Pages: [1] 2 3 4 5 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 7 post(s) |
|
CCP Phantom
C C P C C P Alliance
4471
|
Posted - 2014.07.03 14:02:00 -
[1] - Quote
Single Sign-On (SSO) is a pretty nifty mechanism utilized for example on the EVE Online support, forum and account management pages. SSO is a way for users to log into one web site using their username and password from another web site.
For the longest time EVE Online SSO was only used on sites operated by CCP, but CCP FoxFour comes with exciting news on how third party sites will be able to use the SSO mechanism in the future.
Currently EVE Online SSO is tested by selected third party sites. Read all about EVE Online SSO on third parties in CCP FoxFour's latest blog EVE Online SSO and what you need to know! CCP Phantom - Senior Community Representative - Volunteer Manager |
|
Mashie Saldana
BFG Tech
1107
|
Posted - 2014.07.03 14:11:00 -
[2] - Quote
Yum yum, SSO Mashie Saldana Dominique Vasilkovsky
|
IceGuerilla
Cohortes Vigilum Curatores Veritatis Alliance
50
|
Posted - 2014.07.03 14:11:00 -
[3] - Quote
We have this total rubbish, but we still can change characters without relogging? What a load of poppycock. |
Arec Bardwin
1455
|
Posted - 2014.07.03 14:16:00 -
[4] - Quote
poppycock as in caramel glazed popcorn? |
|
CCP FoxFour
C C P C C P Alliance
3322
|
Posted - 2014.07.03 14:20:00 -
[5] - Quote
Man, missed first post as I was AFK. :(
Anyways, really looking forward to getting the SSO out there and seeing it in more use. :D CCP FoxFour // Game Designer // @regnerba
|
|
Shane Merol
Ministry of War Amarr Empire
8
|
Posted - 2014.07.03 14:35:00 -
[6] - Quote
What are the odds of getting a Single Sign-on for multiple Eve accounts for all of these services?
I have more accounts than is practical to switch logins.
For instance, I have 7+ characters I keep track of using Eveboard and zkillboard, would SSO be useful in situations like that? |
Jurik McMoney
Exires Logistics
17
|
Posted - 2014.07.03 14:38:00 -
[7] - Quote
Is the "CharacterOwnerHash" (CharacterOwnerHash: "XM4D...FoY=") always the same? So that we can use it for non eve websites as well?
I'm working for a very large company on a brand new web portal and since our main target group are technical focused people we'd love to let them use this portal via eve login. :) can't delete signature |
Ralph King-Griffin
Lords.Of.Midnight The Devil's Warrior Alliance
2441
|
Posted - 2014.07.03 14:45:00 -
[8] - Quote
coooool
"Confirming EVE is hot, batshit crazy, and puts out." -Omar Alharazaad "CAKE CANNOT HOLD UP TO BEING A CHARACTER DAMNIT." --áUnsuccessful At Everything |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3485
|
Posted - 2014.07.03 14:52:00 -
[9] - Quote
IceGuerilla wrote:We have this total rubbish, but we still can't change characters without relogging? What a load of poppycock.
Uh, One's extending the login tech that's already in use with CCP (take a look at logging into the community site, the wiki, and the forums), and the other is going through the entirety of the eve client code, looking for code where the assumption was made that the character id wouldn't change.
Teeny difference there. Woo! CSM 9! http://fuzzwork.enterprises/ Twitter: @fuzzysteve on Twitter |
Sentient Blade
Crisis Atmosphere
1280
|
Posted - 2014.07.03 14:54:00 -
[10] - Quote
I'm really looking forward to this when it becomes publicly available. When I made my EVE website, half the difficulty was going through all the loops to verify users, which relied on sending secret codes as the reason field in ISK donations, due to that being the most rapidly enumerated API.
Was a pain in the ass. |
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3485
|
Posted - 2014.07.03 14:56:00 -
[11] - Quote
In other news:
Woo! I get to turn this on, now that the devblog is out.
Right now, it doesn't add any functionality to my site. It will be used with the little things initiative the CSM is doing. (I just have to finish writing the code for that) along with custom RSS feeds for evebloggers.com (when I write the support for that) and for storing blueprints/various skill levels on my other industry applications (when I write the code. you may notice a theme here)
https://github.com/fuzzysteve/eve-sso-auth is the basis of the code I'm using. Though I'm seriously considering moving the corp/alliance check to the login time, to grab changes 'immediately'. That'll be changed later. Woo! CSM 9! http://fuzzwork.enterprises/ Twitter: @fuzzysteve on Twitter |
Kenneth Feld
Habitual Euthanasia Pandemic Legion
80
|
Posted - 2014.07.03 14:56:00 -
[12] - Quote
What about Amazon??
I **THOUGHT** I was using SSO to sign on there for like a year now???
|
Kenneth Feld
Habitual Euthanasia Pandemic Legion
80
|
Posted - 2014.07.03 14:58:00 -
[13] - Quote
Shane Merol wrote:What are the odds of getting a Single Sign-on for multiple Eve accounts for all of these services?
I have more accounts than is practical to switch logins.
