denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_biz2010-10-21 02:18 am

RFC: Multiple Account Model

So, one of the things we want to do -- and it's a project that has gotten some developer interest lately -- is make it so that you can associate/link accounts together, so (for instance) you can switch to commenting or posting as your alternate/secondary/fic/RP/whatever journal more easily than logging out and logging back in. We've done some work to spec the problem, but I figured it would be time to toss it out to you guys here and see what other things we've forgotten to think of and what use cases we don't know about yet!

More discussion on the problem can be found at Bug 76. Here are two of the documents that have been written to try to "spec out" the project. Please read them over if you have a chance, and give your feedback.



Draft spec, written by cesy

From one of the manage settings pages, have "manage secondary accounts"

On new manage secondary accounts page, have:
Create a new secondary account - standard flow, but is automatically already connected, and gets created with all the same settings as your primary account
Link an existing account to this one (requires password to the other account)
Unlink one of the secondary accounts from the primary account (has a large and obvious "Are you sure about that?" message)
An option to show/hide links between accounts - can display list of secondary accounts on primary profile, and link to primary profile on secondary profiles
An option to select which account is the primary journal - the primary journal will be default on things like the update page and when commenting

Other pages that will need updating:

Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Edit profile drop-down should list all secondary accounts, as should customize style, manage filters, edit userpics, etc.

Update.bml needs both "post to journal" drop-down (includes all comms and all accounts) and "post as" drop-down (which is disabled if the secondary account can't post to that comm, and defaults to match the journal selected). "Post as" doesn't display unless you have secondary journals.

All comment boxes would need a drop-down to choose who to work as. Ideally this would show normally, not require clicking the "Other"/"More options" button. This should also not display for people who don't have secondary journals.

On options/settings pages, at the bottom, instead of just "Save", have "Save for this journal" and "Save for all journals" (but only if the user has a secondary journal, otherwise leave it as just "Save".)

Other notes:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?

If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing.
The pop-up hover menus should behave as usual for the main account, and ignore secondary accounts.

Can secondary accounts have different email addresses?

Creating a secondary account should require an invite code?

Have a careful think about transferring a secondary account from one primary account to another.




Further considerations, written by tyggerjai


Goal: To streamline management of multiple journals and journal features for a single user account. Mostly involving addition of “Manage accounts” interface, but with implications for ban settings, reading pages, and access lists.


Background:
[A note on terminology: Part of the current issue is that there is a conflation of a “journal” with an “account”. An “account” represents a human being, but it has become obvious that many DW users want and have multiple journals. This entire project stems from the fact that accounts and journals, while historically identical, are de facto different things. Discussion of which things are “account” based (login, killfiles, subscription, access to someone else's journal) and which things are “journal” based (tags, entries, access to read one of my journals) are probably beyond scope for this bug (although see “Potential problems” at the end). I shall use the term “journal” in this document unless I wish to make a point about the distinction, because at the moment, journal is the paradigm we have to work with.]

Annabel has a Dreamwidth journal – dw_annabel – which she started when she first found Dreamwidth. It has mostly personal updates about her life, but she doesn't talk about her work. Mostly because her mother reads the dw_annabel journal, and rather than maintain access lists, or risk having her mother find out what she actually does for a living, Annabel maintains another journal for her work stories – work_annabel. Recently, Annabel has discovered the joy of writing speculative fiction, so she has started another journal, fic_annabel, for working on a novel. She's co-writing it with her friend Boris, so Boris also has the password for that journal. Annabel is growing increasingly weary of constantly logging in and out to post on various journals, and she would like the following:

1)When she is logged in as “dw_annabel”, which she considers her “primary” account, she'd like to be able to manage all her journals from the management interface. Everything she can do to dw_annabel (style, circle management, privacy management, etc), she wants to do from one central screen as dw_annabel. It'd even be nice if she could choose to apply to things like screenings to all her journals at once, although she'd need to be able to change settings per-journal as well.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

5)Recently, she had someone making unpleasant comments in fic_annabel, and has banned them. She'd like that ban to be applied across all her journals – fic_annabel, dw_annabel and work_annabel. Just in case. But she'd also like to be able to revoke that ban just on fic_annabel, in case it turns out she's banned Boris.

