Problem

I want a way to allow players to be securely tracked through different games using different names. This could be used to assist a player in building a reputation without concern of imposters.

Solution

Build a system that allows a user to visit a website to create a profile. Upon completion, the site sends the player a small application, containing a personal "key". When the player joins a game, they can run their application, feeding it:

The server name
The server port
The game letter
The player's name
to generate an identification token the user broadcasts by making a game announcement.

The other part to this solution involves a bot that, every hour, connects to a game and retrieves game information including messages. The bot provides collected information back to the original website. Someone can then view the profile of a player and browse any games that player has participated in.

Since only the player has the application that generates an identification token and is the only one that can make a game announcement for themself, the system cannot be spoofed.

Not Covered

A player would still be able to create any number of profiles, as well I think they should be. This system only secures the tracking of a created profile and doesn't try to track players themselves.

Technical Details

The backbone of the security lies in an RSA-generated asymmetric key pair. The server retains the public key, while the private key is included in the authentication token-generating application provided to the player. The game information collected by the application is concatinated into a string, which is encrypted with the player's private key to produce the authentication token. The token can only, then, be unencrypted with the public key, allowing the server to extract and verify its contents.

Another important goal of this proposal is providing profile information (including public keys) and bot-collected game data to any other application that wants to use it. The profile information could be exposed via LDAP or URL (encoded in XML), and the game data can be provided via URL in XML.

Existing Technologies

I've already developed a bot, kokua-bot ( http://www.twdata.org/kokua-bot ), that extracts game information, including game messages, from TWGS servers and stores the result in XML. The registration and tracking web application would be pretty straight forward as I've already developed similiar solutions in my day job, including the use of the asymmetric algorithms.

Feedback

Any feedback is welcome. Do you think it would be valuable? Would it be too hard to use? Do you see a better way to solve the problem? Is it a problem?

Personally, if I want to know if a person playing a game is really who they're playing as, I ICQ or email the person and ask "hey, is that really you in game A over at such and such server?" Really, it's pretty much been a non-issue as long as I've played, as far as I've been able to tell. If someone else feels differently, however, by all means, speak up

Same here [:)] I've always done that.

[mostly a response I also gave on the twgs mailing list]

Let me provide some background. Back in college, I used to play Unreal Tournament a lot. I grew decently skilled playing anonymously in pickup games that lasted usually about 15 minutes. It was pretty fun, but not particularly rewarding. Then I discovered zone stats. With this, I could visit a website and see all my activity over time, with obviously a wealth of statistics. Now when I won a match, it upped my stats which was fun to watch. (or vice-versa )

Trade Wars 2002 I find is a really fun game, however it lacks in visibility and rewards. Visibility in that it is basically impossible to be a spectator or get visibility for your game without it being a major tournament (and I've been around enough to see how those go). Second, if you spend weeks or months (for us newbs) on a game and win it, the sysop bangs it in a day and all that hard work is gone and forgotten.

The goal wouldn't be to design a system to rate players or really to make sure bob is really bob, but to provide a level of depth to the game that spans individual games. The emphasis on security is more a lesson learned watching how quickly the tw community can get up into arms about possible cheating (and perhaps rightly so).

Thanks again for your feedback,

Don

I like the idea. In the end, I think it's something you are going to have to run with hoping the idea will be adopted in the long term. There are plenty of instances where a new feature goes ignored by most, but eventually becomes the status quo.

I agree about visibility and reward, and it's good to see that you're offering a solution, perhaps one that will be built on in ways none of us yet see. Various players have their own preferred game types: solo, low turns, unlimited, blue oriented, etc. I think it would be very interesting to track edits along with player stats to see who excels in the various game types.

So my advice... run with it. It seems like something you can implement single-handedly. Make the Announcement intuitive, and an advertisement at the same time. Just make sure that the other players in the game can't identify a player's psuedonyms from their broadcast.

+EP+

Now you put it that way, I see the benefits of this idea. I say go for it now, since it not only relies on if that player is the same player that played in my last game etc, but it's a way to keep track of your progression, of your successes and defeats, compare them to other people...and what ElderProphet said too.

So keep up the good work [:)]

I think it's good idea, and a timesaver if you want to find out quickly.