For instance, I have 7+ characters I keep track of using Eveboard and zkillboard, would SSO be useful in situations like that?
Amazon has you sign on once for each account, then you can select which account thru a drop down menu |
cpu939
Eternal Darkness. Get Off My Lawn
57
|
Posted - 2014.07.03 15:00:00 -
[14] - Quote
ok a few question,
1 - what information if any do the sso site owners get.
2 - when are you going to give us a single log in for eve, just now if you go to the forum you have to log in, go to the account management area log in again same for evelopedia.
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3485
|
Posted - 2014.07.03 15:12:00 -
[15] - Quote
cpu939 wrote:ok a few question,
1 - what information if any do the sso site owners get.
2 - when are you going to give us a single log in for eve, just now if you go to the forum you have to log in, go to the account management area log in again same for evelopedia.
1: Character id Character name a non-reversible hash of your character id, and your account id.
The last is so we can know when a character changes hands. It's not useful for anything else. Woo! CSM 9! http://fuzzwork.enterprises/ Twitter: @fuzzysteve on Twitter |
Rek Seven
Probe Patrol Ixtab.
1611
|
Posted - 2014.07.03 15:20:00 -
[16] - Quote
I smell trouble ahead... I wonder how many users will fall prey to account phishing sites? +1 |
Ms Michigan
Aviation Professionals for EVE Rim Worlds Protectorate
39
|
Posted - 2014.07.03 15:21:00 -
[17] - Quote
So ...my 5 year old nephew with a laptop can break 128 bit encryption with a laptop in 45 seconds. There is that. Just so we are all on the same baseline. I get the whole internet uses it. But just for the lay-man reading my post. Just be aware.
Second....
I get CCP is trying to supplement their talents and reward the talents of others at the same time an this is the "way" to do it, but I am just not seeing how this is anywhere near a good idea.
I get that you told me it is not going through their servers and that you hand off that information to them in the form of Character name...but without looking at the code, and given CCP's past experience with security, I just don't feel comfortable (and I know you won't disclose more, nor should you), with this procedure.
I think a lot of account info is going to be lost this way. At the very least to spoofing. How many people ACTUALLY read dev blogs, let alone understand them.
Limited - again - I get it.
Just saying.
Either buy these programs and hire these people part-time to work at CCP and bring this stuff on property, or not at all.
My .02 isk. |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3485
|
Posted - 2014.07.03 15:28:00 -
[18] - Quote
Ms Michigan wrote:So ...my 5 year old nephew with a laptop can break 128 bit encryption with a laptop in 45 seconds. There is that. Just so we are all on the same baseline. I get the whole internet uses it. But just for the lay-man reading my post. Just be aware.
Citation needed. Woo! CSM 9! http://fuzzwork.enterprises/ Twitter: @fuzzysteve on Twitter |
Rain6637
Team Evil
15274
|
Posted - 2014.07.03 15:33:00 -
[19] - Quote
suddenly I understand why forums.eveonline, secure.eveonline, and community.eveonline require separate logins. President of the Commissar Kate Fanclub | Rainfleet on Twitch | Twitter | Rainfleet mk.III | Imgur |
Bienator II
madmen of the skies
2724
|
Posted - 2014.07.03 15:41:00 -
[20] - Quote
SSO is the first step for having chat available via API ;) eve style bounties (done) dust boarding parties imagine there is war and everybody cloaks - join FW |
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3485
|
Posted - 2014.07.03 15:49:00 -
[21] - Quote
Rain6637 wrote:suddenly I understand why forums.eveonline, secure.eveonline, and community.eveonline require separate logins.
For people that don't:
Logins on websites are managed by session cookies (generally these cookies also have the duration of a session.), which identify the session on the server. If different servers are handling the applications, they each need their own session cookie.
Thus, each needs you to log in.
Now, with the use of SSO, you sign into the login.eveonline.com server, and, if you tick the remember me box, it drops a cookie on your web browser, which identifies you the next time you come round (when you try logging into a different application) and removes the requirement to log in again. Woo! CSM 9! http://fuzzwork.enterprises/ Twitter: @fuzzysteve on Twitter |
Tam Althor
lll tempered sea bass Brothers of Tangra
37
|
Posted - 2014.07.03 15:59:00 -
[22] - Quote
Steve Ronuken wrote:IceGuerilla wrote:We have this total rubbish, but we still can't change characters without relogging? What a load of poppycock. Uh, One's extending the login tech that's already in use with CCP (take a look at logging into the community site, the wiki, and the forums), and the other is going through the entirety of the eve client code, looking for code where the assumption was made that the character id wouldn't change. Teeny difference there.
Bigger difference is how few people care about logging to other eve sites vs how useful it would be to not have to close the client to switch characters. SSO is another waste of resources on the level of spacebook and CQ. |
Karbowiak
Superior Mass
184
|
Posted - 2014.07.03 16:50:00 -
[23] - Quote
Just the nitpicky side in me, but, how about upgrading the SSL cert so that it shows who owns it, right in the browser?
Paypal does this, for example, helps differentiate paypal from fakers much more easily than having to click the cert, and wading through it's information. |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3486
|
Posted - 2014.07.03 16:50:00 -
[24] - Quote
Tam Althor wrote:Steve Ronuken wrote:IceGuerilla wrote:We have this total rubbish, but we still can't change characters without relogging? What a load of poppycock. Uh, One's extending the login tech that's already in use with CCP (take a look at logging into the community site, the wiki, and the forums), and the other is going through the entirety of the eve client code, looking for code where the assumption was made that the character id wouldn't change. Teeny difference there. Bigger difference is how few people care about logging to other eve sites vs how useful it would be to not have to close the client to switch characters. SSO is another waste of resources on the level of spacebook and CQ.
Hmm. Maybe my classic british understatement wasn't obvious.
It's a hell of a lot of work to change things, so you can change character, without a client restart, while making sure there are no problems with it. With the ability to use the launcher to relog in quickly, for a single account (I'm asking for updates with this), that's a lot of effort, for a minor gain. (I run 3 accounts. 1 through the launcher, 2 not. I switch at least twice daily)
Putting SSO out for third parties: Other than legal work, this is mostly adding functionality to existing code. Not a huge investment of developer resource.
Especially not compared to the work put into CQ.
Rein in your hyperbole. Woo! CSM 9! http://fuzzwork.enterprises/ Twitter: @fuzzysteve on Twitter |
|
Chribba
Otherworld Enterprises Otherworld Empire
12165
|
Posted - 2014.07.03 16:59:00 -
[25] - Quote
nom nom nom
|
|
Coffee Rocks
Thrall Nation Brave Collective
179
|
Posted - 2014.07.03 17:11:00 -
[26] - Quote
Steve Ronuken wrote:
Hmm. Maybe my classic british understatement wasn't obvious.
It's a hell of a lot of work to change things, so you can change character, without a client restart, while making sure there are no problems with it. With the ability to use the launcher to relog in quickly, for a single account (I'm asking for updates with this), that's a lot of effort, for a minor gain. (I run 3 accounts. 1 through the launcher, 2 not. I switch at least twice daily)
Putting SSO out for third parties: Other than legal work, this is mostly adding functionality to existing code. Not a huge investment of developer resource.
Especially not compared to the work put into CQ.
Rein in your hyperbole.
This was like making love to my eyes. I know there's a reason I voted for you, and this is a wonderful example. <3 http://www.thecoffeerocks.com Twitter: @thecoffeerocks |-áSteam: CoffeeRocks-á https://forums.eveonline.com/default.aspx?g=posts&find=unread&t=327221 |
whatsin aname01
Science and Trade Institute Caldari State
0
|
Posted - 2014.07.03 17:11:00 -
[27] - Quote
I do understand that it is usefull for some. Is there however a way to disable sso for all sites except the eve sites from ccp? I have a very nasty habbit not to trust any other site. Maybe that has something to with my day job. I test software for a rather big organisation. About 30k employees |
Tau Cabalander
Retirement Retreat Working Stiffs
3806
|
Posted - 2014.07.03 17:21:00 -
[28] - Quote
I really hope SSO doesn't use OAuth 2.0
Having the lead OAuth developers leave and demand their names taken off of it, plus the inherent security flaws, doesn't bode well. |
Lando Cenvax
State War Academy Caldari State
2
|
Posted - 2014.07.03 17:26:00 -
[29] - Quote
Quote:How to do it the secure way While any encryption may better than plaintext, using RC4 is considered insecure. RC4 is only acceptable as backup for WinXP Internet Explorer Users -and even that is questionable. RC4 is a no go under normal circumstances. You may want to review https://www.ssllabs.com/ssltest/analyze.html?d=login.eveonline.com The supported TLS_RSA_WITH_AES_xxx_CBC_SHA is the absolute minimum I would use today and acceptable for now -but not more than hat. Although, TLS 1.2 with ECDHE cipher-suites (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for example) would be much better since they also provide forward secrecy. Unfortunately, the 2 RC4-Ciphers are prefered by server over the more secure AES-Ciphers:
Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2 suites where used)
- TLS_RSA_WITH_RC4_128_SHA (0x5) 128
- TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
- TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
- TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
One might ask now: It's just EVE... not online banking... why bother with security hardening? Because SSL-Tweaking takes not much time. In fact on most server it's done in a few minutes -assuming you actually do your server-maintenance and keep the software up to date.
Consequently, if you see RC4 in your browsers connection-security window, your data is not secure. Not because someone is going to crack your connection, but because the admin has obviously no idea about properly securing a webserver. |
Alexis Nightwish
State War Academy Caldari State
16
|
Posted - 2014.07.03 17:36:00 -
[30] - Quote
So you're planning on blasting this info (blog) out as many channels as possible right CCP? Because, shocking as it may seem, a very large portion of EVE players do not read dev blogs. Those are the people who have a much better chance at being duped and hacked simply because they are not informed. If you don't I get the feeling that a lot of the following will take place in the near future:
Player: My account got hacked. CCP: Account security is the players' responsibility. Player: **** this! I'm leaving, and I'm taking my money with me. |
|
|
|
|
Pages: [1] 2 3 4 5 :: one page |
First page | Previous page | Next page | Last page |