|
Author |
Thread Statistics | Show CCP posts - 7 post(s) |
|
CCP Phantom
C C P C C P Alliance
4471
|
Posted - 2014.07.03 14:02:00 -
[1] - Quote
Single Sign-On (SSO) is a pretty nifty mechanism utilized for example on the EVE Online support, forum and account management pages. SSO is a way for users to log into one web site using their username and password from another web site.
For the longest time EVE Online SSO was only used on sites operated by CCP, but CCP FoxFour comes with exciting news on how third party sites will be able to use the SSO mechanism in the future.
Currently EVE Online SSO is tested by selected third party sites. Read all about EVE Online SSO on third parties in CCP FoxFour's latest blog EVE Online SSO and what you need to know! CCP Phantom - Senior Community Representative - Volunteer Manager |
|
|
CCP FoxFour
C C P C C P Alliance
3322
|
Posted - 2014.07.03 14:20:00 -
[2] - Quote
Man, missed first post as I was AFK. :(
Anyways, really looking forward to getting the SSO out there and seeing it in more use. :D CCP FoxFour // Game Designer // @regnerba
|
|
|
CCP Explorer
C C P C C P Alliance
2249
|
Posted - 2014.07.03 18:47:00 -
[3] - Quote
IceGuerilla wrote:We have this total rubbish, but we still can't change characters without relogging? What a load of poppycock. You need to explain to me how these two things are linked. One is the login mechanism used by our web sites and services and the launcher, the other is a large repository of legacy code that assumes the character ID won't change while the session is active. Erlendur S. Thorsteinsson | Senior Development Director | EVE Online // CCP Games | @erlendur |
|
|
CCP Explorer
C C P C C P Alliance
2249
|
Posted - 2014.07.03 18:54:00 -
[4] - Quote
Kenneth Feld wrote:What about Amazon??
I **THOUGHT** I was using SSO to sign on there for like a year now??? Can you detail this question a bit more, please. Erlendur S. Thorsteinsson | Senior Development Director | EVE Online // CCP Games | @erlendur |
|
|
CCP Explorer
C C P C C P Alliance
2250
|
Posted - 2014.07.03 23:38:00 -
[5] - Quote
Vincent Athena wrote:CCP Explorer wrote:IceGuerilla wrote:We have this total rubbish, but we still can't change characters without relogging? What a load of poppycock. You need to explain to me how these two things are linked. One is the login mechanism used by our web sites and services and the launcher, the other is a large repository of legacy code that assumes the character ID won't change while the session is active. One is a way to log into a service. The other is a way to log into a service. You can see why, to us users, it seems to be the same thing. One is a way to log into a service, the other is how the service the login tokens and caches session information. I can understand how this may appear to be the same, but I hope you understand when we say it isn't.
Vincent Athena wrote:Waving the "legacy code" flag just makes it look like you are looking for excuses to not do your job. I wasn't waiving any flags, just explaining the facts. I don't understand why you feel the need to be so antagonistic. Erlendur S. Thorsteinsson | Senior Development Director | EVE Online // CCP Games | @erlendur |
|
|
CCP FoxFour
C C P C C P Alliance
3372
|
Posted - 2014.07.11 09:21:00 -
[6] - Quote
Terminator 2 wrote:Wollari wrote:What people might have not realized yet. The SSO is the initial step for Authenticated CREST. If (one day) CCP will provide read/write API Calls via CREST to your character you'll be forced to authenticate via SSO and then approve the requested scopes (access level) that the application is asking for. (You likely all know it from facebook. If some funky application requests write access to my fb wall they usually can die in hell and I'll not use them, while other applications might be okay and get my approval). In the end it's always up to the user if they make use of SSO login on a 3rd party page and if they be careful during the login procedure. One last thing to Authenticated CREST (future thing). You can bet that if in some couple Years CCP will start with authenticated crest they'll be very careful with what access level they'll provide. No one wants a 3rd party application that micro manages the market ingame, etc. But right now it's only authentication which returns the information below (not more, taken from the SSO documentation) Quote:{ CharacterID: 273042051 CharacterName: "CCP illurkall" ExpiresOn: "2014-05-23T15:01:15.182864Z" Scopes: " " TokenType: "Character" CharacterOwnerHash: "XM4D...FoY=" } This is all what we application developer will get to see right now. Okay, with the characterID I can do public API requests to get more public information about the given character (like alliance, corp, secstatus, etc) but that's not critical IMHO. Well there you already have it... 1) With CharacterName i can search for your posts/opinions/killmails/whatnot...would prefer to keep that private 2) With ExpiresOn you can prepare for Wardecs to take POSes down, if someone goes on vacation...would prefer to keep that private 3) With CharacterOwnerHash you can crossreference on your own and other sites that you own or with ones that are willing to share who one's alts are, without even having access to a fullapi key...would prefer to keep that private This seemingly unimportant information can already lead to exploit and metagaming cases...who knows what the final implementation will yield... Also the malicious website owner will have more info which will be worth a lot more when you are identified...like your browsing history, IP and so on. He could for example DDOS you if you were a known Titan Pilot and he has your IP.
You are misunderstanding:
1) The whole point of singing in with the SSO is to give just your character. One and only one at a time. If you don't want to give that out... well don't sign in.
2) The ExpiresOn is when the token expires, nothing to do with the account. It's for the developer of the application or web site to know how long they have to do things they need to do.
3) No. That CharacterOwnerHash is unique to your character and account. You cannot use it to link multiple characters to the same account. A goal of the SSO for third party devs is, unless you specifically tell them, developers should NOT be able to link multiple characters from the same account together. So if you sign into the site twice with the SSO using the same account but different characters there is no way for them to know those characters are from the same account. At least not from us. You could tell them or they could guess based on the fact both signins were from the same IP, or things like that.
Your points about browsing history and DDOSing titan pilots is nothing to do with the SSO. The point of the SSO is to identify yourself as a specific character. If you don't want them to know that don't sign into their site. Web sites already ask you to confirm you are a specific person, just this makes it easier. It's still up to you if you let them know. CCP FoxFour // Game Designer // @regnerba
|
|
|
CCP FoxFour
C C P C C P Alliance
3394
|
Posted - 2014.08.11 15:03:00 -
[7] - Quote
Just as an update:
The following web sites now have access to the SSO on TQ: Osmium, Tripwire, Timerboard, and Fleet-Up with more to come soon.
Please everyone pay attention when you enter your username and password for EVE Online and be sure you have read this dev blog: http://community.eveonline.com/news/dev-blogs/eve-online-sso-and-what-you-need-to-know/ CCP FoxFour // Game Designer // @regnerba
|
|
|
|
|