denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_biz2010-10-21 02:18 am

RFC: Multiple Account Model

So, one of the things we want to do -- and it's a project that has gotten some developer interest lately -- is make it so that you can associate/link accounts together, so (for instance) you can switch to commenting or posting as your alternate/secondary/fic/RP/whatever journal more easily than logging out and logging back in. We've done some work to spec the problem, but I figured it would be time to toss it out to you guys here and see what other things we've forgotten to think of and what use cases we don't know about yet!

More discussion on the problem can be found at Bug 76. Here are two of the documents that have been written to try to "spec out" the project. Please read them over if you have a chance, and give your feedback.

Draft spec, written by cesy

From one of the manage settings pages, have "manage secondary accounts"

On new manage secondary accounts page, have:
Create a new secondary account - standard flow, but is automatically already connected, and gets created with all the same settings as your primary account
Link an existing account to this one (requires password to the other account)
Unlink one of the secondary accounts from the primary account (has a large and obvious "Are you sure about that?" message)
An option to show/hide links between accounts - can display list of secondary accounts on primary profile, and link to primary profile on secondary profiles
An option to select which account is the primary journal - the primary journal will be default on things like the update page and when commenting

Other pages that will need updating:

Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Edit profile drop-down should list all secondary accounts, as should customize style, manage filters, edit userpics, etc.

Update.bml needs both "post to journal" drop-down (includes all comms and all accounts) and "post as" drop-down (which is disabled if the secondary account can't post to that comm, and defaults to match the journal selected). "Post as" doesn't display unless you have secondary journals.

All comment boxes would need a drop-down to choose who to work as. Ideally this would show normally, not require clicking the "Other"/"More options" button. This should also not display for people who don't have secondary journals.

On options/settings pages, at the bottom, instead of just "Save", have "Save for this journal" and "Save for all journals" (but only if the user has a secondary journal, otherwise leave it as just "Save".)

Other notes:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?

If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing.
The pop-up hover menus should behave as usual for the main account, and ignore secondary accounts.

Can secondary accounts have different email addresses?

Creating a secondary account should require an invite code?

Have a careful think about transferring a secondary account from one primary account to another.

Further considerations, written by tyggerjai

Goal: To streamline management of multiple journals and journal features for a single user account. Mostly involving addition of “Manage accounts” interface, but with implications for ban settings, reading pages, and access lists.

[A note on terminology: Part of the current issue is that there is a conflation of a “journal” with an “account”. An “account” represents a human being, but it has become obvious that many DW users want and have multiple journals. This entire project stems from the fact that accounts and journals, while historically identical, are de facto different things. Discussion of which things are “account” based (login, killfiles, subscription, access to someone else's journal) and which things are “journal” based (tags, entries, access to read one of my journals) are probably beyond scope for this bug (although see “Potential problems” at the end). I shall use the term “journal” in this document unless I wish to make a point about the distinction, because at the moment, journal is the paradigm we have to work with.]

Annabel has a Dreamwidth journal – dw_annabel – which she started when she first found Dreamwidth. It has mostly personal updates about her life, but she doesn't talk about her work. Mostly because her mother reads the dw_annabel journal, and rather than maintain access lists, or risk having her mother find out what she actually does for a living, Annabel maintains another journal for her work stories – work_annabel. Recently, Annabel has discovered the joy of writing speculative fiction, so she has started another journal, fic_annabel, for working on a novel. She's co-writing it with her friend Boris, so Boris also has the password for that journal. Annabel is growing increasingly weary of constantly logging in and out to post on various journals, and she would like the following:

1)When she is logged in as “dw_annabel”, which she considers her “primary” account, she'd like to be able to manage all her journals from the management interface. Everything she can do to dw_annabel (style, circle management, privacy management, etc), she wants to do from one central screen as dw_annabel. It'd even be nice if she could choose to apply to things like screenings to all her journals at once, although she'd need to be able to change settings per-journal as well.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

5)Recently, she had someone making unpleasant comments in fic_annabel, and has banned them. She'd like that ban to be applied across all her journals – fic_annabel, dw_annabel and work_annabel. Just in case. But she'd also like to be able to revoke that ban just on fic_annabel, in case it turns out she's banned Boris.

6)When she goes to make a post she definitely needs to be able to choose which journal to post to. When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work. She doesn't want to “log in” as fic_annabel – fic_annabel isn't a person, and she can do everything she needs to do to manage the fic_annabel journal as dw_annabel.

