open All Channels
seplocked Assembly Hall
blankseplocked [Proposal] API security and development priority changes
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: [1] 2 3 4

Author Topic

Ix Forres
Caldari
Righteous Chaps
Posted - 2010.07.05 21:43:00 - [1]
 

Here is my proposal to the CSM.

In July 2009, we were given an informative dev blog about the then COSMOS and now EVE Gate. Amongst the information in this blog is this line:

Quote:
Indeed, we plan to add as many of the new features as we can to the API to help you make even more cool stuff.


So far, the EVE Online API has seen very few additions since that time. We've still got titles-only for EVE mails, nothing for PI, huge numbers of bugs and quirks in the way the API functions, and recently we've seen even more comments from devs that strange behavior is becoming more common; skillpoint oddities and the like.

Since the release of EVE Gate, we've had no support from the devs about the API or accessing any features of EVE Gate programmatically. We've had threats of bans for crawling/scraping, though the EULA and TOS have not been updated to reflect this. And we've had no response to any queries we've openly put to the devs on the matter of new API features (for example, full EVE mail access - we only get titles in the API) and fixing old bugs. We've had one or two fixes in the last few expansions- that's all.

I feel that CCP has taken the wrong approach with EVE Gate and would like them to reconsider the approach they are taking, and potentially shift it. Social networks like Facebook thrive on integration and applications. EVE Gate offers no facility for either of these, instead limiting people to only doing what CCP provides, and only on CCP's website in the way that CCP wants them to do. This removes a vast amount of potential from the site. Standards like OpenSocial permit for high levels of integration without exposing personal data beyond that agreed with the application on install; this is covered further towards the end of this post.

My proposal is essentially to ask CCP to place an emphasis on making new APIs, on bringing support for third party applications and open integration into EVE Gate through existing open standards, and to place a new priority on maintaining and improving the API to maintain openness of data- anything that is available through EVE Gate should be available through APIs with the same level of permissions.

Permissions is my other point. Because CCP has not made APIs available a large amount of applications which require a user's EVE login to function have started cropping up. This is going backwards- before the API we had this situation, where you had to give your EVE login to third party apps for them to function. Clearly from a security standpoint this is extremely worrying. The solution is easy - ensure API equivalents are exposed for all EVE Gate features.

In addition to this problem, with the large number of API functions already available and the large number of additional functions that would be made available should CCP actually replicate EVE Gate features into the API, a two or even three key system for API permissions is simply not enough to provide sufficient granularity. Open standards for application authentication and permissions should be adopted as a matter of urgency. This would enable users to grant applications only the permissions that application needs to function, and nothing else, and would let users see exactly what an application will have access to prior to granting it access. Such protocols include OAuth, used heavily by Twitter and Facebook.

The changes proposed above would not require a large increase in development time, but would require nontrivial redistribution of time that would otherwise be spent on new features, but I am confident the playerbase would in general welcome changes proposed above.

If nothing else, CCP would gain a multitude of useful apps and tools which would increase use of their own platform, rather than drive people from it, increasing return on investment for invested developer time and cost by improving the user experience.

Arkady Sadik
Minmatar
Electus Matari
Posted - 2010.07.05 21:51:00 - [2]
 

Yes please. What he said.

Makurid
Posted - 2010.07.05 21:55:00 - [3]
 

/signed

Rilcon
Righteous Chaps

Posted - 2010.07.05 21:56:00 - [4]
 

Yes to this.

Modescond
Minmatar
Twilight Military Industrial Complex Alliance
Posted - 2010.07.05 22:10:00 - [5]
 


Shinah Myst
Starrust
Posted - 2010.07.05 22:11:00 - [6]
 

Do What He Means.

Femaref
Armageddon Day
WE FORM VOLTRON
Posted - 2010.07.05 22:25:00 - [7]
 

Representin'

Batolemaeus
Caldari
Free-Space-Ranger
Morsus Mihi
Posted - 2010.07.05 22:37:00 - [8]
 


Xathytoz
Gallente
Roswell Project Victimz

Posted - 2010.07.05 22:43:00 - [9]
 

do it!

Qoi
Exert Force
Posted - 2010.07.05 22:44:00 - [10]
 

Edited by: Qoi on 05/07/2010 22:43:50
Thank you very much for your excellent recap.

I'm not too sure about evegate, but the API definitely could be vastly improved and you provided excellent suggestions for that.

hauwp
Posted - 2010.07.05 22:49:00 - [11]
 

I'm actually less concerned about evegate then I am the api and igb. It seams to me that the igb wish list would be fairly simple to implement (http://wiki.eveonline.com/en/wiki/IGB_Javascript_Wish_List), but w/e.

developers unite! supported.

