Authentication Thread

[Z-Man]

Skimming over the RSA md5 code, I think it's much more readable than the Aladdin variant, probably because it relies less on macros. I think we should rather kick out the Alladin code.

[Luke-Jr]

Recall that not the feasibility of your plans and whether they *technically* work was questioned, but simply whether we want a global user database.

Well, seeing as we *already* have a global user database... and even if you want to split this forum/community from the official project, we still would *need* a central user database for the resource repository.

An unbiased poll would be much better at determining that.

Which forum? How is this:
"Armagetron 0.3 will support registering/reserving nicknames for playing the game. How should this be handled?
1. Nicknames are reserved one time for all/most servers
2. Nicknames are reserved for each server/group
3. Nicknames are reserved on your "home" server and those who are "friends" with it

[Z-Man]

We have a global user database, but that's the database of the forum members, not the players. Judging from a simple inverse logic, the forum users are only a tiny fraction of the players (and others have already expressed this without inverse logic):

Number of games I played intensively over the last five years: maybe 10-20
Number of game-related forums I did not just read, but participate in: 0, not counting this one for obvious reasons, but let's say 1 for the sake of not getting a division my zero.

Now, assume I'm a typical client of AA (stands to reason because I basically started to write the game for myself). I register at 10% of the forums of the games I play (optimistic estimate). So, for every game forum I'm registered on, there are nine I'm not registered on. If I'm indeed typical, then for every user registered here, there are nine others that are not registered.

Now the resource database needs to know player IDs????? Isn't it rather so that it requires the ID's of those who want to upload stuff, and those will be few compared tho those who download stuff?

You still have not answered my other question about the resource server: If I set up a server (with default settings) and connect to it with a client (with default settings), will any of those attempt to connect to the resource server?

About the poll: 1. is clearly missing that it will be using a central user database. Don't sweep that under the carpet. Of course, the other options could use similar information. I'd suggest

When we support registering/reserving nicknames for playing the game, which of the following systems would you most like to see implemented?
1. Nicknames are reserved one time for all/most servers by a central server
2. Nicknames are reserved for each server/group in a local database
3. Nicknames are reserved on your "home" server in a local database and those who are "friends" with it
(modifications marked)

If 1. wins, there's the independent question of whether it should be enabled by default (2. and 3. can't, of course).

I'd place the poll in the main development forum, but let's wait what the others have to say. Maybe we should also find someone netural do make the actual post, so nobody can get angry at the poster if he makes "accidental" typos

[Luke-Jr]

We have a global user database, but that's the database of the forum members, not the players. Judging from a simple inverse logic, the forum users are only a tiny fraction of the players (and others have already expressed this without inverse logic):

That can change. Change your logic to find how many players of a game register characters for it-- I think it's be near 100%.

Now the resource database needs to know player IDs????? Isn't it rather so that it requires the ID's of those who want to upload stuff, and those will be few compared tho those who download stuff?

True.

You still have not answered my other question about the resource server: If I set up a server (with default settings) and connect to it with a client (with default settings), will any of those attempt to connect to the resource server?

Depends on the server's configuration. Not with defaults, since both systems already have the needed resources. If the server specifies a non-included map, but does not specify a URI to fetch it from, both client and server will go looking for it at the resource repository the first time they need it.

About the poll: 1. is clearly missing that it will be using a central user database. Don't sweep that under the carpet.

I was writing the questions in a way that matters to non-technical players. Players will only see the end result, which is what I described in the options I described.

Of course, the other options could use similar information. I'd suggest

When we support registering/reserving nicknames for playing the game, which of the following systems would you most like to see implemented?
1. Nicknames are reserved one time for all/most servers by a central server with proper redundancy. You register once with the central server.
2. Nicknames are reserved for each server/group in a local database. You register once with each server/group you play on.
3. Nicknames are reserved on your "home" server in a local database and those who are "friends" with it. You register once with your "home" server and once for each server/group that does not consider it "friendly".