7)She can see a day, possibly soon, when she will grow weary of the fic_annabel story. She'd like to know that when the time comes, she can hand it off to Boris and untangle herself from it.

8)When she does that, she'll probably want to start another journal for her own fiction. She should be able to do that as dw_annabel, give it a new name, and start using it, without ever having to log in, log out, or otherwise manually tell the DW system that she owns it.

That's about all Annabel wants to do, really....

Skillsets: Everything and then some. This is backend, frontend, graphical, UX, business, scalability, and some things I haven't thought of yet.

[Another note on terminology. “Link” is somewhat overloaded here, since it can refer either to a managerial connection between to accounts, or a visible “a href=” on a profile page. I'll reserve “link” for the visible connection, and use “associate” for the higher level managerial connection.]

1)The project MUST provide a method of associating journals, with a single signon to edit and maintain them. Whether we call it “primary/secondary”, or “one account, many journals”, the heart of this project is the ability to log in as dw_annabel and modify fic_annabel and work_annabel. That has two components:

a) Migration of existing journals. It MUST be possible for a user with multiple journals to declare one of them a “primary” journal, and associate other existing journals with it.

b) Creation of future journals. It SHOULD be possible, once this project is implemented, to create journals with automatic association to an existing primary. (NB. This is a should because migration is a must, and if we have that, users can create and then migrate. Realistically, though, it's a “really should”.)

2)The project MUST provide a method for managing linked journals from a single central interface. This interface MUST replicate the current management functionality for each associated journal without requiring log out/log in for that journal account, if the user is logged in with their primary account credentials. This interface SHOULD provide the ability to apply changes to multiple journals at once, but if it does so, it MUST retain the ability to override settings on a per-journal basis.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access. However, if such an interface is present, it MUST be possible to filter that reading page on a per journal basis (i.e., if a user should be able to remove a given journals subscriptions from that central page). The project MUST maintain individual journal reading lists [that's more for backwards compatibility and privacy – I can currently go to work_annabel and see that reading list. It shouldn't suddenly show me dw_annabel's reading list.]

4)The project SHOULD allow a user to declare associations between journals as “Public” or “Private”. For “Public” associations, links SHOULD be shown on the profile pages of associated journals. Whether this is implemented or not, the project MUST NOT allow other users to see evidence of association between journals UNLESS the owner has explicitly declared the association public.

5)The project SHOULD allow a user to implement bans that apply to all associated journals. If implemented, this feature MUST allow a user to then rescind any given ban on any individual journal.

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal. [Note: These are only shoulds because we will almost certainly retain the account/journal conflation, and therefore in theory it's possible to log out and in again. I think the focus of this bug is really the management, and this posting interface is gravy, but it's important gravy]. If implemented, the commenting interface SHOULD restrict the choice to journal identities with commenting privileges, and MUST NOT allow journal identities to comment when they are not privileged to do so. That is, if journal annabels_friend has restricted commenting access, and allows comments only from dw_annabel, the interface MUST NOT allow annabel to comment as fic_annabel or work_annabel.

7)The project SHOULD implement a mechanism for removing an associated journal. Once removed, a journal will behave like any other non-associated journal.

8)The project MAY implement the ability to “sub-associate” journals with other users. That is, while ultimate control of the account rests with the creator, they can grant other users the ability to post to the journal, or post as the journal identity, change settings, etc, without giving the other user password access. The other user MUST NOT inherit access to posts that the journal identity has been granted. (i.e., Annabel gives Boris post and edit privs to fic_annabel. Boris's reading list still does not contain items from fic_annabel's subscriptions, nor can he see items to which fic_annabel has been granted. He can, however, post as fic_annabel ). See “Potential problems” :)

Potential Problems: Where do I start? On the bright side, I think most of our problems are social rather than technical.

1)Migrating accounts. I included the shared account with Boris for a reason. Let's say we're as restrictive as possible, and the following is required to migrate an account:

a) You must have access to both email addresses, to reply to “confirm” emails. You must know the password for both accounts.

Ok. But Boris has the password, and the email address for that account is a shared one. So even once Annabel has migrated, Boris can just remigrate it. This is a problem with the existing paradigm – because journals and accounts are the same, passwords are the only control mechanism. There's no way of knowing Annabel created the account. I think that for the moment we put this in the “too hard” basket, and say “Social problem, sort it out yourselves”. We lock it down so you can only migrate an account if you have both passwords, and can respond to emails sent to both accounts. There's really not much else we can do. ( as an aside, this is the classic example of why the “single account, multiple journals” is a better long-term paradigm, but this is almost a de facto implementation of that). After a journal has been migrated, do we have a complaints resolution process for Boris to say “Hey, she stole my journal”? I don't know that we need one – what's our current procedure for people sharing passwords and then one of them changing it to lock someone else out?

