--- Martin Spott wrote: > I know, this discussion is barely coupled to ongoing development, but > because I like to participate in creating admirable plans, I don't want > to miss it :-))
Yup, there's nothing like designing something there is little chance you will implement yourself ;). > "Buchanan, Stuart" wrote: > > > 2) Account holders have a key generated based on their call-sign (*). > This > > is transmitted with the MP position data. The MP server uses it to > > authenticate the user. MP server doesn't need to check against the > LDAP > > directory. > > I believe it is essential to verify a key against the directory because > otherwise you won't be able neither to check if the key really belongs > to the account holder nor to verify if it's still valid. > I think the validity of a key has to be verified against the directory > from time to time using a fixed interval. I think you _can_ check the ownership of a callsign without checking against the directory. The trick is to use public/private key encryption. When a user creates an account on the website they decide on a call-sign. The website checks the uniqueness of the callsign against it's own directory/whatever. Assuming it is unique, the callsign is then encrypted using the private key and the ciphertext is retained by the user. When the user joins a MP session, both the ciphertext and call-sign are passed to the MP server. The MP server decrypts the ciphertext using the public key and verifies that the cleartext matches the call-sign. Where this falls down slightly is in verifying that a call-sign is still valid. I'm not sure that is a requirement though. Do we want to be able to recycle call-signs that haven't been used for a period of time (a year)? To do so, we can simply remove the user from the directory, with means theie callsign can then be recycled. However, the original user can still join a MP session with their old callsign. -Stuart ___________________________________________________________ Try the all-new Yahoo! Mail. "The New Version is radically easier to use" The Wall Street Journal http://uk.docs.yahoo.com/nowyoucan.html ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel