NationStates Jolt Archive

OpenID (http://openid.net/) is a distributed authentication system. It is a method for proving that you are the owner of an account at a certain web service, without having to compromise the security of said account.

Since there are numerous third-party tools for NationStates (endorsement counters, economic calculators, statistical aggregators), it might be helpful to be able to verify the ownership of a certain nation this way.

Right now, if you are the developer of such a tool, the easiest way of verification is to ask the user to put some kind of code in their nation motto for a while to prove that they control this nation (sort of how you can claim a blog on Technorati (http://www.technorati.com)). OpenID is just a way of standardizing such a system.

---

I realize that there will be little demand for such a technology right now, but this is meant to be a little inspirational brainstorming. :)

Those third-party tools rely on our XML feed, which is read-only and available to anyone. I'm not sure I see any value in being able to log into NS info from any tool other than the game itself.

Admin SalusaSecondus is very well versed in security behavior on the internet. I'll bring this topic to his attention, just in case.

Well, the sites only use the data gathered from NS (which is freely available), but some of them might have their own services and settings that should be accessible only to the player who controls the nation in question.

To give one example, say I make an offsite forum where my member name is automatically generated from the name of my NS nation; and my profile page displays a load of statistics about this nation.

Now, normally, the offsite forum would have to take a user's word for it when they claim to be the player of a certain nation. They could sign up with that name and be identified with the nation even though it might not belong to them (and nobody would know without TGing the nation). The security of their account is uncompromised, but their identity has still been stolen as far as the community is concerned.

With a system like this, the player could enter their nation name at the offsite forum, and if they're already logged in to NS, NS could tell the forum that "yes, that's her". This would even save the player the bother of logging in twice: If they're already logged in at NS, the forum will recognize them (and all this without the forum having access to their nation account, of course).

Again, this is really more of a fancy pipedream than a real feature request, since OpenID is far from being widely adopted; the above example is more to give an example of how it could be used.

* Applies his official stamp of Niftiness to this idea.*

I won't have the chance to look at this for a while, but I definitely think that this is a good idea.

I've attended a detailed talk on the security implications of OpenID and have reached a decision:

"We will allow people to use OpenID delegates through NationStates."

We won't allow people to authenticate with OpenID (far too many security problems and it doesn't make sense for us), nor will we be an identity provider (too many security issues and we shouldn't be in the business of verifying peoples' identities).

What this means is that it will limit use of OpenID to more technical users (sorry) who have another OpenID provider (there are lots of free ones out there and many NationStates users will already have one without knowing it).

I haven't yet settled upon the exact implementation or settings yet, but this will happen.

Groovy.

Now, normally, the offsite forum would have to take a user's word for it when they claim to be the player of a certain nation. They could sign up with that name and be identified with the nation even though it might not belong to them (and nobody would know without TGing the nation). The security of their account is uncompromised, but their identity has still been stolen as far as the community is concerned.

Hence why the forum of region Nederland requires an in-game TM to be sent before the account is activated (and thus before posting-rights are granted).

Question here is though... does Invisionfree (a highly popular forum provider for regional forums) support OpenID?

Ballotonia

It appears that MediaWiki has an OpenID extension (http://www.mediawiki.org/wiki/Extension:OpenID), but it appears to be a bit on the unfinished side. Also, I really need to update NSwiki's version of MediaWiki (I got way behind after they changed the release announcement procedure) before adding any new extensions and such.

No idea about IF support...

Goobergunch
NSwiki Founder

Much delayed thread bump! (Yay necromancy!) (http://www.nationstates.net/page=news/2008/07/29/index.html#openid)

Much delayed thread bump! (Yay necromancy!) (http://www.nationstates.net/page=news/2008/07/29/index.html#openid)

Ahhh, this seems like such a good idea, plus another update. Great suggestion, I can't wait to see how it pays off.

I put in my delegate and server, and pressed "Update Settings."

It told me my settings were updated, but the information in the two boxes disappeared. Is this expected behavior?

I put in my delegate and server, and pressed "Update Settings."

It told me my settings were updated, but the information in the two boxes disappeared. Is this expected behavior?

They appeared not to be set. Please cut a Getting Help Request with the values that you are trying to use and I'll look into it.

Fixed, I was dumb.

Looks like we need a help button alongside the new setting to help confused users: something like a 'What this?' tool tip, and also a 'how to use' guide.

That is on my list to add. I'm going to get someone to draft some good help text for me to put there. (If you happen to write it, I'll use it.)

Yyyyeah. I wanted to set my delegate and server, 'cept I'm not sure what to put? (I have an LJ account, so for delegate, is it just my LJ username, then for server it's www.livejournal.com, or what?)

Delegate: http://<username>.livejournal.com
Server: http://www.livejournal.com/openid/server.bml

There is text that says "If you don't know what these are for, ignore them." That's all anybody needs to know.

Hey. It works, for what it's worth. :-)

Hey. It works, for what it's worth. :-)

Cool, you're now the first (confirmed) user of it. I'm glad that you found a place to try it out.