open All Channels
seplocked EVE Technology Lab
blankseplocked Centralized registration for corp services
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

Abdiel Kavash
Caldari
Paladin Order
Fidelas Constans
Posted - 2011.08.19 07:01:00 - [1]
 

Over the years my corporation has developed many out of game services we use: phpBB forums, Teamspeak server, a wiki, and even several home-brewed applications. As many of them potentially contain sensitive information, we keep access to everything for corp members only. Currently this is simply done by having each new member register for everything, and the officers then confirm their account.

However, as we grow in numbers and introduce more services, this is becoming more and more cumbersome. People need to remember many different logins (or use the same credentials for different things), and the overhead with handing out permissions and ensuring people who leave the corp are properly restricted from everything is getting out of hand.

A possible solution would be to maintain a centralized database of members, have people sign into this using their API, and use their set of credentials for all the different services. Since it can use the EVE API, this service could also automatically kick people if they leave the corp.

What I'm wondering is whether anything like this already exists. Surely this is not an uncommon problem for larger corps and alliances, and I would hate to spend time or money on reinventing the wheel if there is any solution already available. I have checked the last few pages of this forum, but found nothing relevant.

The features I'm specifically looking for:
- User registration using the API (confirming that only corp members can register)
- Automatic banning of people when they leave the corp
- At least basic user group management (recruits/full members/moderators/officers)
- Easy integration with common out of game services - forums, voice comms, etc.
- Runs on a LAMP configuration (we already have a web server set up for all the services we use)

Peter Powers
FinFleet
Raiden.
Posted - 2011.08.19 07:23:00 - [2]
 

using the API is no authentication,
people can be in posession of API keys without owning the character!
you need them to take ingame action (send isk / evemail to your own account) and read that from the API to ensure a user is who he claims to be.

Abdiel Kavash
Caldari
Paladin Order
Fidelas Constans
Posted - 2011.08.19 09:31:00 - [3]
 

Originally by: Peter Powers
using the API is no authentication,
people can be in posession of API keys without owning the character!
you need them to take ingame action (send isk / evemail to your own account) and read that from the API to ensure a user is who he claims to be.

Good point. But we could consider it the user's responsibility to keep his API secret. Also, not allowing two logins connected to the same in-game character, so that even if someone gets the API, they can't register a new account using it. (Or if they do it before the genuine owner, the owner will find out and we can fix it).

Nova Orion
Syndicated Systems
ROMANIAN-LEGION
Posted - 2011.08.19 14:38:00 - [4]
 

if you're making new applications all the time. Why not just make 1 database for all user. This database you register for with an API form. You simply ask the script to check if username already exists, and denies it if it does (as your post above said).

You then have the database save username, api key?, userid, and client ID if it has to work with ts aswell.

When you then make these new applications read off aforementioned database. You can just make the signup script save all the info into the database that you could ever need. As for giving people right, that's "just" written into the application.

I have a script for instance, that works with TS3 + SMF2 (no its not tea) what it does it that you register on the forums, and it then reads the forum info to allow you on to ts. Then it gives you groups on TS appropriate to your groups on forums. So if you're in a group called "admin" on the forums, you will get into a group called "admin" on ts, if this exists =)

Just saying that if you can write all these applications, then making a central hub for signup should be easy =)

/Nova

Johnathan Roark
Caldari
The Graduates
Morsus Mihi
Posted - 2011.08.19 18:53:00 - [5]
 

Originally by: Nova Orion
if you're making new applications all the time. Why not just make 1 database for all user. This database you register for with an API form. You simply ask the script to check if username already exists, and denies it if it does (as your post above said).

You then have the database save username, api key?, userid, and client ID if it has to work with ts aswell.

When you then make these new applications read off aforementioned database. You can just make the signup script save all the info into the database that you could ever need. As for giving people right, that's "just" written into the application.

I have a script for instance, that works with TS3 + SMF2 (no its not tea) what it does it that you register on the forums, and it then reads the forum info to allow you on to ts. Then it gives you groups on TS appropriate to your groups on forums. So if you're in a group called "admin" on the forums, you will get into a group called "admin" on ts, if this exists =)

Just saying that if you can write all these applications, then making a central hub for signup should be easy =)

/Nova


Your looking for LDAP.

Abdiel Kavash
Caldari
Paladin Order
Fidelas Constans
Posted - 2011.08.20 07:23:00 - [6]
 

re Nova Orion, yes, that is the idea. I just want to know if someone else already did something like this, to save our devs their coding time.

re Johnathan Roark, yes, I actually considered that. I just never really got into the details of LDAP - isn't it a bit of an overkill for a corp site? If not, is there already something which would work with the EVE API? I'll definitely go read up on LDAP.

Jules Dupuit
Gallente
Terrorists of Dimensions
Electric Monkey Overlords
Posted - 2011.08.22 10:27:00 - [7]
 

Originally by: Abdiel Kavash

Good point. But we could consider it the user's responsibility to keep his API secret.

it's not meant to be secret, its meant to allow third party applications to safely access information about a character/corp/account.
its quite usual for a user to have his api key given to
- evemon
- at least one or two forums he uses
- eft
- some killboard
and if the user is curious about tools arround the game
then he will have put his key into alot of other third party applicatiosn too. who sais that no one there is abusing those information?
thats why you have to do *more* to authenticate a user then just ask
for the API.


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only