<!-- MHonArc v2.4.4 --> <!--X-Subject: [MUD-Dev] Re: Login and Accounts --> <!--X-From-R13: X Q Znjerapr <pynjNhaqre.rate.ftv.pbz> --> <!--X-Date: Tue, 11 Aug 1998 16:05:23 -0700 --> <!--X-Message-Id: 199808112305.QAA06253#under,engr.sgi.com --> <!--X-Content-Type: text/plain --> <!--X-Reference: 19980719085335.A1365@localhost --> <!--X-Head-End--> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <html> <head> <title>MUD-Dev message, [MUD-Dev] Re: Login and Accounts</title> <!-- meta name="robots" content="noindex,nofollow" --> <link rev="made" href="mailto:claw#under,engr.sgi.com"> </head> <body background="/backgrounds/paperback.gif" bgcolor="#ffffff" text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000"> <font size="+4" color="#804040"> <strong><em>MUD-Dev<br>mailing list archive</em></strong> </font> <br> [ <a href="../">Other Periods</a> | <a href="../../">Other mailing lists</a> | <a href="/search.php3">Search</a> ] <br clear=all><hr> <!--X-Body-Begin--> <!--X-User-Header--> <!--X-User-Header-End--> <!--X-TopPNI--> Date: [ <a href="msg00666.html">Previous</a> | <a href="msg00668.html">Next</a> ] Thread: [ <a href="msg00441.html">Previous</a> | <a href="msg00253.html">Next</a> ] Index: [ <A HREF="author.html#00667">Author</A> | <A HREF="#00667">Date</A> | <A HREF="thread.html#00667">Thread</A> ] <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> <H1>[MUD-Dev] Re: Login and Accounts</H1> <HR> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <UL> <LI><em>To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI> <LI><em>Subject</em>: [MUD-Dev] Re: Login and Accounts </LI> <LI><em>From</em>: J C Lawrence <<A HREF="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</A>></LI> <LI><em>Date</em>: Tue, 11 Aug 1998 16:05:07 -0700</LI> <LI><em>Reply-To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI> </UL> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> <HR> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> <PRE> On Sun, 19 Jul 1998 08:53:35 -0400 Mike L Kesl<mlkesl#cpinternet,com> wrote: > Problem: What do we do when someone logs in... Goals: Allow a > secure login for a single person. I see two seperate problems masquerading as the same problem: Authentication and Identification. They are related, but they are not the same. Authentication is the question and answer to "Is who he says he is?" Identification is the question and answer to, "Is he not one of all those other people over there?" One proves the positive, the other proves the negative. The first is easy, the second is not. Identification is actually the same problem that software licensing has been confronting for years with their dongles, system keys, ID strings, license managers, etc. They're interested in defining against who can't use the product far more than they are in defining who can. ie They're interested in ensuring that unlicensed users can't use the product, not in ensuring that only licensed users can use the product. Internet virtosity changes all the rules. Its tough to guarantee, even to a very sloppy degree of accuracy, unique identification when there are no to no fixed and not-easily-forgable reference points. > Another thought that comes to mind is to use a composite model, > where accounts are a composite of one or more "priviledges". Some > examples are necessary to best illustrate this concept of composite > design. > Eg. Account: Mike L Kesl E-Mail: mlkesl#hotmail,com > Priviledges: builder, designer, coder > Account: John Q Mud E-Mail: john17#usa,net > Priviledges: ooc, character > Account: Mahst R Bilder E-Mail: mrbilder#leet,org > Priviledges: ooc, character, builder, helper > Stuff like that...That does not seem like a bad one to me...*shrug* There are many different types of security systems. Three popular forms are Heirarchial, Domain, and Relational. An example of heirarchial security systems are the standard Imm/Admin/God/Wizard/<player levels> patterns. Another variation of heirarchial systems uses tag attributes to create multiple heirarchies which may exist in parallel (eg MOO's WizBit). Heirarchial systems have the advantage of being simple and easily understood and debugged. Domain systems define groups where membership of the group defines access rights to the resources controlled by that group. cf Access Control Lists and related structures. Note: Domain systems are typically heirarchial within each domain, and domains may be placed in heirarchial structures. Domain systems have the advantage of allowing logical structures to be simply imposed on the security