Form of authentication and privacy?

I'm starting a separate thread because this isn't directly related to the new policy discussions.  I think we all agree that there are some information that can raise privacy issues.  The recent threads Dan started regarding money and alts are probably two of the best examples.  Another issue I encountered is the Guild MOTD - many guilds store internal information there (such as passwords to their Ventrilo chat server).

Before discussing which of these should be visible/hidden, I'd like to ask: is there any plan (or any chance of) to implement some form of authentication that would allow one to access more data?  Let's take a concrete example: someone makes a mobile application that lets you view your own character details.  In this case, it might be desirable to view your own amount of money - something you wouldn't necessarily want exposed to everyone.

The issue is how to provide a secure authentication scheme that wouldn't involve sending your main account credentials over an URL.  One idea that came to mind was to have a two-step procedure:

1) Login to EQ2Players, and obtain a personal key

2) When accessing the data feed, use that personal key in the URL to validate your identity

That way, the only thing that could get compromised is that API personal key, which could either be:

a) Time-limited, orb) Easily replaced, by generating a new one through EQ2Players, orc) You could disable "API authentication" through EQ2Players

That authentication code could potentially give you access to everything that is deemed privacy-sensitive:

a) some personal data deemed sensitive, such as moneyb) Guild data deemed sensitive, such as MOTD, or Guild Bank content (if it gets added to the API at some point)

And since that key is only used for the API, it wouldn't be such a security risk for users to provide them in any third party application they use.

These are obviously just my ideas from an outside view - the SOE folks might have some very simple technical issues that would shoot the ideas down.  I thought I'd at least put it here, see if it's possible.

 

I sure hope they never do this.  I prefer a clean public feed without the overhead of authentication, and I don't see any other data that I truly want access to that I cannot now access.  Quest journal perhaps, but is that really private?  I wouldn't think so...

 

Thanks for starting this Lantis...it is indeed a topic on my mind.

I think it is going to be difficult to provide a comprehensive data feed without some form of authentication.  I am still putting together a proposal though.

-dan

 

I personally would love to make a web interface to the guild bank and guild calander, or even your personal bank(s)/house vault(s).  All of which would require authentication.

Quicktiger - The data you need doesn't have to be authenticated and wouldn't need to change.

I like Lantis' key idea, makes data available without comprimising the account(s).

 

The idea isn't to require such an authentication method to access everything - only to access some more privacy-sensitive information such as those I mentionned (and possibly a few others): money, GuildMOTD, alts...  Think of it as a way to see data that you normally would only see through an authenticated EQ2Players session.

 

There is a non-trivial issue here though.

When you have token, who is reponsible for assigning and managing the storage of that token?  The token needs to carry the identity of the account, not your site, in order to see account-specific sensitive information.  

To do this correctly, we have to setup a way to associate that identity in a distributed way.  This is where the non-trivial part comes in.  Yes, this is possible.  But it will take some time and effort.

-dan

 

If you want to truly ensure the privacy of user data, it would have to be entirely done SOE-side (otherwise, it would only be of benefit to developers actually implementing it for their own site - anyone would still be able to exploit the feed for "data mining").  The only involvement on the application developer side would be to ask that token from its user (possibly as part of the application configuration - I'm using an hypotetical "character viewer" application for a mobile device here just as an example), and supply that token when sending the request to the REST API.  SOE's end would then decide wether the key is valid or not, and return its data accordingly (filtering out privacy-restricted fields if the token is invalid or missing).

Definitely not something that could be implemented overnight I totally agree.  But as a long-term solution, that's the best solution I could think of that would both respect user privacy and allow a full, unedited data feed.  While for now it would only affect maybe 2-3 fields, this would open the door in the future to exposing more sensitive data (again as a purely theorical example, the guild bank content, or even the character's bank content).

 

"OAUTH"

Twitter, Facebook, and other app-based services have provided a per-app token mechanism for some time, which allows user-side invalidation of the token without the app's cooperation.

"The application eq2mission would like to have access to view you personal bank.  This may be allowed even when you are not online.  Allow?"

 

This is actually not a bad idea to have if its used just for the private data that is hidden to allow it be shown.  This would have to be managed by Sony to allow for the use of the key to unlock the data other wise its hidden.  This is like it was said by quicktiger already in use by Facebook but also by other games too.  I do prefer a open feed as it would be needed for something like eq2players but a key to give full access.

 

Understood...and OAuth is a viable option to take.  There are a number of problems that need to be solved.  I am sussing them out first before we jump to a conclusion.

-dan