6)When she goes to make a post she definitely needs to be able to choose which journal to post to. When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work. She doesn't want to “log in” as fic_annabel – fic_annabel isn't a person, and she can do everything she needs to do to manage the fic_annabel journal as dw_annabel.

7)She can see a day, possibly soon, when she will grow weary of the fic_annabel story. She'd like to know that when the time comes, she can hand it off to Boris and untangle herself from it.

8)When she does that, she'll probably want to start another journal for her own fiction. She should be able to do that as dw_annabel, give it a new name, and start using it, without ever having to log in, log out, or otherwise manually tell the DW system that she owns it.

That's about all Annabel wants to do, really....

Skillsets: Everything and then some. This is backend, frontend, graphical, UX, business, scalability, and some things I haven't thought of yet.

Requirements:
[Another note on terminology. “Link” is somewhat overloaded here, since it can refer either to a managerial connection between to accounts, or a visible “a href=” on a profile page. I'll reserve “link” for the visible connection, and use “associate” for the higher level managerial connection.]

1)The project MUST provide a method of associating journals, with a single signon to edit and maintain them. Whether we call it “primary/secondary”, or “one account, many journals”, the heart of this project is the ability to log in as dw_annabel and modify fic_annabel and work_annabel. That has two components:

a) Migration of existing journals. It MUST be possible for a user with multiple journals to declare one of them a “primary” journal, and associate other existing journals with it.

b) Creation of future journals. It SHOULD be possible, once this project is implemented, to create journals with automatic association to an existing primary. (NB. This is a should because migration is a must, and if we have that, users can create and then migrate. Realistically, though, it's a “really should”.)

2)The project MUST provide a method for managing linked journals from a single central interface. This interface MUST replicate the current management functionality for each associated journal without requiring log out/log in for that journal account, if the user is logged in with their primary account credentials. This interface SHOULD provide the ability to apply changes to multiple journals at once, but if it does so, it MUST retain the ability to override settings on a per-journal basis.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access. However, if such an interface is present, it MUST be possible to filter that reading page on a per journal basis (i.e., if a user should be able to remove a given journals subscriptions from that central page). The project MUST maintain individual journal reading lists [that's more for backwards compatibility and privacy – I can currently go to work_annabel and see that reading list. It shouldn't suddenly show me dw_annabel's reading list.]

4)The project SHOULD allow a user to declare associations between journals as “Public” or “Private”. For “Public” associations, links SHOULD be shown on the profile pages of associated journals. Whether this is implemented or not, the project MUST NOT allow other users to see evidence of association between journals UNLESS the owner has explicitly declared the association public.

5)The project SHOULD allow a user to implement bans that apply to all associated journals. If implemented, this feature MUST allow a user to then rescind any given ban on any individual journal.

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal. [Note: These are only shoulds because we will almost certainly retain the account/journal conflation, and therefore in theory it's possible to log out and in again. I think the focus of this bug is really the management, and this posting interface is gravy, but it's important gravy]. If implemented, the commenting interface SHOULD restrict the choice to journal identities with commenting privileges, and MUST NOT allow journal identities to comment when they are not privileged to do so. That is, if journal annabels_friend has restricted commenting access, and allows comments only from dw_annabel, the interface MUST NOT allow annabel to comment as fic_annabel or work_annabel.

7)The project SHOULD implement a mechanism for removing an associated journal. Once removed, a journal will behave like any other non-associated journal.

8)The project MAY implement the ability to “sub-associate” journals with other users. That is, while ultimate control of the account rests with the creator, they can grant other users the ability to post to the journal, or post as the journal identity, change settings, etc, without giving the other user password access. The other user MUST NOT inherit access to posts that the journal identity has been granted. (i.e., Annabel gives Boris post and edit privs to fic_annabel. Boris's reading list still does not contain items from fic_annabel's subscriptions, nor can he see items to which fic_annabel has been granted. He can, however, post as fic_annabel ). See “Potential problems” :)


Potential Problems: Where do I start? On the bright side, I think most of our problems are social rather than technical.

1)Migrating accounts. I included the shared account with Boris for a reason. Let's say we're as restrictive as possible, and the following is required to migrate an account:

a) You must have access to both email addresses, to reply to “confirm” emails. You must know the password for both accounts.

