Last time, I wrote about some of the issues around identity management in software. Really I only scratched the surface. Knowing who someone is on the Internet is tricky business. Even if you get everything right as a service provider, you still only know how the other side, a.k.a. the users, are presenting themselves.
That “other side” might be a person, or a “bot” (i.e., a program designed to simulate a person). That “person” might represent herself, or her team, or her entire organization if she is the head of Marketing or a company owner. Even if the other side is you, gentle reader, do I really know who you are from your username and a smattering of profile data? Of course not, and you wouldn’t want me to. That would be either creepy or contrived.
All we need to establish is that you are who you say you are, and that no one else can pretend to be you, or at least this Internet version of you. With that confidence, we can grant privileges and attribute ownership in our games. For instance, say you enjoy StoryTime and want to try your hand at crafting an adventure world of your own. At that moment, StoryTime needs to know who you are so that you can be an author. That is, the stories you create are yours and can only be modified by you, or by others who you know and allow to help you.
I know, you have been around this block before, and you already knew this. So why am I wasting your time? Allow me to explain.
As I mentioned before, I am working on adding authentication to StoryTime. So far, I have gotten login to work with two providers, Google and Facebook. Since I am using standard protocols, many others identity providers could be added. Just adding these two and setting up a database to hold user accounts has been a lot to digest. Plenty for the past 7 or 8 days.
I still have some work left to create and update user records based on social profiles. This is the shared information that you put into your accounts with Google and Facebook and that you allow StoryTime to look at when you log in. For now, StoryTime will only bother with a few bits of this information:
- your name, so that we know what to call you,
- your email address, for communication about StoryTime,
- your social ID, the unique number that the identity provider assigned you, and
- a token, which allows StoryTime to access your information securely for a limited period of time.
In addition, StoryTime assigns its own unique IDs to users. Using this new ID, StoryTime remembers user preferences, attributes a story to its author, and tracks user activities. Since you have an unique ID within StoryTime, you could even change your name, and StoryTime will still know that it’s you. Or at least who you say you are.
My target is to release the next version of StoryTime, including authentication and account management, on January 25th. That’s 14 days from now, only 8 working days, with about 4 good coding hours per work day. Let’s see if I can finish in 32 hours over the next two weeks.