2)To be honest, everything else just looks like hard work. We really, really have to make sure that the commenting interface enforces identity restriction. If you have a locked post that tyggerjai can comment on, we DO NOT let tyggerdev comment on it, even though they're the same “person”. That's the ultimate UX nono, as far as I can see.

3)Oh. Sub-association. That's down the end as a “may” because although it's a huge, huge advantage that the “Association” paradigm has over the password paradigm, it's the biggest can of worms. It's almost a whole other specification on its own. But the main points, I think, are there. Give Boris edit/post access, but restrict privacy inheritance to the original owner. There's one massive thing preventing the implementation of subassociation, though, and that's what happens if Annabel then removes her association with fic_annabel. Does Boris then inherit the access as the new owner? Does dw_annabel keep the access, and if so, with which journal do we associate it? None of this is worse than our existing paradigm with passwords – in fact, it's a lot better, because if we do need to, we can suspend fic_annabel's access to everything, send emails out to people who have given fic_annabel access saying “This journal is changing owner! If you know the new owner and you're cool with it, click here to retain their access rights. If you don't know the new owner, click here to send an email to the old owner, so they can get in touch with you to arrange new access. Or, if this is freaking you out, click here to revoke the journal's access to your journal for good.”. But this is exactly the kind of thing that makes users nervous, and that we have to have a plan for. So at the moment, it's an itty bitty “may”, and if users want to hand a journal over to someone else, they can disassociate, give the new owner the email, and move on from there. But I think we may still need to handle the access notification in that case, simply because by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine! “

4)Actually, all of that, again, regardless of subassociation: by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine!”. Which, of course, we're not – journals will still have passwords, and other people may still know them. We could go all the way, and break the map between journals and accounts once and for all, so journals don't have passwords, but that's a much bigger project, I think.

5)Preselecting identities to comment as based on a post's access rules is going to suck. Just saying :)

Anyway. This section should probably be much longer, but I've left it as an Exercise For The Reader, since you know your community better than I do at the moment. I think the biggest problems are social – that associating journals with users sets up an interesting disconnect – if I give tyggerdev access because I've read it and I'm interested in the dev stuff, then if the owner of tyggerdev decides he's sick of coding, but gives the journal to someone else, I don't really care. I had no investment in the person. On the other hand, maybe I did – maybe I gave tyggerdev access to my journal because I know the owner. So then when he gives it away, I'm shattered! I don't know this person! What's going on!? Again, it's no worse than the existing password-sharing shenanigans in terms of actual security, only in terms of perception. And it's only a problem ever if we let people give journals away.

So! What thoughts does this inspire in you?
weaverbird: (OMG Squee)

[personal profile] weaverbird 2010-10-21 07:13 am (UTC)(link)
see icon. *g*

I can't think of anything to add to the points in your post, but I will definitely be daydreaming about it and will come back to add my two cents if I do.
somnolentblue: statue of a woman from the waist up (Default)

[personal profile] somnolentblue 2010-10-21 07:14 am (UTC)(link)
I haven't read this through closely, for I ought to be doing things that are not reading dw, but SO EXCITED!!!!! Especially since the question of sub-association is being looked at (although I could completely see this being excessively complicated and fraught with problems), since I have a some shared admin accounts.

Mostly, I'm doing the flappy hands of glee.
speedblitz: (Default)

[personal profile] speedblitz 2010-10-21 07:15 am (UTC)(link)
I have... at least thirteen Dreamwidth journals at the moment, most of them for the purpose of RP. The one thing that I would really need implemented in a multiple account feature like this would be the ability to choose a different account's various userpics when I comment. It does me no good to "post as this account" while still logged in to my main if I can't choose icons on my secondary... which is mostly the point of logging into those secondaries to post anyway. Otherwise I'd just use the "post as a different account" feature. :)
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 07:16 am (UTC)(link)
I don't understand any of the Boris stuff. I think for a collaboration, people should make a community. No giving away of passwords or journals. o.O

To me - and I have a feeling this may turn out to be an unpopular opinion - it's not important or necessary at all to be able to look at all of the associated journals' reading pages merged into one. If it's easy enough to switch to 'working as' one of your other journals (i.e., you don't have to log out and log in again), then you can just switch to another and look at that journal's own reading page. It's not that big of a deal and will even save on confusion as to which account you're working as/with/through/whatever at the moment.

