<!-- MHonArc v2.4.4 -->
<!--X-Subject: [MUD-Dev] Re: Login and Accounts -->
<!--X-From-R13: X Q Znjerapr <pynjNhaqre.rate.ftv.pbz> -->
<!--X-Date: Tue, 11 Aug 1998 16:05:23 -0700 -->
<!--X-Message-Id: 199808112305.QAA06253#under,engr.sgi.com -->
<!--X-Content-Type: text/plain -->
<!--X-Reference: 19980719085335.A1365@localhost -->
<!--X-Head-End-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title>MUD-Dev message, [MUD-Dev] Re: Login and Accounts</title>
<!-- meta name="robots" content="noindex,nofollow" -->
<link rev="made" href="mailto:claw#under,engr.sgi.com">
</head>
<body background="/backgrounds/paperback.gif" bgcolor="#ffffff"
text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000">
<font size="+4" color="#804040">
<strong><em>MUD-Dev<br>mailing list archive</em></strong>
</font>
<br>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
<br clear=all><hr>
<!--X-Body-Begin-->
<!--X-User-Header-->
<!--X-User-Header-End-->
<!--X-TopPNI-->
Date:
[ <a href="msg00666.html">Previous</a>
| <a href="msg00668.html">Next</a>
]
Thread:
[ <a href="msg00441.html">Previous</a>
| <a href="msg00253.html">Next</a>
]
Index:
[ <A HREF="author.html#00667">Author</A>
| <A HREF="#00667">Date</A>
| <A HREF="thread.html#00667">Thread</A>
]
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<H1>[MUD-Dev] Re: Login and Accounts</H1>
<HR>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<UL>
<LI><em>To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
<LI><em>Subject</em>: [MUD-Dev] Re: Login and Accounts </LI>
<LI><em>From</em>: J C Lawrence <<A HREF="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</A>></LI>
<LI><em>Date</em>: Tue, 11 Aug 1998 16:05:07 -0700</LI>
<LI><em>Reply-To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
</UL>
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<HR>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<PRE>
On Sun, 19 Jul 1998 08:53:35 -0400
Mike L Kesl<mlkesl#cpinternet,com> wrote:
> Problem: What do we do when someone logs in... Goals: Allow a
> secure login for a single person.
I see two seperate problems masquerading as the same problem:
Authentication and Identification. They are related, but they are not
the same. Authentication is the question and answer to "Is who he
says he is?" Identification is the question and answer to, "Is he not
one of all those other people over there?" One proves the positive,
the other proves the negative. The first is easy, the second is not.
Identification is actually the same problem that software licensing
has been confronting for years with their dongles, system keys, ID
strings, license managers, etc. They're interested in defining
against who can't use the product far more than they are in defining
who can. ie They're interested in ensuring that unlicensed users
can't use the product, not in ensuring that only licensed users can
use the product.
Internet virtosity changes all the rules. Its tough to guarantee,
even to a very sloppy degree of accuracy, unique identification when
there are no to no fixed and not-easily-forgable reference points.
> Another thought that comes to mind is to use a composite model,
> where accounts are a composite of one or more "priviledges". Some
> examples are necessary to best illustrate this concept of composite
> design.
> Eg. Account: Mike L Kesl E-Mail: mlkesl#hotmail,com
> Priviledges: builder, designer, coder
> Account: John Q Mud E-Mail: john17#usa,net
> Priviledges: ooc, character
> Account: Mahst R Bilder E-Mail: mrbilder#leet,org
> Priviledges: ooc, character, builder, helper
> Stuff like that...That does not seem like a bad one to me...*shrug*
There are many different types of security systems. Three popular
forms are Heirarchial, Domain, and Relational.
An example of heirarchial security systems are the standard
Imm/Admin/God/Wizard/<player levels> patterns. Another variation of
heirarchial systems uses tag attributes to create multiple heirarchies
which may exist in parallel (eg MOO's WizBit). Heirarchial systems
have the advantage of being simple and easily understood and debugged.
Domain systems define groups where membership of the group defines
access rights to the resources controlled by that group. cf Access
Control Lists and related structures. Note: Domain systems are
typically heirarchial within each domain, and domains may be placed in
heirarchial structures. Domain systems have the advantage of allowing
logical structures to be simply imposed on the security
implementation, allowing access rights to be grouped and processed as
classes. They also require considerable expertise to design and do
right (definition of domains and inter-relations (both dependency and
conflict) of domains).
Relational security systems define access by the relation of one
identity to another. Bubba "owns" XXX. Boffo is a "friend" of
Bubba's, and so has access to XXX. Bernie is a friend of Boffo's and
so does or does not have access to XXX. Relational systems are simple
only at the local level (which is the level at which they get used,
and at which they are queried by the system in practice). They also
tend to rapidly become extremely complex when viewed at a systemic
level (ie the security pattern of the game world as a whole), and are
difficult/expensive to manipulate in organised class/group fashions.