If 1. wins, there's the independent question of whether it should be enabled by default (2. and 3. can't, of course).

1 would not really work unless enabled by default... What good is a global registration if players and admin need to jump through the hoops to use it?

I'd place the poll in the main development forum, but let's wait what the others have to say.

Why the devel forum? I thought we were polling the players and server admins?

Maybe we should also find someone netural do make the actual post, so nobody can get angry at the poster if he makes "accidental" typos

And someone neutral to choose the neutral person to make the actual post?

[Z-Man]

That can change. Change your logic to find how many players of a game register characters for it-- I think it's be near 100%.

I could change my logic, but that would make in illogical. I already skewed the numbers as far as possible into your direction. Even for the games where it would have made sense to register (Quakeworld, Quake 2 Rocket Arena, Quake 3), I did not. Even only counting those, it's still 0 registrations of 3 games => if everyone is like me, zero percent ( obviously with a large statistical error of at least 33%) of our users are registered here.

About the poll: 1. is clearly missing that it will be using a central user database. Don't sweep that under the carpet.

I was writing the questions in a way that matters to non-technical players. Players will only see the end result, which is what I described in the options I described.

It will matter to players how their nicknames are managed and by whom. The technical details are indeed unimportant, so we could do for example

1. Nicknames are reserved one time for all/most servers. Nicknames are managed by us.
2. Nicknames are reserved for each server/group and managed by your local server admin.

(The redundancy would count as a irrelevant technical detail for me).

If 1. wins, there's the independent question of whether it should be enabled by default (2. and 3. can't, of course).

1 would not really work unless enabled by default... What good is a global registration if players and admin need to jump through the hoops to use it?

You're exaggerating.
Server admins only need to uncomment a line in the configuration file; even if disabled, we'll provide the sample configuration. Clients should use whichever authentication system the server they connect to uses (to support the uncle Joe scenario), so no config changes should be necessary.

Why the devel forum? I thought we were polling the players and server admins?

Actually, these forums are the wrong place altogether. Since you can vote only if you're already registered, we'll miss the opinion of *precisely* those people whose interests Lucifer and me want to protect. It's like asking the rich whether they want tax cuts for the rich.

[Luke-Jr]

About the poll: 1. is clearly missing that it will be using a central user database. Don't sweep that under the carpet.

I was writing the questions in a way that matters to non-technical players. Players will only see the end result, which is what I described in the options I described.

It will matter to players how their nicknames are managed and by whom. The technical details are indeed unimportant, so we could do for example

1. Nicknames are reserved one time for all/most servers. Nicknames are managed by us.
2. Nicknames are reserved for each server/group and managed by the local server/group admin(s).

Those look good, IMHO.

If 1. wins, there's the independent question of whether it should be enabled by default (2. and 3. can't, of course).

1 would not really work unless enabled by default... What good is a global registration if players and admin need to jump through the hoops to use it?

You're exaggerating.
Server admins only need to uncomment a line in the configuration file; even if disabled, we'll provide the sample configuration.

I'm using the same terminology used earlier to support the alternative idea. Either case would be uncommenting/commenting config stuff.

Why the devel forum? I thought we were polling the players and server admins?

Actually, these forums are the wrong place altogether. Since you can vote only if you're already registered, we'll miss the opinion of *precisely* those people whose interests Lucifer and me want to protect. It's like asking the rich whether they want tax cuts for the rich.

So should we cross-poll the primary player forums here, Breakfast, etc?

[Z-Man]

I'm using the same terminology used earlier to support the alternative idea. Either case would be uncommenting/commenting config stuff.

Really? I checked back, the first time the term was used here was by Lucifer in reference to the Uncle Joe Scenario (and having to bring a secret key with you like some key based schemes require is really jumping through hoops, and you rightfully point out yours does not), and already the next usage is by you in exactly the same context as here.

So should we cross-poll the primary player forums here, Breakfast, etc?