Ok. But Boris has the password, and the email address for that account is a shared one. So even once Annabel has migrated, Boris can just remigrate it. This is a problem with the existing paradigm – because journals and accounts are the same, passwords are the only control mechanism. There's no way of knowing Annabel created the account. I think that for the moment we put this in the “too hard” basket, and say “Social problem, sort it out yourselves”. We lock it down so you can only migrate an account if you have both passwords, and can respond to emails sent to both accounts. There's really not much else we can do. ( as an aside, this is the classic example of why the “single account, multiple journals” is a better long-term paradigm, but this is almost a de facto implementation of that). After a journal has been migrated, do we have a complaints resolution process for Boris to say “Hey, she stole my journal”? I don't know that we need one – what's our current procedure for people sharing passwords and then one of them changing it to lock someone else out?

2)To be honest, everything else just looks like hard work. We really, really have to make sure that the commenting interface enforces identity restriction. If you have a locked post that tyggerjai can comment on, we DO NOT let tyggerdev comment on it, even though they're the same “person”. That's the ultimate UX nono, as far as I can see.

3)Oh. Sub-association. That's down the end as a “may” because although it's a huge, huge advantage that the “Association” paradigm has over the password paradigm, it's the biggest can of worms. It's almost a whole other specification on its own. But the main points, I think, are there. Give Boris edit/post access, but restrict privacy inheritance to the original owner. There's one massive thing preventing the implementation of subassociation, though, and that's what happens if Annabel then removes her association with fic_annabel. Does Boris then inherit the access as the new owner? Does dw_annabel keep the access, and if so, with which journal do we associate it? None of this is worse than our existing paradigm with passwords – in fact, it's a lot better, because if we do need to, we can suspend fic_annabel's access to everything, send emails out to people who have given fic_annabel access saying “This journal is changing owner! If you know the new owner and you're cool with it, click here to retain their access rights. If you don't know the new owner, click here to send an email to the old owner, so they can get in touch with you to arrange new access. Or, if this is freaking you out, click here to revoke the journal's access to your journal for good.”. But this is exactly the kind of thing that makes users nervous, and that we have to have a plan for. So at the moment, it's an itty bitty “may”, and if users want to hand a journal over to someone else, they can disassociate, give the new owner the email, and move on from there. But I think we may still need to handle the access notification in that case, simply because by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine! “

4)Actually, all of that, again, regardless of subassociation: by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine!”. Which, of course, we're not – journals will still have passwords, and other people may still know them. We could go all the way, and break the map between journals and accounts once and for all, so journals don't have passwords, but that's a much bigger project, I think.

5)Preselecting identities to comment as based on a post's access rules is going to suck. Just saying :)

Anyway. This section should probably be much longer, but I've left it as an Exercise For The Reader, since you know your community better than I do at the moment. I think the biggest problems are social – that associating journals with users sets up an interesting disconnect – if I give tyggerdev access because I've read it and I'm interested in the dev stuff, then if the owner of tyggerdev decides he's sick of coding, but gives the journal to someone else, I don't really care. I had no investment in the person. On the other hand, maybe I did – maybe I gave tyggerdev access to my journal because I know the owner. So then when he gives it away, I'm shattered! I don't know this person! What's going on!? Again, it's no worse than the existing password-sharing shenanigans in terms of actual security, only in terms of perception. And it's only a problem ever if we let people give journals away.


So! What thoughts does this inspire in you?
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 07:51 am (UTC)(link)
Ohhhh. Yeah, I have no experience with that at all. lol (That's why I kept adding 'maybe it's me'. I figure other people use their journals in ways I can't imagine.)

Is there a reason that one mod journal is a single journal instead of a community (or all the mods having their own journals)?

[ Please note: I'm not even sure my question makes sense, since I don't really know how RP-ing works. lol ]
amadi: A bouquet of dark purple roses (Default)

[personal profile] amadi 2010-10-21 08:17 am (UTC)(link)
Simplest answer: because a community can't post comments. And while the names of the mods of a community are usually known, sometimes it's important to present the unified front of "the moderators are performing this action, as a body" under the mod account (with the understanding that none of the mods would use that account without accord) rather than as an individual mod, to avoid grudgewank or efforts to pit one against the other or other sticky political nonsense that sometimes arises when people's creative output is on the line and passions run high.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 09:22 am (UTC)(link)
Oh, I see! Yes, that does make sense now. Hmmm...