I happen to be fond of relational security systems as it allows
control of security to be devolved down to the individuals responsible
for the resources in question.
Then of course you have the question of default-open and
default-closed security (everybody has access to everything except for
the things you proscribe, or nobody has access to anything except for
those things you allow them access to). Both can be made equally
secure and are in fact functionally equivalent. Which is better and
which requires the less work depends on your security application.
--
J C Lawrence Internet: claw#null,net
(Contractor) Internet: coder#ibm,net
---------(*) Internet: claw#under,engr.sgi.com
...Honourary Member of Clan McFud -- Teamer's Avenging Monolith...
</PRE>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<HR>
<!--X-Follow-Ups-End-->
<!--X-References-->
<UL><LI><STRONG>References</STRONG>:
<UL>
<LI><STRONG><A NAME="00254" HREF="msg00254.html">[MUD-Dev] Login and Accounts</A></STRONG>
<UL><LI><EM>From:</EM> Mike L Kesl <mlkesl#cpinternet,com></LI></UL></LI>
</UL></LI></UL>
<!--X-References-End-->
<!--X-BotPNI-->
<UL>
<LI>Prev by Date:
<STRONG><A HREF="msg00666.html">[MUD-Dev] Re: DBMS in MU*'s</A></STRONG>
</LI>
<LI>Next by Date:
<STRONG><A HREF="msg00668.html">[MUD-Dev] Re: DBMS in MU*'s</A></STRONG>
</LI>
<LI>Prev by thread:
<STRONG><A HREF="msg00441.html">[MUD-Dev] Re: Login and Accounts</A></STRONG>
</LI>
<LI>Next by thread:
<STRONG><A HREF="msg00253.html">[MUD-Dev] Scripting Design Notes</A></STRONG>
</LI>
<LI>Index(es):
<UL>
<LI><A HREF="index.html#00667"><STRONG>Date</STRONG></A></LI>
<LI><A HREF="thread.html#00667"><STRONG>Thread</STRONG></A></LI>
</UL>
</LI>
</UL>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<ul><li>Thread context:
<BLOCKQUOTE><UL>
<LI><strong><A NAME="00254" HREF="msg00254.html">[MUD-Dev] Login and Accounts</A></strong>,
Mike L Kesl <a href="mailto:mlkesl#cpinternet,com">mlkesl#cpinternet,com</a>, Sun 19 Jul 1998, 13:50 GMT
<UL>
<LI><strong><A NAME="00294" HREF="msg00294.html">[MUD-Dev] RE: Login and Accounts</A></strong>,
Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Wed 22 Jul 1998, 00:41 GMT
<UL>
<LI><strong><A NAME="00306" HREF="msg00306.html">[MUD-Dev] Re: Login and Accounts</A></strong>,
Ling <a href="mailto:K.L.Lo-94#student,lboro.ac.uk">K.L.Lo-94#student,lboro.ac.uk</a>, Wed 22 Jul 1998, 13:45 GMT
<UL>
<LI><strong><A NAME="00441" HREF="msg00441.html">[MUD-Dev] Re: Login and Accounts</A></strong>,
Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Sat 01 Aug 1998, 12:40 GMT
</LI>
</UL>
</LI>
</UL>
</LI>
<LI><strong><A NAME="00667" HREF="msg00667.html">[MUD-Dev] Re: Login and Accounts</A></strong>,
J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Tue 11 Aug 1998, 23:05 GMT
</LI>
</UL>
</LI>
<LI><strong><A NAME="00253" HREF="msg00253.html">[MUD-Dev] Scripting Design Notes</A></strong>,
Mike L Kesl <a href="mailto:mlkesl#cpinternet,com">mlkesl#cpinternet,com</a>, Sun 19 Jul 1998, 13:47 GMT
<LI><strong><A NAME="00252" HREF="msg00252.html">[MUD-Dev] Network Connectivity</A></strong>,
Jeroen Ruigrok/Asmodai <a href="mailto:asmodai#wxs,nl">asmodai#wxs,nl</a>, Sun 19 Jul 1998, 12:56 GMT
<UL>
<LI><strong><A NAME="00257" HREF="msg00257.html">[MUD-Dev] Re: Network Connectivity</A></strong>,
T. Alexander Popiel <a href="mailto:popiel#snugharbor,com">popiel#snugharbor,com</a>, Sun 19 Jul 1998, 16:27 GMT
<UL>
<LI><strong><A NAME="00293" HREF="msg00293.html">[MUD-Dev] Re: Network Connectivity</A></strong>,
Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Wed 22 Jul 1998, 00:33 GMT
</LI>
</UL>
</LI>
</UL>
</LI>
</UL></BLOCKQUOTE>
</ul>
<hr>
<center>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
</center>
<hr>
</body>
</html>