I don't see much fiddling around required in terms of people giving/having access either... It's not really a time intensive process to grant access, subscribe, unsubscribe, or remove access. If the person has made it public on their profile that they have these other journals, too, then you can just choose to do that or not (from your primary account or all of your accounts, haha). If the person doesn't want it known that all of these journals belong to them, I don't see why they'd be multiply subscribed to the same journals and communities; but maybe that is just me. So, I guess, that is my way of saying: if you're looking at someone's journal while 'working as' a journal of your own that doesn't have access to their locked posts, then NO, you can't see those posts; scroll up to the top and switch to working as the journal that does have access. (They may not even like your alter ego. If they knew it was you, maybe you wouldn't have access on any journal. lol)

And I don't see why you would want to save a draft post for 'all journals'. Again, maybe that is just me. I'd expect 'save' and 'save to' and then you get to pick which journal to save the draft for... unless, as has become my theme here, it saves to whichever journal you are working as at the moment. Then there is no need for any new option at all.

I'm glad you're very clear that it needs to be optional whether there's any public association between accounts, at the discretion of the human who owns them. That's no less than I'd expect from you guys. :)

All of the stuff about it showing you only the options each journal has privileges for is very shiny. I'm confident you'll work it out well. (Sounds like a lot of work, too.)

I would hope there'd be an easy way (or faster way) to link journals created with the same email address, than for a person who used different email addresses for each journal. Like, once the changes were all implemented, people who'd created more than one journal with the same email address received an email/inbox notification from DW asking if they want to 'associate' them.

I'll be really curious to see what's developed as far as the shop (i.e., payment options) goes. Discounts would be great. A simple, clean way to take care of all your accounts at once (should you choose to do so) will be cool in its own right.

Thanks for working on this! You guys rock! :D
Edited (typo) 2010-10-21 07:21 (UTC)
vae: (books: imagination takes flight)

[personal profile] vae 2010-10-21 07:31 am (UTC)(link)
Replying to comments from email notifications - if Annabel is logged in as dw_annabel but has an email notification to fic_annabel and she replies to it, should it go through, or should she see the "cookie expired" message and need to log in as fic_annabel before the comment posts?

(I'll be honest, I'm firmly of the opinion of "the comment should post as fic_annabel while logged in as dw_annabel" - this is because I know a lot of people who will not use Dreamwidth for RP because they have multiple characters and want to be able to reply to comments from email notifications without having to switch logins. Being able to associate journals and let that authorise comments without switching their login would make DW a lot more RP-friendly.)
sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)

[personal profile] sophie 2010-10-21 07:31 am (UTC)(link)
3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.
I assume you ([personal profile] tyggerjai) mean that she'd be able to read journals on work_annabel's and fic_annabel's reading lists, including locked posts?

(Whether there should be the option to auto-read users who give you access is another discussion entirely, of course; I'm just commenting to make sure this means what I think it means.)
Edited (Oops, wrong tag.) 2010-10-21 07:32 (UTC)

[personal profile] puzzlement 2010-10-21 07:36 am (UTC)(link)
As far as sub-association goes, there's perhaps something going on here socially with regard to communities.

Generally speaking, users expect that a community has semi/occasionally-open membership. But since communities are currently the only official model for having a separate journal with the same login, the following happens:
1. some people make a community in order to have a de-facto second journal
2. some people make a community in order to have, essentially, a journal for postings by a small number of people (I do this with [community profile] incrementum, my parenting blog), but there's no way to distinguish this in the UX, so [community profile] incrementum for example shows up in interests pages with equal status to communities that people can actually join.

Model #2 is a separate problem, but perhaps Model #1 is overlapping this problem a fair bit. Will communities be able to be migrated to sub-accounts? Will all of the use cases of "I'm setting up a comm for my icons, I am the only poster" be catered for by subaccounts? Why/why not?

[personal profile] rho 2010-10-21 07:38 am (UTC)(link)
I like the paradigm of splitting accounts and journals better than I like the paradigm of primary and secondary accounts. I doubt it will make much difference in real terms, but I find it a much more intuitive and helpful way of looking at things.

One thing that I would like is the option of displaying the parent account on a journal. I know that a lot of people keep secondary accounts at the moment precisely because they're concerned about privacy and don't want people associating their accounts, but whenever I use multiple accounts, it's generally just because I want to keep content separate for organisational reasons, and I normally have a note along the lines of "my main journal is over at [personal profile] rho" in their profiles. While I wouldn't advocate having this be default behaviour, it would be useful to me if I could just tick a box and have it show up automatically.
florahart: (writing)

[personal profile] florahart 2010-10-21 07:39 am (UTC)(link)
I don't have useful comments, but I do want to say that I appreciate how clear it is in this description that there is a baseline understanding about what it means to have multiple identities that may be shared or known to different people and that this is not a crime or a bad thing. That it's said repeatedly that where the user has not explicitly stated that she wants this connection to be apparent to other people, it's critical that the default be public. That it's understood that people compartmentalize in a hundred ways and that these compartments overlapping nondeliberately is a very bad thing. It's hardly news that you all are all over that, but I still appreciate it all over again any time I see it. Thanks.

Okay, wait, maybe I do have one useful comment; the circle management page is already unwieldy if one has very many people in any relationship (for me the crazymaker is all the imported openIDs to scroll through), and I think my brain just curled up in the corner sobbing at the notion of trying to cope with the potential for a whole other level of making it right for multiple journals on one account--which, it'd have to get worse, right? In order to account for allowing/subbing/unsubbing/whatever for just the primary or just a secondary? Uh, I think that page would need work, but I don't have any idea how to make it better.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 07:49 am (UTC)(link)
The thing the stuck out at me the most was the consideration about email addresses.

I use different emails for different identities-- it keeps the RL me that much further away from my online activity, which is very important to me.

So if this were implemented where I had to use the same email for both accounts, it would not work for me.

And the secondary consideration for me is then, of course, being able to select whether the associations for the accounts was public or private.

Also, the secondary writeup seemed to be more like my case, though it could just be from the details and the late hour.

pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2010-10-21 07:54 am (UTC)(link)
what's our current procedure for people sharing passwords

I thought that was forbidden?

[personal profile] fathomless 2010-10-21 08:06 am (UTC)(link)
This fantastic not just for RP but the small but growing population of multiples here as well. We have one main journal, this one, but each of us have separate journals as well. We don't use those as often because the log in/out process is a hassle. This would remove that boundary and allow more autonomy for individuals within our system. We're all for this!
raelynne: (Coffee Now!)

[personal profile] raelynne 2010-10-21 08:41 am (UTC)(link)
I love all the thought that's gone into this so far and I'm very excited about seeing this actually happen :D That said, I do have something to add:

For background, I have a fic journal that I consider my primary. I also have this journal that I can safely log into at work, that I would also like to use as the journal that my parents can read.

Something that's not mentioned above that would be a huge, huge deal for me, would be the ability to post to two of my linked accounts at the same time, and to be able to do this from either primary or secondary account.

Some of the RL posts I would make to this journal, I would also like to have in my fic journal, without having to go through any extra steps. I would also like the crossposting settings of my fic journal to be respected, even when I post from this journal.

I would never, ever want to see the Reading List from my fic journal while I'm logged in on my work account. That would be very bad indeed!

I know there have been discussions around crossposting and spam before, but I think that allowing crossposting between linked accounts is not at all the same as spamming multiple comms.
charamei: XKCD's map of online comunities - Dreamwidth Island (Dreamwidth Island!)

[personal profile] charamei 2010-10-21 08:49 am (UTC)(link)
Can secondary accounts have different email addresses?

Yes, please, if at all possible.

If Person A has a secondary professional account, for example, they should have the option to display a different email for the professional one.

My other question was about selecting icons when posting as a secondary account, but I see [staff profile] denise has already answered that :)
noxie: friendly girl smiling (Default)

[personal profile] noxie 2010-10-21 09:02 am (UTC)(link)
First off, I LOVE the idea of having an account with multiple associated journals. I'm currently using one-person communities because I can never be bothered to log in under a different user name. These communities are used solely for posting fan fic and fanart, while my primary journal is for everything else.

