The main goal of the Master/Child account system is twofold;
- To limit or remove the liability of project services under the COPPA laws 
- To provide additional features for parents to use when managing a child's time online.
In order to support children that current authentication system will be converted into what will be known as "master accounts". These master accounts will only be given out to users who are 13 years of age or older and will store personally identifiable information such as an e-mail address. Users who sign up for an master account must agree to the site terms and be 13 or older. Any user who has a master account and is found to be under the age of 13 will have the account delete and all saved data flushed from the system.
Master accounts will be have the option of creating a fixed number of "child" accounts that are linked to the master account. These child accounts will NOT store any identifying information and will only contain a callsign and a randomly generated password. A parent can then allow his/her children to use these accounts for play. A user who creates a child account will agree to a separate set of site terms that will grant the server the rights to store the call-sign and randomly generated password.
Since a parent is required to create the child account and no personal information for the child is stored, this will limit the liability for the project under COPPA.
Since the child accounts will be linked to a master account we can add a number of parental control features based on the child account, including
- Listing the servers and log-in times or linked accounts
- Limiting what servers the child accounts are shown in the list server based on parent defined filters
- Preventing child accounts from authenticating on forbidden servers based on parent defined filters.
- Preventing authentication based on parent defined time-frames.
- Allowing the master account to reset the child password to a new random password, or revoking access to the account.
Players that wish to play under multiple callsigns could also create child accounts to use. This would prevent the large number of account renames that happen and limit the number of times an account gets "stolen" during a name change.
The initial implementation can be built upon the current authentication system. Child accounts would be stored in a separate database or table and tied to the BZID of the master account. Child accounts would be given a BZID in a specific range so they would not collide with the normal BZID system (use negative numbers, or a prefix?). A website would be made to allow users who authenticate with Weblogin to create and manage child accounts. The list server would be modified to check the child user list if the callsign was not found in the master password database.
When this is complete the current COPPA group on BZBB would be mass emailed and asked to provide proof that they are over 13 years of age. Those users who provide proof would be removed from the COPPA group and made normal users. The users who were left would all be notified that they now need to have a parent create a child account for them and the current accounts will be deleted. This will let us purge the COPPA group of users who are no longer too young.
When the COPPA group is purged the forum system will be changed to disallow users under 13 from registering new accounts and direct them to the child account system.
- Child accounts should never be able to set a password, they must always use the password set by the master account. This password will be defaulted to a randomly generated password for enhanced security against weak passwords.
- A separate table would need to store a record that stored the data from every master user that created a child account. This includes the Child account name, date, IP address used, and a flag indicting that the user checked the "I agree" checkbox on the new child account form. This table is the proof that the user is agreeing to let us store the data for the child.
- The current PHPBB system will need to be modified to check the child account list when creating new accounts to know what names are invalid.
- Child accounts should not be allowed to login to webauth and only be allowed to authenticate in game by default. The master account can enable web logins if it desires.
- Child accounts should be added to a special "group" on the list server to identify them as child accounts. This will let servers know if the account is a child and they can set permissions appropriately.
- A method should exist for converting a child account to a master account with the master account's permission. This can be used when a child turns 13 and is capable of maintaining their own account. The master account would be asked to agree to a set of terms that state that the new user is of age.
The GUI should be done in a manner that can be extended into a full user manager.
Main log-in page.
This page should look as similar as possible to the current weblogin system to show consistency and trust. Eventually the same log-in page should be used for both systems.
Child account page.
This page will list the child accounts that the master currently has. Here they can add/remove and edit the child accounts. On creation the user will be asked for the child account name, and a randomly generated password will be show in the password field after the account is created. Normally the password field will be blank and will only be used if/when the user wishes to set the password manually or use the Random button to generate a new random password. The system will NOT store the password, only a hash to it.