That does make things more complicated, doesn't it? (In terms of this discussion about associating journals.)

Have to say, I'm not surprised that the people working on implementing this are already taking this into consideration. We're all in good hands here. :D

Thanks for the explanation!
existence: tj+amal from the adventures of tj and amal (keep my balance)

[personal profile] existence 2010-10-21 09:17 am (UTC)(link)
Think of it this way: in some LJ codebased RP models, there are a great many players who are POSTERS in one community, each having their own account, and there are moderators. And in the LJ model, communities cannot mod communties, as far as I know, so...

If this is helpful, I'm sure I or someone else can keep explaining LJ journal rp structure stuff.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 09:26 am (UTC)(link)
Thank you so much for replying. Your comment and the one above made it clear. :)

I can see now why people would be so concerned, and I'm glad (but not surprised) people working on this are already thinking it through from that perspective. It is a bit tricky.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 09:33 am (UTC)(link)
lol I have complete faith it'll be stellar when it's all said and done and live on the site. This place is the collective 'well organized mind'. :D
amai_kaminari: minekura beer, icon by amai-kaminari (Default)

[personal profile] amai_kaminari 2010-10-21 12:39 pm (UTC)(link)
Hi Denise:

I run an RP community with multiple mods. I was wondering if there is a way we can have multiple mod accounts, but with a single "display" username? (I was thinking that you could create "display" username by concatenating the community name with the word "_mod"?)

1. Currently, in order for someone to be a mod for my community, I have to check the Administrator checkbox on the Community Members page.
2. Once someone has been identified as an Administrator, they are granted Admin level permissions.
3. Is there any way for Admins to get a "Post as Mod" checkbox as part of the "Post an Entry" functionality which changes the account username to a community mod "display" username?

For example:

1. Let's say I have a user account, DWFan1, who is an Administrator for a community called IHeartDW.
2. When DWFan1 posts to the IHeartDW, she can either post as herself or select the "Post as Mod" checkbox.
3. If she selects the "Post as Mod" checkbox, her username shows up as IHeartDW_mod in the post.

Thoughts?
amai_kaminari: minekura beer, icon by amai-kaminari (Default)

[personal profile] amai_kaminari 2010-10-21 01:10 pm (UTC)(link)
Thanks for your speed-of-light reply!

If I can change my username to Community Name_mod for specific posts, I think that would help a lot. :)

Thanks for the link. I like the idea of a "mod hat" icon a lot! :) I wonder if there is a way to override the header background color and header font color for admin posts... so as part of the css, there is a header background color and header font color for community posts and a separate one for mod posts?

Thank you for being willing to talk to us. :)

(And for the record, I do HEART DW! ^______^ )


stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (Default)

Additional Comments Added

[personal profile] stormy 2010-10-21 03:36 pm (UTC)(link)
I wonder if there is a way to override the header background color and header font color for admin posts... so as part of the css, there is a header background color and header font color for community posts and a separate one for mod posts?

This would be nice to have on the site scheme as well for comments posted with the mod hat. It would be really simple to include a universal class that modifies how the comment looks - an actual border, different background, or some sort of MODERATOR graphic, on comment and entry pages displayed in the site schemes. Leaving everything up to the journal CSS is great - when you're viewing the journal in that journal style, but it'd be nice to make the distinction further and without needing people to know CSS, tie it into "post as moderator" etc.

I'm thinking of something very similar to the way the .active class works in http://www.dreamwidth.org/inbox/. You could even use the same colors that the site schemes use or something like a yellow highlight marker in a not blinding color. Something like a post it note's color wouldn't be too bad.

For example. say I had a mod hat for this community and replied to this entry with a moderator status. It'd be nice for the comment and collapsed comment to have a different background, a single lined border. Sort of like an entry highlight. I love the idea of the 'mod hat' not being tied to an account as a whole, but rather a posting status. There are times when people want to speak as a moderator, and times when their thoughts and feelings are separate.

