It address several of the more recent post about how to organize stuff to make adding APIs to the key very easy but still let power users dig down into the detail if they want. It also address the need for combined char/corp keys that would make them much easier to manage when both are needed.
I'm sure there is some room for improvements in it but it is based on a know working system that I've guided many senor citizens through using over the phone at work so I think most Eve players should find it a breeze to use Like to hear some feedback or suggestions for improvement and I'll update it with any that everyone seem to think are good. -- Finds camping stations from the inside much easier. Designer of Yapeal for Eve API.
|
Dragonaire
Caldari Corax. Everto Rex Regis
|
Posted - 2011.02.15 02:54:00 -
[3]
Here a few replies for you CCP Prism X Eve Gate
- Team working on it has at least twice screwed up simple security stuff by resetting permissions. Why would we think they would be any better in the future? They shot themselves in the foot on this one more than once and it will take a long time for most developers or even normal Eve players to believe in them again. Even if they don't mess up the key stuff itself if they reset stuff so some one can get in to add one does it matter?
- Since it's mostly a social site IMHO and I think most other developers view it that way as well that means it has a very large targeting X on it from hackers, social engineers, etc and adding the API stuff to it just makes the pay off that much bigger. The main Eve site has an X on it too but it's much smaller.
- You yourself remarked in your post on how hard it is to get any of them to take time out to talk with you so where are they going to find time to actually do anything for the API? You may have been just joking but I'm betting you thought of it because it's actual happened before to you or others.
Are corporation keys only creatable by directors? I think they should have the same access in or out of game. Either you trust them with both or you don't and shouldn't be giving them the access. Why trust them with the data in game and not out they can always just copy and paste the data out any way or probably find it in the cache as well so having it available from the APIs doesn't really change anything.
Exposing alts! Someone else floated the idea to have it say how many other characters exist on the account. That would be enough by default but any less will have recruiters asking again for screen shot etc and would be a regression. Outside of recruiting most things don't care and just knowing there are other characters should be more than enough. (Think promos for multiple char discounting for applications, etc for why it would be good thing). I can tell from the Blog and your comments you have the idea that the user/account can go away entirely but as long as people can only have a set number of characters per etc you're not going to be able to do that as that is how everyone views things and even if things were changed so there wasn't those limits like we have now everyone is still going to view it as a person with their account and will want to have an API system that reflects that.
Granularity of customization Once again if you don't think they'll have time to do it right why is it a good idea to move this over to EveGate?
If you haven't took the time to read through my idea yet I linked in please do and have someone from web development have a look too as it show a very easy to develop and use system to let people have the level of control they want. With the addition where applications can direct players to the site and have preset templates or a way for them to preselect APIs it would make it very player as well as third party developer friendly. Also corporations and/or alliances can put out lists of what APIs their members should/shouldn't be giving out to third parties if they decide to for security etc.
Key Properties API Call Simple this has been needed for a long time and the changes being looked at just make the case for it much stronger.
Key Expiry So every year everyone is going to have to renew keys for all of their characters they use for EveMon on their own computers and other local applications? There is a need for infinite keys but it probably shouldn't be the default and an extra "Are you sure?" prompt wouldn't be out of line but not having it as an option once again would be a regression since the current keys work that way.
That about covers everything and I'm out of room in this post anyway -- Finds camping stations from the inside much easier. Designer of Yapeal for Eve API.
|
|
|
|