Too much work . We could put up the poll in the "Server Admins Only" section and ask the server admins to consult their users as they see fit. If they want to be dictators (as is their right, IMHO), they just don't, maybe they just go online and ask the players, maybe they put up a poll on their website.

[Z-Man]

Hey, wait a minute. You're trying to divide and conquer 2. and 3. are almost identical and will fight for votes. The poll should really be just

When we add authentication and nickname registration to AA, who should be in charge of maintaining the player nicknames?
1. the developers
2. the server administrators

[Luke-Jr]

Hey, wait a minute. You're trying to divide and conquer 2. and 3. are almost identical and will fight for votes.

Shoot, you caught me. =p
Actually, I was figuring conquer two questions with one. It's not overly hard to combine 2+3... wasn't the most recent draft only two options anyway?

1. Nicknames are reserved one time for all/most servers. Nicknames are managed by us.
2. Nicknames are reserved for each server/group and managed by the local server/group admin(s).

The poll should really be just

When we add authentication and nickname registration to AA, who should be in charge of maintaining the player nicknames?
1. the developers
2. the server administrators

That poll is very lacking. How are people to weigh the 'costs' and 'benefits' if they are only given the 'costs'?

[Z-Man]

That poll is very lacking. How are people to weigh the 'costs' and 'benefits' if they are only given the 'costs'?

Aw, it was worth a try. Your last version is allright.

[Luke-Jr]

That poll is very lacking. How are people to weigh the 'costs' and 'benefits' if they are only given the 'costs'?

Aw, it was worth a try. Your last version is allright.

So who posts it and where? I think polling server admin is just as bad as polling devs, since there is an easy bias.
What major forums/communities are there outside of this one? I know Breakfast now... MBC apparently has one, or so I hear. Tiger also has one? Any others?

[Z-Man]

I'm far too lazy to register with all those boards and do the poll. I have no objections if you do that.
How about if we just do a regular post, not a poll, in the server admin section and ask them to do the polls and report back the results (or say clearly "I'm a dictator, I rule my server, this is what I want")?
I believe the best political structure for AA is federal: Players "elect" server administrators by playing on their servers, server administrators (and some especially loud players) report their problems and wishes to us. But I have the suspicion that this is precisely why we butt our heads on this authentication issue...

[n54]

*ground opens and up from the chasm to hell climbs n54*

well it's not just a nifty entrance; you guys will think i'm the devil for suggesting the following

now first of all excuse me if somebody has already offered up this faustian deal but i honestly couldn't be bothered to read the entire thread (shame on me yes) except a few glimpses here and there.

What is user authentication? It can be thought of as a service

i.e. it's not neccesary to have user authentication but some users would love to be able to protect their names while others probably don't care. You probably see where this is heading already

the faustian deal: if one wants the service of protecting ones name one pays up for it (something like 5$ a year or similarily reasonable) and the funds go to the disposal of the project. when installing armagetron advanced one gets some info on how to sign up + it's mentioned clearly in any user documentation. If one runs with this a central server with initial signup becomes the choice.

now the faustian part of this is of course any discussions and disagreements on how to use the money.... (my priorities would be to cover the cost of running the auth server, then the costs of running the master browser etc.)

it's just an idea, i'm not saying i'm in favour of it, just playing the devils advocate

this thread reeks of gasoline and here i am - playing with a flamethrower! let the flames begin

[Z-Man]

The main problem here is that once you take money for a service, you give your users (now customers) plenty of right to complain, and if we ourselves host the user database, users will mistake the money they pay for the database as money they pay on development and mistake their right to complain about the database maintaining for a right to complain about the game itself...
Mind you, if some other entity hosts such a database and charges money for it (and promises to give us a share of the surplus, maybe), I don't have a problem with that.

[n54]

yes, that's why i call it faustian, because it can potentially cause a lot of problems unless one is very determined as well as work out the details up front in an (at least internally) official way.

i just wanted to air the idea because it is an option and a way to view the problem that wasn't brought up. as with all things it has both pros and cons.