Jathertyn Asan
Posted - 2010.07.05 22:58:00 - [12]
 

/signed

Glacialis Routa
Amarr
Corvidae Oddjob Sweatshop
Posted - 2010.07.05 23:01:00 - [13]
 

Edited by: Glacialis Routa on 05/07/2010 23:01:32
Thumbs up!

Selina Lonarin
Gallente
Frontier Exploration And Research

Posted - 2010.07.05 23:32:00 - [14]
 

As a developer and player myself, I agree completely. EVE Gate has contributed very little to my game-play experience, but even just work to expose PI job data would drastically improve the game-play experience for myself and others through the wealth of tools it would facilitate.

Gnilch
Posted - 2010.07.05 23:39:00 - [15]
 

/signed

Lumy
Minmatar
Sebiestor Tribe

Posted - 2010.07.05 23:48:00 - [16]
 

Any CSM member wants to make this one part of his agenda? Could earn lots of votes from 3rd party app developers.

Sangrias
Posted - 2010.07.05 23:58:00 - [17]
 

/signed

Darkwolf
Caldari
TOG Empire
Combat Mining and Logistics
Posted - 2010.07.06 01:02:00 - [18]
 

Supported.

Hell yes. IMO, there should be no read-only feature in EVEgate that is not fully implemented in the API.

I'm not so convinced on write-access via API though.

Epitrope
The Citadel Manufacturing and Trade Corporation
Posted - 2010.07.06 01:35:00 - [19]
 

Granular keys are a necessity, and the player base has been asking for them (directly or not) since the API came out.

Drake Draconis
Minmatar
Shadow Cadre
Shadow Confederation
Posted - 2010.07.06 01:59:00 - [20]
 

API Improvments - Yes

Spacebook - No

Clovermite
Kamikaze Fleet Command
Kamikaze Project
Posted - 2010.07.06 02:16:00 - [21]
 


Ix Forres
Caldari
Righteous Chaps
Posted - 2010.07.06 03:14:00 - [22]
 

Originally by: Darkwolf
Supported.

Hell yes. IMO, there should be no read-only feature in EVEgate that is not fully implemented in the API.

I'm not so convinced on write-access via API though.



If write access is available on EVE Gate, it should be available on the API, or we're back to square one- lots of people just scripting EVE Gate.

I do think that granular keys (or rather permission based keys) should be a prerequisite to this, however - you want to have total control over what can write.

Dr BattleSmith
PAX Interstellar Services

Posted - 2010.07.06 03:52:00 - [23]
 

Too late.

The EveGate team was run by someone with zero understanding of social networking.

They decided not to use any open standards, while being stuck on MS servers the choices are limited anyway.
When questioned on it at fanfest the team leader went into an ego driven rant about how he knew better.

Eve API should be oAuth instead of/aswell as keys.
EveGate should be an OpenID provider with oAuth extension.
EveGate should have an OpenSocial container (Apache Shindig is 50,000 hours of free code)
for users to develop fleet/calendar/event/organisation apps.

99.99% of the potential of EveGate has been squandered by making it proprietry closed system with no integration points.

Darkwolf
Caldari
TOG Empire
Combat Mining and Logistics
Posted - 2010.07.06 03:56:00 - [24]
 

Originally by: Ix Forres
If write access is available on EVE Gate, it should be available on the API, or we're back to square one- lots of people just scripting EVE Gate.

I do think that granular keys (or rather permission based keys) should be a prerequisite to this, however - you want to have total control over what can write.


Agreed, however with the current tiers of API keys, adding write access would be potentially bad. Currently the "Full" API key does not allow write access. So if CCP went and granted write access through the Full API key, you've potentially got a security disaster there. That's why I don't support it right now.

With the addition of a new "Really Full API" key that allows Full access + write, then it's all good.

Lykouleon
Wildly Inappropriate
Goonswarm Federation
Posted - 2010.07.06 05:05:00 - [25]
 


Poskyro
Posted - 2010.07.06 05:56:00 - [26]
 

/signed

Akura Sali
Posted - 2010.07.06 06:06:00 - [27]
 

/signed

FloppyM
Posted - 2010.07.06 11:01:00 - [28]
 

/signed

Elissen
Amarr
Viziam
Posted - 2010.07.06 13:46:00 - [29]
 

Actually, EVE Gate should have been based on top of the API so that all functionality of EVE Gate would also be available for 3rd party developers. But yes, I agree the API needs a big overhaul and why try to invent the wheel again?

Jilnor
Caldari
Gradient
Electus Matari
Posted - 2010.07.06 14:23:00 - [30]
 

/signed


Pages: [1] 2 3 4

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only