implementation, allowing access rights to be grouped and processed as classes. They also require considerable expertise to design and do right (definition of domains and inter-relations (both dependency and conflict) of domains). Relational security systems define access by the relation of one identity to another. Bubba "owns" XXX. Boffo is a "friend" of Bubba's, and so has access to XXX. Bernie is a friend of Boffo's and so does or does not have access to XXX. Relational systems are simple only at the local level (which is the level at which they get used, and at which they are queried by the system in practice). They also tend to rapidly become extremely complex when viewed at a systemic level (ie the security pattern of the game world as a whole), and are difficult/expensive to manipulate in organised class/group fashions. I happen to be fond of relational security systems as it allows control of security to be devolved down to the individuals responsible for the resources in question. Then of course you have the question of default-open and default-closed security (everybody has access to everything except for the things you proscribe, or nobody has access to anything except for those things you allow them access to). Both can be made equally secure and are in fact functionally equivalent. Which is better and which requires the less work depends on your security application. -- J C Lawrence Internet: claw#null,net (Contractor) Internet: coder#ibm,net ---------(*) Internet: claw#under,engr.sgi.com ...Honourary Member of Clan McFud -- Teamer's Avenging Monolith... </PRE> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <!--X-Follow-Ups-End--> <!--X-References--> <UL><LI><STRONG>References</STRONG>: <UL> <LI><STRONG><A NAME="00254" HREF="msg00254.html">[MUD-Dev] Login and Accounts</A></STRONG> <UL><LI><EM>From:</EM> Mike L Kesl <mlkesl#cpinternet,com></LI></UL></LI> </UL></LI></UL> <!--X-References-End--> <!--X-BotPNI--> <UL> <LI>Prev by Date: <STRONG><A HREF="msg00666.html">[MUD-Dev] Re: DBMS in MU*'s</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg00668.html">[MUD-Dev] Re: DBMS in MU*'s</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg00441.html">[MUD-Dev] Re: Login and Accounts</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg00253.html">[MUD-Dev] Scripting Design Notes</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="index.html#00667"><STRONG>Date</STRONG></A></LI> <LI><A HREF="thread.html#00667"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> <ul><li>Thread context: <BLOCKQUOTE><UL> <LI><strong><A NAME="00254" HREF="msg00254.html">[MUD-Dev] Login and Accounts</A></strong>, Mike L Kesl <a href="mailto:mlkesl#cpinternet,com">mlkesl#cpinternet,com</a>, Sun 19 Jul 1998, 13:50 GMT <UL> <LI><strong><A NAME="00294" HREF="msg00294.html">[MUD-Dev] RE: Login and Accounts</A></strong>, Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Wed 22 Jul 1998, 00:41 GMT <UL> <LI><strong><A NAME="00306" HREF="msg00306.html">[MUD-Dev] Re: Login and Accounts</A></strong>, Ling <a href="mailto:K.L.Lo-94#student,lboro.ac.uk">K.L.Lo-94#student,lboro.ac.uk</a>, Wed 22 Jul 1998, 13:45 GMT <UL> <LI><strong><A NAME="00441" HREF="msg00441.html">[MUD-Dev] Re: Login and Accounts</A></strong>, Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Sat 01 Aug 1998, 12:40 GMT </LI> </UL> </LI> </UL> </LI> <LI><strong><A NAME="00667" HREF="msg00667.html">[MUD-Dev] Re: Login and Accounts</A></strong>, J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Tue 11 Aug 1998, 23:05 GMT </LI> </UL> </LI> <LI><strong><A NAME="00253" HREF="msg00253.html">[MUD-Dev] Scripting Design Notes</A></strong>, Mike L Kesl <a href="mailto:mlkesl#cpinternet,com">mlkesl#cpinternet,com</a>, Sun 19 Jul 1998, 13:47 GMT <LI><strong><A NAME="00252" HREF="msg00252.html">[MUD-Dev] Network Connectivity</A></strong>, Jeroen Ruigrok/Asmodai <a href="mailto:asmodai#wxs,nl">asmodai#wxs,nl</a>, Sun 19 Jul 1998, 12:56 GMT <UL> <LI><strong><A NAME="00257" HREF="msg00257.html">[MUD-Dev] Re: Network Connectivity</A></strong>, T. Alexander Popiel <a href="mailto:popiel#snugharbor,com">popiel#snugharbor,com</a>, Sun 19 Jul 1998, 16:27 GMT <UL> <LI><strong><A NAME="00293" HREF="msg00293.html">[MUD-Dev] Re: Network Connectivity</A></strong>, Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Wed 22 Jul 1998, 00:33 GMT </LI> </UL> </LI> </UL> </LI> </UL></BLOCKQUOTE> </ul> <hr> <center> [ <a href="../">Other Periods</a> | <a href="../../">Other mailing lists</a> | <a href="/search.php3">Search</a> ] </center> <hr> </body> </html>