Additional thoughts: Re: Mod Hat

You know, having an authenticated Anonymous or General Mod Hat would be excellent too. Something that shows the mod hat, but hides which moderator is making the announcement. It's still authenticated, but could be another check box when posting. Say, for instance [profile] community had [profile] user1 and [profile] user2 as moderators. User 1 could post an entry and select the General/Anonymous Mod Hat, and it'd be posted as Community Moderators (but I would highly encourage that a screened or invisible comment of posted by [profile] user1 be visible as footer in the post/comment so that other moderators would know who posted it. Another option, because I really don't love the format of [personal profile] community_mod as a combined automatic username - someone (somewhere!) mentioned having an automatic _mod ending and I cringed.

Really, anything that helps make sharing journals less common is A+ with me.
Edited (More info!) 2010-10-21 20:06 (UTC)
tyggerjai: (Default)

Re: Additional Comments Added

[personal profile] tyggerjai 2010-10-21 08:12 pm (UTC)(link)
I hadn't seen the mod hat suggestion before, but it's fascinating me. And yeah, there are two models - hat and mask. In one of them, you know it's user X but you also know they're posting as a moderator. In the other, you just know it's some moderator. It is orthogonal, but I'm quite intrigued by it.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

Re: Additional Comments Added

[personal profile] azurelunatic 2010-10-22 12:21 am (UTC)(link)
It would probably be _admin, in any case, because "mod" is just commonly-understood terminology, rather than official. "Moderator" is "has powers over the moderation queue".
stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (🆄 _____________________________)

[personal profile] stormy 2010-10-22 01:14 am (UTC)(link)
_admin seems like it could be confusing as well because per profile, the Moderators and Maintainers are both under Administration.

For aesthetic reasons, I don't prefer to have underscores in my own user names, so I would probably refrain from using the feature if I had to have that added, though I recognize it is definitely the easiest version to mask/add anonymity a community moderator, though I wouldn't have been beyond specifying an anonymous account name, either. I could see where that might fail considering it would 1) take up an additional name on the server, and 2) would have to have the ability to be deleted to free up said name, where a _mod/_admin tag is just like a _feed, and much easier to track and not to confuse.

Curiously, I wonder how the mod hat were to operate if, say, there were multiple communities and you wanted the same mod account to be able to respond to all of them?

Like say I have a roleplay community [profile] community, an ooc community for it [profile] community_ooc, and a logs community [profile] community_logs: It could get very tedious if I had to deal with [profile] community_ooc_admin, [profile] community_logs_admin, [profile] community_admin respectively. I wonder how those will be handled.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-22 01:28 am (UTC)(link)
@communityname

It's good enough for IRC....

Wait. Didn't someone say communities can't comment? Or, technically, post at all? So can the mod posting Id just be the community name? There's probably a good reason not to, I don't do communities much.
stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (🇹 fuck google)

[personal profile] stormy 2010-10-22 01:33 am (UTC)(link)
I got confusing there, sorry. Communities can't comment, but I was vaguely referring to the mod hat feature.

If I was the moderator of a journal, but I wanted to show an anonymously moderated post or comment (a united front) - it would use the name of the journal I was a moderator of.

But those are like extensions of the same community set? The way those kind of communities are set up, there's one community for comment spam, one for out of character posts (introductions,etc), and one for logs of roleplay. Under a dubious shared normal username, the same person could moderate all three, but of course, they'd be visible.

It'd just be [personal profile] stormy posting in [profile] community.

Under the mod hat, anonymous, it feels like it would be confusing to have three different moderators for what is essentially a united game under three communities.

I hope that makes some sense?

@communityname

It's good enough for IRC....


And I'm not sure I got the reference? Could you explain further. I haven't been on IRC in years!




Additional thoughts: It seems like rather than adding _mod or _admin to the end of the anonymous mod hat, just treat it as an entity that can comment inside its own journal.

Instead of [personal profile] stormy with a mod hat, post [profile] community with a mod hat. There. Simple and anonymously united.

And sorry for the revision spam - I just noticed that is exactly what you said. /facepalm Commenting after work is never a good idea.
Edited (sorry for the spam!) 2010-10-22 01:40 (UTC)
musyc: Katherine Hepburn wearing a great big hat (B/W: Mod Hat)

[personal profile] musyc 2010-10-22 04:35 am (UTC)(link)
...

I love the very existence of this bug, regardless of whether it's being actively worked on or not. Love it like a loving thing. *puts on her bighugemodhat and swans about*