Now, if these weren't comms but associated journals, I

a) wouldn't want all subscriptions of all my journals to show up on my primary reading page by default. Perhaps this could be handled like reading filters work right now, via the drop-down box on the navigation bar? Then you could choose which journal's subscriptions you'd like to read.

b) wouldn't need the option to share a journal with someone else. That's what comms are for, in my opinion. I think this whole thing is a can of worms with a HUGE potential for drama and wank. If this were implemented, I'd always have to ask myself: Do I really want to give this journal access? What if it's handed over to someone else? I think giving a journal to someone else shouldn't be encouraged (or even allowed because of privacy issues).
I read above that people who RP seem to rely on being able to "share" a journal, though. Maybe there could be a third option for specifically creating a "shared" journal that shows which users control this journal on the profile? So that it's always perfectly clear to anyone subscribing to this journal. Does that make sense? *scratches head*

c) would LOVE the option to be able to decide whether my associated journals are displayed on the profile or not.

As for cesy's questions:

"If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries."

Hm. I'm not sure why this kind of bothers me. Wouldn't it be better if you could only see these locked entries if you were using the journal they've given access to? I'm not sure I'm making sense here. But I think when looking at someone's locked entries, you should only be given the option to comment with the journal that has access.

"If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?"

I would hope that you don't see the locked entries in that case. I can see why this would be useful for someone wanting to read everyone's entries from all their journals on one page, but wouldn't this cause so much confusion? You may not have access with the journal you're reading them from, but you can still read their entries and comment on them? Food for thought.

"If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing."

Yes, that would be pretty awesome.

"Can secondary accounts have different email addresses?"

Good question. I think this might be useful for some people, but how would you make sure it's really the same person? A password can be stolen / hacked. This makes me a little uneasy, to be honest.

"Creating a secondary account should require an invite code?"

It would be more than awesome if it didn't require an invite code, but I can understand if you were opposed to this. Maybe this could be made a paid feature? So only those who have a paid account don't require invites for creating an associated journal?

"Have a careful think about transferring a secondary account from one primary account to another."

That sounds so complicated. I'm not sure I can even get my head around this. How would anyone giving this person access even handle that? Would they be notified that the journal they're given access/ have subscribed to is now controlled by a different account?
Should you be allowed to transfer journals from one account to another, or shouldn't you? My initial feeling is that this shouldn't be allowed, but I might have to think about it some more. I can see that this might become necessary.

Another thing I just thought of - should journals controlled by one account have a different icon, so that you can see at one glance that this is an associated journal, and not a "normal" one? This should only be the case if the person controlling these journals has decided to show this on their profile, though.

Those are my two cents for the moment. I'm sure there's lots more I could add, but I can't think of anything right now. :)

Anyway, I'm looking forward to this feature arriving! It's awesome that you're working on it. :D
existence: metanoia (it's not an addiction. perse.)

[personal profile] existence 2010-10-21 09:14 am (UTC)(link)
The first level of thoughts that spring to mind are:

- Tagging off the secondary email adresses thing and the combined reading circles bit: I assume that what is said above about the one central page might also apply to the one centralized PM inbox? And still have filtering for subject matter (circle updates etc) on both? Because in that situation, that is a thing I would use.
- What if Annabelle uploads her icons to the wrong account? Does she have to delete and switch and reupload? In the same vein, can she tag as if she was the owner of said accounts at all times, even if the account is set to allowing owner-only tagging?
- I'm, wondering, on how people will and will not sign themselves, like if it's a shared secondary journal, are we going to see whose primary posted? Is this going to turn on and off? Be an option?
- Would there be maximums set on (primary and or secondary) journal links?
cat_rood: (Default)

[personal profile] cat_rood 2010-10-21 11:30 am (UTC)(link)
... But this is why I have firefox and ljlogin?
lorax: Puppy Has World (Misc: Puppy "World Is Mine")

[personal profile] lorax 2010-10-21 12:41 pm (UTC)(link)
This has tremendous potential and I'm not gonna lie, I'm super excited about the idea of it showing up later on! It makes my RPing, multiple-journal-having heart happy.

I do really appreciate how much care it's obvious you're putting into making sure that linking won't be public without permission/desire, so that people maintaining separation of identities or privacy concerns can still make use of this, without "outing" themselves. It's that kind of concern for the user base that makes me so happy to be able to contribute my little paid account fees here!
ninetydegrees: Drawing: a girl's face, with a yellow and green stripe over one eye (Default)

[personal profile] ninetydegrees 2010-10-21 12:42 pm (UTC)(link)
Can secondary accounts have different email addresses?

Yes, please. I have several e-mail accounts and several DW accounts to keep things neatly organized and easier to manage. I would see no point in linking my accounts if it meant I had to give up on keeping my e-mails organized.

