--- Martin Spott wrote:
> I know, this discussion is barely coupled to ongoing development, but
> because I like to participate in creating admirable plans, I don't want
> to miss it :-))
Yup, there's nothing like designing something there is little chance you
will implement yourself ;).
> "Buchanan, Stuart" wrote:
>
> > 2) Account holders have a key generated based on their call-sign (*).
> This
> > is transmitted with the MP position data. The MP server uses it to
> > authenticate the user. MP server doesn't need to check against the
> LDAP
> > directory.
>
> I believe it is essential to verify a key against the directory because
> otherwise you won't be able neither to check if the key really belongs
> to the account holder nor to verify if it's still valid.
> I think the validity of a key has to be verified against the directory
> from time to time using a fixed interval.
I think you _can_ check the ownership of a callsign without checking
against the directory.
The trick is to use public/private key encryption. When a user creates an
account on the website they decide on a call-sign. The website checks the
uniqueness of the callsign against it's own directory/whatever. Assuming
it is unique, the callsign is then encrypted using the private key and the
ciphertext is retained by the user.
When the user joins a MP session, both the ciphertext and call-sign are
passed to the MP server. The MP server decrypts the ciphertext using the
public key and verifies that the cleartext matches the call-sign.
Where this falls down slightly is in verifying that a call-sign is still
valid. I'm not sure that is a requirement though. Do we want to be able to
recycle call-signs that haven't been used for a period of time (a year)?
To do so, we can simply remove the user from the directory, with means
theie callsign can then be recycled. However, the original user can still
join a MP session with their old callsign.
-Stuart
___________________________________________________________
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" The
Wall Street Journal
http://uk.docs.yahoo.com/nowyoucan.html
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Flightgear-devel mailing list
Flightgear-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flightgear-devel
