Editing Master-ChildAccountSystem

Jump to: navigation, search

Warning: The database has been locked for maintenance, so you will not be able to save your edits right now. You may wish to copy and paste your text into a text file and save it for later.

The administrator who locked it offered this explanation: Server migration

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Concept==
 
==Concept==
In order to support children the current authentication system will be converted into what will be known as "master accounts". These master accounts will only be given out to users who are 13 years of age or older and will store personally identifiable information such as an e-mail address. Users who sign up for an master account must agree to the site terms and be 13 or older. Any user who has a master account and is found to be under the age of 13 will have the account deleted and all saved data flushed from the system.
+
In order to support children that current authentication system will be converted into what will be known as "master accounts". These master accounts will only be given out to users who are 13 years of age or older and will store personally identifiable information such as an e-mail address. Users who sign up for an master account must agree to the site terms and be 13 or older. Any user who has a master account and is found to be under the age of 13 will have the account delete and all saved data flushed from the system.
  
Master accounts will have the option of creating a limited number of "child" accounts that are linked to the master account. These child accounts will NOT store any identifying information and will only contain a callsign and a randomly generated password. A parent can then allow his/her children to use these accounts for play. A user who creates a child account will agree to a separate set of site terms that will grant the server the rights to store the call-sign and randomly generated password.
+
Master accounts will be have the option of creating a fixed number of "child" accounts that are linked to the master account. These child accounts will NOT store any identifying information and will only contain a callsign and a randomly generated password. A parent can then allow his/her children to use these accounts for play. A user who creates a child account will agree to a separate set of site terms that will grant the server the rights to store the call-sign and randomly generated password.
  
 
Since a parent is required to create the child account and no personal information for the child is stored, this will limit the liability for the project under COPPA.
 
Since a parent is required to create the child account and no personal information for the child is stored, this will limit the liability for the project under COPPA.
Line 28: Line 28:
 
==Implementation==
 
==Implementation==
 
===General Plan===
 
===General Plan===
The initial implementation can be built upon the current authentication system. Child accounts would be stored in a separate database or table and tied to the BZID of the master account. Child accounts would be given a BZID in a specific range so they would not collide with the normal BZID system (use negative numbers, or a prefix? What about when they turn 13?). A website would be made to allow users who authenticate with Weblogin to create and manage child accounts. The list server would be modified to check the child user list if the callsign was not found in the master password database.
+
The initial implementation can be built upon the current authentication system. Child accounts would be stored in a separate database or table and tied to the BZID of the master account. Child accounts would be given a BZID in a specific range so they would not collide with the normal BZID system (use negative numbers, or a prefix?). A website would be made to allow users who authenticate with Weblogin to create and manage child accounts. The list server would be modified to check the child user list if the callsign was not found in the master password database.
  
 
When this is complete the current COPPA group on BZBB would be mass emailed and asked to provide proof that they are over 13 years of age. Those users who provide proof would be removed from the COPPA group and made normal users. The users who were left would all be notified that they now need to have a parent create a child account for them and the current accounts will be deleted. This will let us purge the COPPA group of users who are no longer too young.
 
When this is complete the current COPPA group on BZBB would be mass emailed and asked to provide proof that they are over 13 years of age. Those users who provide proof would be removed from the COPPA group and made normal users. The users who were left would all be notified that they now need to have a parent create a child account for them and the current accounts will be deleted. This will let us purge the COPPA group of users who are no longer too young.
Line 61: Line 61:
 
'''Child account page.'''
 
'''Child account page.'''
  
This page will list the child accounts that the master currently has. Here they can add/remove and edit the child accounts. On creation the user will be asked for the child account name, and a randomly generated password will be shown in the password field after the account is created. Normally the password field will be blank and will only be used if/when the user wishes to set the password manually or use the Random button to generate a new random password. The system will NOT store the password, only a hash to it.
+
This page will list the child accounts that the master currently has. Here they can add/remove and edit the child accounts. On creation the user will be asked for the child account name, and a randomly generated password will be show in the password field after the account is created. Normally the password field will be blank and will only be used if/when the user wishes to set the password manually or use the Random button to generate a new random password. The system will NOT store the password, only a hash to it.
  
 
[[image:Users_BZFlag_Org_ChildAccounts_Mockup.png|450px]]
 
[[image:Users_BZFlag_Org_ChildAccounts_Mockup.png|450px]]

Please note that all contributions to BZFlagWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see BZFlagWiki:Copyrights for details). Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel | Editing help (opens in new window)

Template used on this page: