denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_biz2010-10-21 02:18 am

RFC: Multiple Account Model

So, one of the things we want to do -- and it's a project that has gotten some developer interest lately -- is make it so that you can associate/link accounts together, so (for instance) you can switch to commenting or posting as your alternate/secondary/fic/RP/whatever journal more easily than logging out and logging back in. We've done some work to spec the problem, but I figured it would be time to toss it out to you guys here and see what other things we've forgotten to think of and what use cases we don't know about yet!

More discussion on the problem can be found at Bug 76. Here are two of the documents that have been written to try to "spec out" the project. Please read them over if you have a chance, and give your feedback.

Draft spec, written by cesy

From one of the manage settings pages, have "manage secondary accounts"

On new manage secondary accounts page, have:
Create a new secondary account - standard flow, but is automatically already connected, and gets created with all the same settings as your primary account
Link an existing account to this one (requires password to the other account)
Unlink one of the secondary accounts from the primary account (has a large and obvious "Are you sure about that?" message)
An option to show/hide links between accounts - can display list of secondary accounts on primary profile, and link to primary profile on secondary profiles
An option to select which account is the primary journal - the primary journal will be default on things like the update page and when commenting

Other pages that will need updating:

Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Edit profile drop-down should list all secondary accounts, as should customize style, manage filters, edit userpics, etc.

Update.bml needs both "post to journal" drop-down (includes all comms and all accounts) and "post as" drop-down (which is disabled if the secondary account can't post to that comm, and defaults to match the journal selected). "Post as" doesn't display unless you have secondary journals.

All comment boxes would need a drop-down to choose who to work as. Ideally this would show normally, not require clicking the "Other"/"More options" button. This should also not display for people who don't have secondary journals.

On options/settings pages, at the bottom, instead of just "Save", have "Save for this journal" and "Save for all journals" (but only if the user has a secondary journal, otherwise leave it as just "Save".)

Other notes:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?

If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing.
The pop-up hover menus should behave as usual for the main account, and ignore secondary accounts.

Can secondary accounts have different email addresses?

Creating a secondary account should require an invite code?

Have a careful think about transferring a secondary account from one primary account to another.

Further considerations, written by tyggerjai

Goal: To streamline management of multiple journals and journal features for a single user account. Mostly involving addition of “Manage accounts” interface, but with implications for ban settings, reading pages, and access lists.

[A note on terminology: Part of the current issue is that there is a conflation of a “journal” with an “account”. An “account” represents a human being, but it has become obvious that many DW users want and have multiple journals. This entire project stems from the fact that accounts and journals, while historically identical, are de facto different things. Discussion of which things are “account” based (login, killfiles, subscription, access to someone else's journal) and which things are “journal” based (tags, entries, access to read one of my journals) are probably beyond scope for this bug (although see “Potential problems” at the end). I shall use the term “journal” in this document unless I wish to make a point about the distinction, because at the moment, journal is the paradigm we have to work with.]

Annabel has a Dreamwidth journal – dw_annabel – which she started when she first found Dreamwidth. It has mostly personal updates about her life, but she doesn't talk about her work. Mostly because her mother reads the dw_annabel journal, and rather than maintain access lists, or risk having her mother find out what she actually does for a living, Annabel maintains another journal for her work stories – work_annabel. Recently, Annabel has discovered the joy of writing speculative fiction, so she has started another journal, fic_annabel, for working on a novel. She's co-writing it with her friend Boris, so Boris also has the password for that journal. Annabel is growing increasingly weary of constantly logging in and out to post on various journals, and she would like the following:

1)When she is logged in as “dw_annabel”, which she considers her “primary” account, she'd like to be able to manage all her journals from the management interface. Everything she can do to dw_annabel (style, circle management, privacy management, etc), she wants to do from one central screen as dw_annabel. It'd even be nice if she could choose to apply to things like screenings to all her journals at once, although she'd need to be able to change settings per-journal as well.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

5)Recently, she had someone making unpleasant comments in fic_annabel, and has banned them. She'd like that ban to be applied across all her journals – fic_annabel, dw_annabel and work_annabel. Just in case. But she'd also like to be able to revoke that ban just on fic_annabel, in case it turns out she's banned Boris.

6)When she goes to make a post she definitely needs to be able to choose which journal to post to. When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work. She doesn't want to “log in” as fic_annabel – fic_annabel isn't a person, and she can do everything she needs to do to manage the fic_annabel journal as dw_annabel.

7)She can see a day, possibly soon, when she will grow weary of the fic_annabel story. She'd like to know that when the time comes, she can hand it off to Boris and untangle herself from it.

8)When she does that, she'll probably want to start another journal for her own fiction. She should be able to do that as dw_annabel, give it a new name, and start using it, without ever having to log in, log out, or otherwise manually tell the DW system that she owns it.

That's about all Annabel wants to do, really....

Skillsets: Everything and then some. This is backend, frontend, graphical, UX, business, scalability, and some things I haven't thought of yet.

[Another note on terminology. “Link” is somewhat overloaded here, since it can refer either to a managerial connection between to accounts, or a visible “a href=” on a profile page. I'll reserve “link” for the visible connection, and use “associate” for the higher level managerial connection.]

1)The project MUST provide a method of associating journals, with a single signon to edit and maintain them. Whether we call it “primary/secondary”, or “one account, many journals”, the heart of this project is the ability to log in as dw_annabel and modify fic_annabel and work_annabel. That has two components:

a) Migration of existing journals. It MUST be possible for a user with multiple journals to declare one of them a “primary” journal, and associate other existing journals with it.

b) Creation of future journals. It SHOULD be possible, once this project is implemented, to create journals with automatic association to an existing primary. (NB. This is a should because migration is a must, and if we have that, users can create and then migrate. Realistically, though, it's a “really should”.)

2)The project MUST provide a method for managing linked journals from a single central interface. This interface MUST replicate the current management functionality for each associated journal without requiring log out/log in for that journal account, if the user is logged in with their primary account credentials. This interface SHOULD provide the ability to apply changes to multiple journals at once, but if it does so, it MUST retain the ability to override settings on a per-journal basis.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access. However, if such an interface is present, it MUST be possible to filter that reading page on a per journal basis (i.e., if a user should be able to remove a given journals subscriptions from that central page). The project MUST maintain individual journal reading lists [that's more for backwards compatibility and privacy – I can currently go to work_annabel and see that reading list. It shouldn't suddenly show me dw_annabel's reading list.]

4)The project SHOULD allow a user to declare associations between journals as “Public” or “Private”. For “Public” associations, links SHOULD be shown on the profile pages of associated journals. Whether this is implemented or not, the project MUST NOT allow other users to see evidence of association between journals UNLESS the owner has explicitly declared the association public.

5)The project SHOULD allow a user to implement bans that apply to all associated journals. If implemented, this feature MUST allow a user to then rescind any given ban on any individual journal.

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal. [Note: These are only shoulds because we will almost certainly retain the account/journal conflation, and therefore in theory it's possible to log out and in again. I think the focus of this bug is really the management, and this posting interface is gravy, but it's important gravy]. If implemented, the commenting interface SHOULD restrict the choice to journal identities with commenting privileges, and MUST NOT allow journal identities to comment when they are not privileged to do so. That is, if journal annabels_friend has restricted commenting access, and allows comments only from dw_annabel, the interface MUST NOT allow annabel to comment as fic_annabel or work_annabel.

7)The project SHOULD implement a mechanism for removing an associated journal. Once removed, a journal will behave like any other non-associated journal.

8)The project MAY implement the ability to “sub-associate” journals with other users. That is, while ultimate control of the account rests with the creator, they can grant other users the ability to post to the journal, or post as the journal identity, change settings, etc, without giving the other user password access. The other user MUST NOT inherit access to posts that the journal identity has been granted. (i.e., Annabel gives Boris post and edit privs to fic_annabel. Boris's reading list still does not contain items from fic_annabel's subscriptions, nor can he see items to which fic_annabel has been granted. He can, however, post as fic_annabel ). See “Potential problems” :)

Potential Problems: Where do I start? On the bright side, I think most of our problems are social rather than technical.

1)Migrating accounts. I included the shared account with Boris for a reason. Let's say we're as restrictive as possible, and the following is required to migrate an account:

a) You must have access to both email addresses, to reply to “confirm” emails. You must know the password for both accounts.

Ok. But Boris has the password, and the email address for that account is a shared one. So even once Annabel has migrated, Boris can just remigrate it. This is a problem with the existing paradigm – because journals and accounts are the same, passwords are the only control mechanism. There's no way of knowing Annabel created the account. I think that for the moment we put this in the “too hard” basket, and say “Social problem, sort it out yourselves”. We lock it down so you can only migrate an account if you have both passwords, and can respond to emails sent to both accounts. There's really not much else we can do. ( as an aside, this is the classic example of why the “single account, multiple journals” is a better long-term paradigm, but this is almost a de facto implementation of that). After a journal has been migrated, do we have a complaints resolution process for Boris to say “Hey, she stole my journal”? I don't know that we need one – what's our current procedure for people sharing passwords and then one of them changing it to lock someone else out?

2)To be honest, everything else just looks like hard work. We really, really have to make sure that the commenting interface enforces identity restriction. If you have a locked post that tyggerjai can comment on, we DO NOT let tyggerdev comment on it, even though they're the same “person”. That's the ultimate UX nono, as far as I can see.

3)Oh. Sub-association. That's down the end as a “may” because although it's a huge, huge advantage that the “Association” paradigm has over the password paradigm, it's the biggest can of worms. It's almost a whole other specification on its own. But the main points, I think, are there. Give Boris edit/post access, but restrict privacy inheritance to the original owner. There's one massive thing preventing the implementation of subassociation, though, and that's what happens if Annabel then removes her association with fic_annabel. Does Boris then inherit the access as the new owner? Does dw_annabel keep the access, and if so, with which journal do we associate it? None of this is worse than our existing paradigm with passwords – in fact, it's a lot better, because if we do need to, we can suspend fic_annabel's access to everything, send emails out to people who have given fic_annabel access saying “This journal is changing owner! If you know the new owner and you're cool with it, click here to retain their access rights. If you don't know the new owner, click here to send an email to the old owner, so they can get in touch with you to arrange new access. Or, if this is freaking you out, click here to revoke the journal's access to your journal for good.”. But this is exactly the kind of thing that makes users nervous, and that we have to have a plan for. So at the moment, it's an itty bitty “may”, and if users want to hand a journal over to someone else, they can disassociate, give the new owner the email, and move on from there. But I think we may still need to handle the access notification in that case, simply because by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine! “

4)Actually, all of that, again, regardless of subassociation: by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine!”. Which, of course, we're not – journals will still have passwords, and other people may still know them. We could go all the way, and break the map between journals and accounts once and for all, so journals don't have passwords, but that's a much bigger project, I think.

5)Preselecting identities to comment as based on a post's access rules is going to suck. Just saying :)

Anyway. This section should probably be much longer, but I've left it as an Exercise For The Reader, since you know your community better than I do at the moment. I think the biggest problems are social – that associating journals with users sets up an interesting disconnect – if I give tyggerdev access because I've read it and I'm interested in the dev stuff, then if the owner of tyggerdev decides he's sick of coding, but gives the journal to someone else, I don't really care. I had no investment in the person. On the other hand, maybe I did – maybe I gave tyggerdev access to my journal because I know the owner. So then when he gives it away, I'm shattered! I don't know this person! What's going on!? Again, it's no worse than the existing password-sharing shenanigans in terms of actual security, only in terms of perception. And it's only a problem ever if we let people give journals away.

So! What thoughts does this inspire in you?
green_knight: (Kaffeeklatsch)

[personal profile] green_knight 2010-10-21 04:55 pm (UTC)(link)
I vote for the creation of

That way, the reading list of your account stays as before, but there is an additional feature associated with the primary account which allows you to read all of your reading lists in a separate place.

I think that journals with access for more than one person are dodgy - there's nothing at all to _prevent_ this happening on the user side, but I think users should be encouraged to form communities rather than 'personal journals' if they want to collaborate and associate more than one e-mail address with it. Personal journals should not be able to be migrated from one user to another, or else it should be clear to third parties that an account is a group account rather than a single person's journal.

ilyena_sylph: picture of Labyrinth!faerie with 'careful, i bite' as text (Default)

[personal profile] ilyena_sylph 2010-10-21 05:15 pm (UTC)(link)
Hi, I am not in any way DW staff, but I have thoughts on shared journals -- which I decided were way too personal for me to toss at strangers, and therefore went with just the one thought.

From a personal-journal point of view, I get why it seems dodgy.

But communities can't interact, which makes them worse than useless for RP purposes except as the setting.
Edited 2010-10-21 17:36 (UTC)
cathepsut: (Default)

[personal profile] cathepsut 2010-10-21 06:34 pm (UTC)(link)
I like the idea of a Multiple Account Model. I never bothered to have more than account over on LJ, because having to log out and in was just too much of a hassle. But if I could switch more easily, I would probably consider having more than one account and use them for different purposes.
branchandroot: oak against sky (Default)

[personal profile] branchandroot 2010-10-21 07:25 pm (UTC)(link)
I think conversation is already tending this way, but I wanted to toss it in explicitly: Requirement #6 is an absolute must for my (and I think a good wodge of other people's) use of this feature.

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal.

That's not a should, that's a must. Management of journals is a vital aspect, yes, but the posting of entries and comments as any owned journal-identity with appropriate access is equally vital. In the RP/fic-journal case, what use is the whole thing if I can't post my RP/fic entries and comments without doing the log-out-log-in dance?

Additional thoughts:

I second some of the concerns about making shared journals an official measure. On the other hand, that might permit more transparency. I would be inclined to require some kind of marker for those, such as a different icon (like comms have a different icon than personal journals) and some indication on the Profile page. Not necessarily the usernames of the multiple owners (though I think that should be an option on the Edit Profile page) but at least some automatically generated note about "This is a shared journal". That done, let individuals decide what degree of security-risk they feel a shared journal is and whether they want to give it access. I do think a shared journal should be debarred from being made a Primary journal, and that would address a lot of the security concerns about the flow of information.

I kind of like the idea of a /read/all page as part of the default nav links on any journal designated as Primary. That seems to split the difference between "too overwhelming, do not want" and "yes, please, want a lot" reasonably well. As long as the /read/all page can be filtered same as the /read page, which seems to be the general consensus already.

Definitely think that having any "reply to comment" link or form from the inbox or a notification email default to the journal-identity that the comment was sent to would be really good. It would be especially sweet if the regular comment reply form on an entry made by a secondary identity defaulted to replying-as that secondary identity. So, if I open up the page of an entry in my secondary_me journal in order to reply to a comment, the reply form should default to replying-as the secondary_me identity without my having to select that (as long as I'm logged in as Primary, of course).

You know what would also be really sweet? A sidebar module for "all my identities", visible only to the owner (or more, as the owner decides). Kind of the way the content of the Tags module changes based on which entries one has access to, an Identities module should follow the privacy setting chosen by the owner (private, public, access-list or whatever these settings shake down as). Goodness knows, I've often done this the roundabout way by putting links to multiple journals into my link list, but that means that everyone can see it. A module that followed privacy settings would be infinitely cooler.
wildefae: (inception - is this a dream?)

[personal profile] wildefae 2010-10-21 07:35 pm (UTC)(link)
Wow, this feature, if implemented well, would make me want to RP over here at Dreamwidth in a heartbeat. And it's useful for non-RPers as well, obviously, people with fic or art journals particularly.

...well, a heartbeat that involves me having a more regular work schedule than I do now, but that's something I'm working on anyway.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-24 10:55 am (UTC)(link)
Cool! Which particular parts of the feature appeal to you? Management? Ease of posting without logging in and out?

(no subject)

[personal profile] wildefae - 2010-10-24 18:04 (UTC) - Expand
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2010-10-21 08:22 pm (UTC)(link)
My brain's finally kicked into gear, and I might have a solution for some of the banning problems, both with this and with multiple OpenID/other authentication methods attached to an account.

The problem is, when you ban a journal, do you want to ban all its associations (sometimes you just don't want them to comment on your journal with that particular journal, but you've no quarrel with the account-holder) or not? What about new associations that have been added to the account? What happens if the account drops an association? What if an association becomes private? What if a previously-private association becomes viewable?

New ban types for users: in addition to the ban direct (which we already have), there would be the extended ban/ban by association.

The ban direct bans the journal that you're banning.
The extended ban would ban the journal that you're banning directly, and then also set any associated journals that you can see as "banned by association".

When you extended-ban an account, you ban whichever journal you're banning (not necessarily the primary journal, if you've, say, tangled with a sockpuppet) and the system checks for any associated journals that it can find.

Using the perspective of Annabel's worst-enemy-forever, it then lists, say:
dw_annabel Ban - Extended
fic_annabel (property of dw_annabel) Ban - Association [with dw_annabel]
trollface Ban - Extended
spammer Ban - Extended
sock_friend (property of friend) Ban - Direct

Say several months on down the line, Annabel finds out that her mother has independently found fic_annabel, and has read and enjoyed it (perhaps even by her mother recommending that she read it, which would be embarrassing) and has owned up to it actually being her journal. So she's associated work_annabel with dw_annabel because it's easier. (Also, somewhere in there, the trollface journal was publicly linked with its owner's main system of accounts.)

Now the ban list should read:
dw_annabel Ban - Extended
fic_annabel (property of dw_annabel) Ban - Association [with dw_annabel]
work_annabel (property of dw_annabel) Ban - Association [with dw_annabel]
trollface Ban - Extended
spammer Ban - Extended
spammer2 Ban - Extended
spammer3 Ban - Extended
niceguy (owner of trollface) Ban - Association [with trollface]
work_niceguy (property of niceguy) Ban - Association [with trollface]
sock_friend (property of friend) Ban - Direct

So Annabel hands fic_annabel over to Boris's control sometime later. Also, niceguy has cleaned up his work presence a bit.

dw_annabel Ban - Extended
fic_annabel (property of boris) Ban - Association [previously with dw_annabel]
work_annabel (property of dw_annabel) Ban - Association [with dw_annabel]
trollface Ban - Extended
spammer Ban - Extended
spammer2 Ban - Extended
spammer3 Ban - Extended
spammer4 Ban - Extended
spammer5 Ban - Extended
niceguy Ban - Association [previously with trollface]
work_niceguy (property of niceguy) Ban - Association [previously with trollface]
sock_friend (property of friend) Ban - Direct

It wouldn't tell you the current associations of anything that you don't have permission to see, but it would tell you the past associations of anything you have ever had permission to see, and it would helpfully ban-by-association anything new that crops up that you're unaware of, and cache that for you. If an account that you have a beef with hands off a journal of theirs to someone you have no beef with, that journal is still banned until you review and decide for yourself what's going on.

You should also be able to allow specific journals that you've banned by association to be unbanned, which sounds like the worst part to figure out the logistics of.

There should also be a subscription, free to anyone maybe? since this sounds expensive but also very socially important, to inform me when associations related to banned journals have changed, and another to inform me when associations related to access-granted journals have changed. That way if someone wants a push notification, they'll get it.

Also a subscription on any single journal, to inform me when this journal's associations have changed, in case one does not want one for the whole of one's access list.

(The "changed", of course, refers to anything that the subscribing journal has access to see.)

existence: pearl: secret of mana. (earnestness)

[personal profile] existence 2010-10-21 08:32 pm (UTC)(link)
There should also be a subscription, free to anyone maybe? since this sounds expensive but also very socially important, to inform me when associations related to banned journals have changed, and another to inform me when associations related to access-granted journals have changed. That way if someone wants a push notification, they'll get it.

Also a subscription on any single journal, to inform me when this journal's associations have changed, in case one does not want one for the whole of one's access list.

Yes. PLEASE. These would be very nice.
charamei: XKCD's map of online comunities - Dreamwidth Island (Dreamwidth Island!)

This is really a bug/suggestion all of its own

[personal profile] charamei 2010-10-21 08:44 pm (UTC)(link)
Would/could there be a possibility of migrating individual posts?

Example: I don't currently have a fic journal: I post everything to my main. But if I were to set one up, I would obviously want to migrate my fic back-catalogue to it.

I could copy/paste the contents of each fic into the new journal, one at a time, and then delete the old ones. But then I lose all the comments I had on them, and it's also very time-consuming.

I could post links to the fics, and only post new fic straight into the fic comm. But this leaves the fic split between two places, and besides, I might have a very pressing reason for suddenly wanting a separate fic journal, such as that my grandmother/boss/prudish cat has started reading my main and I write extremely kinky porn. Under those circumstances, leaving the old fic on my main account wouldn't be an option.

A shinier option that linked journals could allow is the ability to migrate posts between journals I control without losing any associated data (= comments): I could create my fic journal and then migrate all my posts, possibly by tag. In this instance, moving every post tagged 'fanfic' would be a good place to start, but there would also have to be a way to move individual posts and untagged ones. This would also be a lot quicker than copy/pasting whole entries.

Essentially I'm imagining this as a bit like using the importer, but internal to Dreamwidth.

It might be a bit early for this sort of suggestion, but I thought I'd throw it out there. Mostly before I forget it ;)
Edited 2010-10-21 20:47 (UTC)
noxie: friendly girl smiling (Default)

Re: This is really a bug/suggestion all of its own

[personal profile] noxie 2010-10-22 09:24 am (UTC)(link)
I would LOVE the ability to migrate posts between journals I control. I'd also be willing to pay a small fee for it.
aedifica: Silhouette of a girl sitting at a computer (Girl at computer)

[personal profile] aedifica 2010-10-21 08:45 pm (UTC)(link)
The only concern I thought of, you already got: We really, really have to make sure that the commenting interface enforces identity restriction. If you have a locked post that tyggerjai can comment on, we DO NOT let tyggerdev comment on it, even though they're the same “person”. That's the ultimate UX nono, as far as I can see.

I'm excited about the prospect of all this happening!
trobadora: (Default)

[personal profile] trobadora 2010-10-21 09:50 pm (UTC)(link)
This all looks great, and I think everything I'd want to say has been said, except: I'm really not fond of the idea of a merged reading list because it will make it way too easy to accidentally comment with the wrong journal. You mentioned making sure only a journal with access can comment on locked posts, but it's not as if it didn't matter which identity comments on a public post.

Actually, the more I think about it, even apart from that I'd much prefer just having an easy switch ("work as"), keeping reading lists and access completely separate so you can't (well, can't as easily) get confused about which identity you read something under. If I'm reading a locked post, I wouldn't want to get confused about which of my identities actually had access to it ...
sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)

[personal profile] sophie 2010-10-22 02:13 am (UTC)(link)
I'd suggest that on public posts, going to comment should auto-select the journal that linked the two; that would make sense.

However, that doesn't specify what should be done in the case of more than one journal linking the two...

(no subject)

[personal profile] trobadora - 2010-10-22 15:18 (UTC) - Expand
kyrielle: A photo of kyrielle, in profile, turned slightly toward the viewer (Default)

[personal profile] kyrielle 2010-10-23 08:47 pm (UTC)(link)
What sophie said, but also, IMO, the page should show you which identity or identities can view it (locked post) or has the account on their reading page (public post), if any. Figuring out where to put that that would both be useful and not clutter the page is a whole other question.

(I know. It can come across the middle as a marquee'd, blinking tooltip. *ducks and runs*)
trinity_clare: (Default)

[personal profile] trinity_clare 2010-10-21 10:55 pm (UTC)(link)
As a person who doesn't RP and doesn't need the quick-switch functions, all I can see is a big pile of privacy issues waiting to happen.

The main one is the idea of letting the 'account', rather than the 'journal', have access privs. This is a big no for me. I know too many people who run fic journals or newsletters (or anon comms, lordy) where multiple people share one password. The idea that by granting access to one of them, I grant access to everyone who has the password to any of their associated journals? Please tell me I'm reading that wrong, because it's unthinkable as it stands.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 11:12 pm (UTC)(link)
I think I can indeed tell you you're reading that wrong, but you're certainly not the only one:

I'll make a longer post tomorrow specifically about this security issue, to clarify my intent, so stay tuned.

(no subject)

[personal profile] trinity_clare - 2010-10-21 23:36 (UTC) - Expand

(no subject)

[personal profile] tyggerjai - 2010-10-21 23:49 (UTC) - Expand

(no subject)

[personal profile] sofiaviolet - 2010-10-22 00:26 (UTC) - Expand

(no subject)

[personal profile] trinity_clare - 2010-10-22 00:28 (UTC) - Expand

(no subject)

[personal profile] stormy - 2010-10-22 01:24 (UTC) - Expand

(no subject)

[personal profile] sofiaviolet - 2010-10-22 02:42 (UTC) - Expand

(no subject)

[personal profile] stormy - 2010-10-22 02:44 (UTC) - Expand

(no subject)

[personal profile] kyrielle - 2010-10-23 20:45 (UTC) - Expand
melannen: Commander Valentine of Alpha Squad Seven, a red-haired female Nick Fury in space, smoking contemplatively (Default)

[personal profile] melannen 2010-10-21 11:37 pm (UTC)(link)
Oooh, secondary accounts work is being done! SO exciting.

But put me down as another name who doesn't like the idea of combined reading lists/access lists/inbox (and I'm even a little iffy on combined icons.) Part of the point of making a secondary journal is to keep all of those things separate, and while I see the use cases where combining them all would be great, mark me up as a use case where combining them all makes the whole thing largely useless. I think the ideal for me would be linked journals where all that gets linked is a) drop-down for posting and comments; b) drop-down in the site scheme/nav bar/management page that lets me quickly switch which journal I'm working as; c) a way to decide on a journal-by-journal basis if I want them automatically linked back to the primary account. And nothing else.

Also, there's one thing I'd like that I don't think has been mentioned yet, which is the ability to set a secondary account as inactive. I have somewhat butterfly like attention patterns. So if, say, I want to start a new secondary account every year for NaNo, I could start the account in October, leave it active through NaNo season, and then set it inactive-but-still-linked later. "Inactive" would take it out of things like the dropdown in comment boxes, so that I don't have to scroll through ten years of previous NaNos in order to get to the account I'm still using, but still leave the accounts linked, and make it easy for me to do things like delete spam comments or change access privs for the inactive journals.

This could be very useful for RPGs, too, where an active mun might start accumulating dozens of old accounts for games that have ended or the character died, which you want to leave up and be able to manage but don't ever plan on posting as again.

(On LJ I currently have five accounts; three of them are for dead RPGs. Right now they sort of hang over me like albatrosses I have to occasionally swat spammers away from. Basically I want to be able to claim them on my main account, and then never think about them again.)
kyrielle: A photo of kyrielle, in profile, turned slightly toward the viewer (Default)

[personal profile] kyrielle 2010-10-23 08:43 pm (UTC)(link)
Active/inactive - LOVE!

I would like shared reading lists, as an OPTION or (better yet) an alternate page or filter, so that sometimes I can glance at the joined list and other times I can read just the list I'm looking for. Basically, another filter. I should have to actually want it to get it, but I like it as an option.

I'd love to be able to upload an icon and mark it as going to multiple accounts but, IMO, it should just create one instance of the icon for each account rather than trying to do complicated sharing - a change to the icon-upload interface but nothing else - and that's not a make-or-break (or even hugely useful) feature.
stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (♯ text ▹ i have plenty of lives)

[personal profile] stormy 2010-10-22 02:21 am (UTC)(link)
Originally, I had pushed for this feature because I was heavily into community roleplay and it would have been very handy to be able to simply switch among accounts without having to log out of [personal profile] stormy. I can't tell you how much that ability would be appreciated on my end. Of course, I never thought about all the other potential applications - effectively managing these other accounts, icons, circle, etc. from one central location. Now, I'm firmly of the thought that there's a big different between multiple/secondary accounts and shared accounts.

This suggestion applies to a single user with multiple journals.

The Mod Hat conversation (reference: this thread) is multiple users sharing control over a single community.

As far as multiple users sharing control over a single journal account, I don't recommend that, and mod-hat would really help to lesson those cases where something unexpected happens. There would have to be so much trust for me to share an account with someone. Even a shared journal on Livejournal would have had a separate email associated with the account and a password that was only used for that account, and it would never be secure. One party could always assume control and you could be locked out of it.

Now, back to the multiple account access for a single user. It sounds fabulous. What I do like:

✔ Drop down access to comment and post.
✔ Options to link/unlink usernames.
✔ Possible minor discounts for secondary names (but I wouldn't even need that).
✔ Requiring a code for secondary names.
Option to merge reading page, inbox on a journal-by-journal basis.
Option to show/hide linked accounts. I'd definitely lean towards hiding mine, but I could see a journal-by-journal basis for this as well. If these were an option to display on the profile, it would be auto-filled in depending on which journals you've chosen to show.
Option to place selected or all reading pages onto a single meta page that is separate from your normal reading page. I can't imagine the clutter to keep different sets of people organized on one page as it is, with clear identifiers to note who has access to what. What if a person is subscribed on two accounts - do their posts duplicate or not?
✔ Allow accounts to have different email addresses. Sometimes I use different email addresses to filter content in gmail, and it's just that much more helpful and secure for people to be able to use multiple email addresses. You could even list all user emails and what account they're linked to on
✔ Individual journal, account banning, and journal by journal banning.

? I would love the option to ban from my linked journals by IP address rather than username.

✘ I could see the contextual hover menu and navstrip going insane from this. How would these reflect accounts and access and if you were to hover and request to add someone to your circle, how would you easily select which account you wanted to add to?
✘ fic_annabelle should be a community. I'm just saying that is it much more secure to do it that way. If Boris and Annabelle were going to share a journal because they wanted to be able to edit the same posts, I don't think it should be linked at all to any primary account/user, and that's Annabelle's discretion to release a password to this particular journal to Boris. What happens to that journal wouldn't be something Dreamwidth could really help her on in the event she chose to leave it or Boris chose to run off with it. This is separate from multiple access for a single user. That's multiple users - something like a moderator account, like the mod hat suggestion (and that is an entirely different project with its own concerns).

I think that's my two cents for now. I lied, further thoughts follow. For example, say that I have a community called [community profile] wonderland, and I have a secondary account [personal profile] alice that moderates wonderland with a friend's account [personal profile] hatter. I could:

✔ Post to my normal journal.
✔ Select [personal profile] alice from my drop down, and post as [personal profile] alice.
✔ Select [personal profile] alice from my drop down, and post to [community profile] wonderland.
✔ Select [personal profile] alice from my drop down, and with mod hat post to [community profile] wonderland and have it display [personal profile] alice (moderator, with some sort of special username icon/text).
✔ Select [personal profile] alice from my drop down, and with mod hat on anonymous post to [community profile] wonderland and have it display [community profile] wonderland (moderator, with some sort of special username icon/text). Perhaps this (mod hat) post could even be editable by [personal profile] hatter.

Under old circumstances, [personal profile] hatter and [personal profile] alice would have had to have one account (usually something like [personal profile] wonderlandmods, but it could have been either account too) where they were sharing a password to make a unified post. Something that wasn't 100% secure for either person. And in order to post to these communities I, [personal profile] stormy, would have had to log out of my journal completely, log in, and choose where to post.

Multiple accounts saves so much time, and I really hope that a developer will able to put work into the Mod Hat suggestion, because the two combined are unbelievably helpful!

NOTE: I do not own the actual journals [personal profile] alice, [personal profile] hatter, or [community profile] wonderland. They were just a snazzy example!
Edited (Further thoughts!) 2010-10-22 02:40 (UTC)

(no subject)

[personal profile] stormy - 2010-10-22 03:07 (UTC) - Expand

(no subject)

[personal profile] stormy - 2010-10-22 03:15 (UTC) - Expand

(no subject)

[personal profile] stormy - 2010-10-22 03:20 (UTC) - Expand

(no subject)

[personal profile] alixtii - 2010-10-22 12:39 (UTC) - Expand

(no subject)

[personal profile] stormy - 2010-10-22 13:39 (UTC) - Expand

(no subject)

[personal profile] alixtii - 2010-10-22 14:11 (UTC) - Expand

(no subject)

[personal profile] tyggerjai - 2010-10-24 11:04 (UTC) - Expand

(no subject)

[personal profile] kyrielle - 2010-10-23 20:40 (UTC) - Expand
valentinite: Amber-on-black text saying "with what, your bare hands?" (with your bare hands?)

[personal profile] valentinite 2010-10-23 03:26 am (UTC)(link)
Why not solve the community_mods issue by creating another kind of account? One that's specifically shared, has a different userhead (like three little people together?) and is set up to properly manage privacy issues. No non-multiuser accounts can be shared (except via password sharing workarounds, which will ALWAYS be possible).

Personally, a shared reading page would only be useful if I could pick some subset of the journals. (Which right now would be all of my DW journals as I only RP on LJ right now, but I'm imagining if those games were here.) I don't need to see eleventy billion RP posts on my reading page.
archangelbeth: An anthropomorphic feline face, with feathered wing ears, and glasses, in shades of gray. (Default)

[personal profile] archangelbeth 2010-10-23 03:47 am (UTC)(link)
First thoughts: OMG COOL IDEAL WANT! O:>

Second thoughts: You are on the ball for the various complexities, and it does look like hard work. But... it would be so useful!

Can secondary accounts have different email addresses? I am of two minds. I would suggest that the answer is... They need to share one email address, which does not have to be made public, and they may have a second "public" email address.

E.g., if Archangel Beth *cough* has her personal journal, and suddenly becomes a best seller author using the name of Beth McCloud. She wants to keep her personal journal personal, so she can rant, but wants to have a more public face to talk to her fans. If her email is for each one, this... might be kind of easy to discover. If she also has, she could make that one the visible email for Beth_McCloud.dreamwidtch, and leave the Bethipoo address public for her Archangel Beth journal.

Sharing one email address (even if it's not visible on a secondary journal) seems like it would be a useful way to identify the account-holder.

Creating a secondary account should require an invite code?

I don't mind this; it hopefully provides and extremely tiny hurdle to creating a million-zillion secondary accounts, which might result in inadvertent (or advertent) name-squatting.
red_eft: Dana Scully looking at a computer (Default)

[personal profile] red_eft 2010-10-23 05:06 am (UTC)(link)
Don't have time to write out detailed thoughts, but- it seems like a lot of people have said they wouldn't use the combined reading page, so I wanted to put in a comment to say that I would *love* that feature (although obviously security concerns come first) and that I hope you don't leave it out of the final feature entirely!
kyrielle: A photo of kyrielle, in profile, turned slightly toward the viewer (Default)

[personal profile] kyrielle 2010-10-23 08:23 pm (UTC)(link)
I would also! It would be a bonus if the combined reading page was accessed via a special URL (so it's still easy to get to the per-journal pages. What would be really nice would be if it showed the journal(s) that see each post so you know what you're dealing with when you look at it, also.
kyrielle: A photo of kyrielle, in profile, turned slightly toward the viewer (Default)

[personal profile] kyrielle 2010-10-23 08:22 pm (UTC)(link)
With respect, fic_annabel sounds like a community. I don't think having one user-journal be owned or partially owned by two accounts is desirable or necessary, especially if it complicates things. (No worries, the rest of my comment goes on to complicate things.)

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal. [Note: These are only shoulds because we will almost certainly retain the account/journal conflation, and therefore in theory it's possible to log out and in again. I think the focus of this bug is really the management, and this posting interface is gravy, but it's important gravy]. If implemented, the commenting interface SHOULD restrict the choice to journal identities with commenting privileges, and MUST NOT allow journal identities to comment when they are not privileged to do so.

This is pretty major. Having to log out and back in to post/comment from the appropriate journal is, IMO, a Big Deal. I post and comment a LOT MORE than I manage settings - I'd rather have to log out and back in to manage settings and have posting/comments handled than vice versa.

Also, there's another scenario I don't see covered here: Annabel agrees to let her 14-year-old son have a journal, but only if she can monitor it. (Yes, he CAN create one without her monitoring it, but that will cost him his computer access for any purpose but homework, so he chooses to follow her rules and let her monitor.)

She wants to make dw_anna_son into a journal that can operate while logged in as itself, and when logged in as itself has no access to any of her associated journals, but which is still associated with dw_annabel and dw_annabel can view and possibly edit/delete posts and comments if she feels it's really necessary. (Maybe that would work for the fic situation, too. Maybe.)

Edited to add: Also, Annabel has a blog she maintains about sewing on another blogging platform. She wants to syndicate it on Dreamwidth, and manage that syndication. It'd be nice if she could - syndicate it, then tell Dreamwidth she's claiming the feed. Dreamwidth responds with a challenge phrase/word/passkey, which she posts to the sewing blog (making sure it appears in the feed for that entry), and when Dreamwidth sees that appear in the blog, it completes the association. She can now update the profile and even, if needed, change the feed url if she moves her blog.

Also, claiming open id accounts is presumably part of this? It should be possible to transition them and say "appear as" the main account. For example, I'd like everything from open id account to simply link to my account here. Including on future imports....
Edited (Feeds, open ids, and complications. ) 2010-10-23 20:27 (UTC)

(no subject)

[personal profile] kyrielle - 2010-10-24 01:13 (UTC) - Expand
blaze2242: (Default)

[personal profile] blaze2242 2010-10-23 10:48 pm (UTC)(link)
Just thought I'd chime in that I think this is an awesome idea, and I agree with above commenters that being able to access the icons of the secondary journal would be key.
bnewman: (explorer)

[personal profile] bnewman 2010-10-27 12:46 pm (UTC)(link)
As has been mentioned, it's impossible to prevent people from sharing an account simply by sharing all the credentials. However, we don't want to encourage this.

I think a better security model for shared journals would be to have an explicit shared journal type, which is publicly identified with the set of individual journals that share it — however, those individual journals could themselves be secondary journals whose association with a primary journal is private. It would be understood that granting access to a shared journal means granting access to all its contributors, and users might be warned if they are about to do this.

Page 2 of 2

<< [1] [2] >>