Creating a secondary account should require an invite code?

I don't see why not.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

I would hate to have the central reading page as a default. Again, I keep things separate because it makes it easier for me and would not link accounts if I couldn't decide how separated I wished them to remain.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

I'm not sure what's suggested here but I'd like to have the same privacy settings for this as for other profile elements (everybody, registered, access only, nobody).

When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work.

Sure, but I don't think she should always have a choice. Let's say fic_annabel's on my Access List and I've posted a locked post. I only want comments from fic_annabel, not dw_annabel. I may not know who dw_annabel are and seeing a comment from this stranger on my Access Only post could scare me and make me go straight to Support... unless there's a way I've been made aware the two accounts were connected by fic_annabel and given them explicit permission to comment on my locked posts with either account (and have a way to remember who's who otherwise it could get hard real soon).
Edited (typo) 2010-10-21 12:45 (UTC)
sharpest_asp: Black and white art of a hissing snake arounda  dagger (Default)

[personal profile] sharpest_asp 2010-10-21 01:25 pm (UTC)(link)
This is a pile of programing, I think.

This is also one of the cases where it seems you will need to have a very detailed permissions page, where you maintain and edit the things that affecting one journal can do to the rest.

Personally, I hope this procedure is hashed out and added. I'm one of those with multiple accounts (and how! RP is addictive). So many times, I have been on one of my fic journals and wanted access to my main journal's settings.

One point, and this is pure aesthetics in the end. If a linked primary/secondary comments on one of its mates, will there be a way to get the system to understand not to send a copy of a comment made? For instance, I am forever commenting on [personal profile] double_trouble as [personal profile] sharpest_asp. I then get a copy of my own comment because it doesn't know it is me. And I can see where it might not be feasible to change that, but I'm throwing it out there as a further brainstorm point.
opera_cat: (arthurian)

[personal profile] opera_cat 2010-10-21 02:17 pm (UTC)(link)
That sounds really awesome.

[personal profile] desh 2010-10-21 02:43 pm (UTC)(link)
Would this let me connect this account to [identity profile] That's what I'd want to use it for...
elysium_fic: (Default)

[personal profile] elysium_fic 2010-10-21 03:39 pm (UTC)(link)
As a "sockpuppet" with a main journal (I write fic I don't want associated with my "real" persona) I absolutely support this concept. It's been quite difficult having to manage my various logins, and I've had lots of times when I've failed and posted a comment while logged in from one account while intending to post it from another, thereby compromising the anonymity my sockpuppet identity.

The proposals both sounds great and I can't think of anything to add. It's a brilliant idea and I cannot wait to see it implemented.
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Shared access = massive security hole (but maybe not as much as I thought?)

[personal profile] helens78 2010-10-21 03:51 pm (UTC)(link)
First of all, I want to kick this off by saying that I have been really, really excited about the primary/secondary account system since it was first mentioned back on the mailing list. I think it is a killer feature, and I am really, really, really excited about the prospect of bringing it in.

However, there are some issues with the spec that, as written above, freak me out from a security perspective. I'm going to try to tackle these one at a time, so that people can either a.) calm me down and explain why my take on them are wrong, or b.) discuss them individually rather than having them get lost in the conversation flow. :)

So first of all: let me respond to the big, huge, terrifying suggestion in the spec:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?

3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access.

From the way this is written, I can see that this is still a point of contention, and thank goodness for that, because this allows for a truly heinous security hole the likes of which make me positively dizzy.

I'm really glad that the OPs talked about shared accounts, because that is precisely where the security hole comes in. In a system where only one person may control a journal, period, it makes perfect sense to assume that any post to which primary has access, secondary1 and secondary2 also have access, because they belong only to primary. Same person, same access.

However, in a system where secondary(comm_mod) is shared between primary1 and primary2, then allowing secondary(comm_mod) to view everything that primary1 has access to also means granting primary2 access to everything primary1 has access to.

That is a huge security hole, particularly in light of the fact that the spec calls for people to have private secondary accounts.

Now, I am very much in favor of private secondary accounts -- I would be very, very happy to associate my RL journal, or my original fic journal, with this one, so long as I did not have big flaming signs (or even little, non-flaming signs) on the profile pages that say RL_helens is a secondary account for helens78. That would be fantastic.

