Are the 3.5e Dragonlance books third party or official works?

When 3rd edition rolled around, Wizards of the Coast handed the maintenance of the Dragonlance setting to Sovereign Press, the printing company owned by Dragonlance co-founder Margaret Weis. They released several Dragonlance books all the way until the end of their licence, not too long before 4th Edition came rolling around.

But I’m curious if this means that those Dragonlance books are canon. I rarely see them being referenced by guides and people talking about character builds in general, and even then in only a select few cases. which lead me to suspect that the books are not “official” works like the regular, the Forgotten Realms and the Eberron books are.

Is this true? Are they third party works because they’re printed by Sovereign Press rather than Wizards of the Coast? Or are they still official because Sovereign Press was licensed to print them, and they are an established setting and bear the WotC seal of approval?

Can the third benefit of the Mobile feat prevent multiple creatures you attack in a single turn from making opportunity attacks against you that turn?

I am playing a monk. I wanted to use the Mobile feat, specifically the third option that prevents opportunity attacks, to do the following:

  1. hit creature 1 with my attack, then move away from creature 1
  2. then use Flurry of Blows on creature 2, then move away
  3. then make an unarmed strike on creature 3

…all without provoking opportunity attacks from any of them, thanks to the Mobile feat.

However, I was told that I can not do that because it only works for one creature and only my action is a "melee attack" or some such reason.

Is my interpretation right according to "rules as written", or am I misunderstanding how it works? It seems quite vague.

How could I make the results of a yes/no vote inaccessible unless it’s unanimous in the affirmative, without a trusted third party?

A family of N people (where N >= 3) are members of a cult. A suggestion is floated anonymously among them to leave the cult. If, in fact, every single person secretly harbors the desire to leave, it would be best if the family knew about that so that they could be open with each other and plan their exit. However, if this isn’t the case, then the family would not want to know the actual results, in order to prevent infighting and witch hunting.

Therefore, is there some scheme by which, if everyone in the family votes yes, the family knows, but all other results (all no, any combination of yes and no) are indistinguishable from each other for all family members?

Some notes:

  • N does have to be at least 3 – N=1 is trivial, and N=2 is impossible, since a yes voter can know the other person’s vote depending on the result.
  • The anonymous suggestor is not important – it could well be someone outside the family, such as a someone distributing propoganda.
  • It is important that all no is indistinguishable from mixed yes and no – we do not want the family to discover that there is some kind of schism. However, if that result is impossible, I’m OK with a result where any unanimous result is discoverable, but any mixed vote is indistinguishable.

Some things I’ve already tried:

  • Of course, this can be done with a trusted third party – they all tell one person their votes, and the third party announces whether all the votes are yes. However, this isn’t quite satisfying of an answer to me, since the third party could get compromised by a zealous no voter (or other cult member) to figure out who the yes votes are. Plus, this person knows the votes, and may, in a mixed vote situation, meet with the yes voters in private to help them escape, which the no voters won’t take kindly to.
  • One can use a second third party to anonymize the votes – one party (which could really just be a shaken hat) collects the votes and sends them anonymized to the second party, who reads them and announces the result. This is the best solution I could think of, however I still think I want to do better than this – after all, in a live-in settlement cult, there probably isn’t any trustworthy third party you could find. I’d like to find a solution that uses a third party that isn’t necessarily trusted.
  • However, I do recognize that you need at least something to hold secret information, because if you’re working with an entirely public ledger, then participants could make secret copies of the information and simulate what effect their votes would have, before submitting their actual vote. In particular, if all participants vote yes but the last one has yet to vote, they can simulate a yes vote and find out that everyone else has voted yes, but then themselves vote no – they are now alone in knowing everyone else’s yes votes, which is power that you would not want the remaining no voter to have.

Are there any non-epic methods of time travel (years/decades/centuries) in third edition?

Are there any non-epic methods of time travel (years/decades/centuries, not smaller than a year) in third edition?

I’m not looking at short duration tricks, nor am I looking for anything that is a one-way trip. Please exclude theoretical optimization tricks.

I am looking for a way to travel a large temporal distance, and back again, preferably affecting the destination in question. Forwards or backwards in time is fine.

Security pattern for third party uploads to Azure blob container

Scenario:

  • Vendor 1 needs to upload data to an Azure blob storage container owned by Vendor 2
  • Vendor 1 is issued a limited duration SAS token each day to use
  • Azure does no scanning of incoming blobs (therefore content is untrusted when it lands)
    • Microsoft recommends pre-scanning all files before uploading

Questions:

  • What is a repeatable pattern for Vendor 2 to secure this type of content unpload against malware threats?

Can the reaction attack from the third benefit of the Sentinel feat interrupt the triggering attack by the enemy?

The third benefit of the Sentinel feat (PHB, p. 169-170) allows a melee attack when an enemy within 5 feet of you makes an attack against a target other than you (that doesn’t have the feat).

If you kill this enemy with your attack, does their triggering attack still go through?

Same question if say you knock him back or prone, etc.

Can the reaction attack from the third benefit of the Sentinel feat be triggered by a shove or grapple?

The third benefit of the Sentinel feat says (PHB, p. 169-170; emphasis mine):

  • When a creature within 5 feet of you makes an attack against a target other than you (and that target doesn’t have this feat), you can use your reaction to make a melee weapon attack against the attacking creature.

Do shoves and grapples meet the requirement of a creature “making an attack” (since they’re described in the rules as “special melee attacks”)?

If so, does the shove or grapple attempt need to be successful in order to trigger the reaction attack from the Sentinel feat?

I suspect that the answer to the first part of my question is yes, given this similar question about the third benefit of the Mobile feat, but I’m less sure about the second part of my question.

(I know that the reaction attack from Sentinel would only occur after the triggering attack by the enemy is resolved.)

Is it safe to use third party OIDC ID Token as our APIs bearer token?

Practically, we are outsourcing the authentication of our users to a third party application, that’s, needless to say, external to our system. I am not sure if this is actually advisable, but from our perspective, since we don’t really want to maintain security credentials ourselves, we thought that it makes sense to leave that to the hands of a more capable party. For now we intend to use them mainly as identity provider, because we find their authorisation support hard to use. To be clear, at the moment, we do not require any access to any other resources at the side of the identity provider beyond the user profile; the authorisation I’m referring to is for our own system. Because of this, acquiring an ID token from the trusted identity provider seems to be good enough for our purposes.

We intend to internally keep track of references to the user id provided through the id token (e.g. the JWT sub claim) for the purpose of attaching our own authorisation details to them. I’m thinking that since this is the case, because the ID token provides us enough information to be able to pull authorisation details about the user, we don’t really need anything else. I’m not sure however, if this is a sound approach or there’s a security risk in this kind of flow.

In this setup, for our own API we’d have to use the external IdP for authentication, but we’d probably need to be issuing the access tokens ourselves to our clients.