However, if you grant global access to all secondary accounts associated with a primary account, you are quietly granting access to accounts without the knowledge or consent of the access-granter. And if those secondary accounts are shared accounts, then you have just quietly granted access not to the same user, but to potentially any number of unknown users.

Let me spell this out a little more concretely, in case it's not clear why this is a scary idea:

my_best_friend has access to every filter I use. She co-mods not_my_fandom_kinkmeme with somebody_I_don't_know, somebody_else, some_third_person, and my_worst_enemy, using not_my_fandom_kinkmeme_mod. For various reasons, not_my_fandom_kinkmeme_mod does not list its primary accounts on its profile page, and we certainly don't want a system in which my_best_friend must reveal all her secondary journals on her profile page.

Right now, the access flow looks like this:

my_best_friend: access
somebody_I_don't_know: no access
somebody_else: no access
some_third_person: no access
my_worst_enemy: no access
not_my_fandom_kinkmeme_mod: no access

However, if not_my_fandom_kinkmeme_mod, as a secondary account to my_best_friend, is automatically granted access to everything my_best_friend has access to, then the access flow suddenly looks like this:

my_best_friend: access
somebody_I_don't_know: ACCESS - which I didn't grant and don't know about
somebody_else: ACCESS - which I didn't grant and don't know about
some_third_person: ACCESS - which I didn't grant and don't know about
my_worst_enemy: ACCESS - which I didn't grant and don't know about
not_my_fandom_kinkmeme_mod: ACCESS - which I didn't grant and don't know about

DW could certainly stop this from happening by allowing an account to be secondary to only one journal, but it seems clear from the Annabel/Boris examples that secondary accounts are designed to include the shared journal paradigm (and allowing only one person to have a secondary journal would really lessen the utility for people who are deliberately looking for this feature; see this thread). Allowing people to pass secondary accounts like a hot potato (so that people can change whose secondary account it is, but can't have shared access at the same time) would maintain security, but would also make it difficult for shared mod accounts to react in-the-moment -- if PrimaryMod is hit by a bus, and all hell breaks loose on the community, and PrimaryMod has to release a secondary journal to SecondaryMod, the community is not going to get mod responses in a timely manner.

DW could also set up a system that allows people to see locked posts only if all accounts under the primary account have access to those locked posts, but I think this is not very feasible -- I can't think of anyone who has access to all of the accounts I would list as secondary accounts. Then I wouldn't get any locked posts at all.

DW could set it up so that your reading page allows you to read as only one account at a time, and you would have access to only those posts that you are explicitly granted access to as that account, using some kind of navigation dropdown: if you select my_best_friend, you get all the posts that my_best_friend has access to, but if you select not_my_fandom_kinkmeme_mod, you get only those posts that NMFKM has access to. This is terrific for shared journal situations -- if you are logged in as my_worst_enemy, you don't have access to my posts, and if you switch to NMFKM, you still do not have access -- only if I have explicitly granted access to one of your accounts do you see access-locked posts. (But that completely kills off the "read all posts from all accounts" idea.)

The thing that seems so unbelievably scary about this is not that there might be some person masquerading as, say, totally_innocent_journal who happens to be a sockpuppet for my_worst_enemy -- in a situation where one journal can be owned by only one person, and everyone can be anonymous, you pays your money and you takes your chances.

What seems scary to me is the fact that in a system like this one, you may be -- and in many cases, absolutely would be -- granting access to people without knowing about it or consenting to it. That is a massive, massive security hole, and one that definitely needs serious discussion and thought before implementation.

ETA: [personal profile] tyggerjai has clarified some of this here in this thread. I'm still antsy, but this is different from how I was envisioning it.
Edited 2010-10-21 15:58 (UTC)
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Discounted time for paid secondary accounts!

[personal profile] helens78 2010-10-21 04:10 pm (UTC)(link)
Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Have a careful think about transferring a secondary account from one primary account to another.

As long as the numbers are sufficiently crunched for this, I think that would be a pretty amazing idea. I'm sure lots of RPers would buy extra accounts for their secondary journals, especially if they could get them at a discount.

However, there'd need to be some check on this, so that you don't end up buying discounted paid time for one journal, then making that one your primary journal, and buying discounted paid time for your former primary journal, so that you get all of your time at a discount just because you're gaming the system. (Maybe a journal that's been paid at the discount secondary rate can't be made a primary without ponying up the difference between the discount secondary rate and the normal primary rate, or waiting until its paid time expires altogether?)

Page 1 of 2

<< [1] [2] >>