DISQUS

carlo.comments: Ma.gnolia FAIL, Or: Rendering OpenID Useless

  • Larry Halff · 1 year ago
    While seeing you compare Ma.gnolia to porn has a certain entertainment value, the value of you're assessment of our OpenID implementation stops there.

    First, we've supported OpenID since December, 2006. We only recently required OpenID or Facebook login to create an account.

    Second, many OpenID consumers still require you to choose a nick name or screen name and provide them with a way that they can contact you.

    Finally, our method of merging an old style account system with OpenID was generally considered a great success upon release, and I'm nothing but proud of our commitment to supporting decentralized identity.
  • Carlo Zottmann · 1 year ago
    Larry, thanks for stopping by.

    I won't argue that there's probably been a lot of work gone into the implementation. Yes, there are legacy issues that you need to deal with. All good, and I see the problem.

    But I stand firm in my opinion -- the actual implementation is flawed to me. It might be valuable for you (anti-spam measures etc.), but IMHO it adds *nothing* that is directly valuable to the user. I can use my OpenID, yet I have to pick an unique username. So, for me as an enduser, what is the benefit of entering my OpenID?

    Also, your argument that "many OpenID consumers still require you to choose a nick name or screen name" is not really an argument. My mom used to say, "If everyone's jumping from a bridge, would you, too?". :)

    Cheers,
    C.
  • Todd Sieling · 1 year ago
    I'm not as richly informed on porn as a genre, but I can offer some additional thoughts on what we're doing with OpenID at Ma.gnolia.

    It's true that one of the big benefits that OpenID can bring to people is having a consistent screen name across different websites, but there are situations where *requring* people to use their OpenID as their display name in a social system does provide benefit to people using that service.

    The first is practical: without asking for a screen name, we're left with the URL serving as a screen name. Presenting people as URLs would be unweildly in the interface we already had in place when we brought OpenID into Ma.gnolia. In designing new interfaces with OpenID in mind, URLs still present some problems for human readability, especially in lists or where multiple people are shown in association with a given entity.

    The second is about social needs. if people don't want to surface their OpenID in Ma.gnolia, they don't need to. They require a verified identity to sign into Ma.gnolia, but they can present themselves under the name they choose when interacting with the wider community there. Some systems demand that a real-world name be used to represent oneself in that system, like LinkedIn or Facebook. Ma.gnolia allows a more fluid representation of public self, and so forcing a hard link between an URL and a member in public view isn't in ours or our members' best interests.

    We've also developed a way for multiple OpenIDs to be associated with a single account, which is something that workgroups using Ma.gnolia need. We have a number of organizations using Ma.gnolia to manage links that they serve out to visitors to websites and so on, and they need a way to show their organization name but to also allow their team members, each with their own OpenID. In that scenario, no one ID should be representing the organization.

    Finally, and as Larry mentioned, Ma.gnolia was built before OpenID, and as such is largely architected around screen names. When we first incorporated OpenID, we had a lot of members who didn't come to us with OpenID and we wanted to keep serving them. Running a system that half-depends on screen names and half-depends on URLs wasn't viable, so we decided to keep screen names and bring OpenID in sooner than later. It's not a perfect world, and sometimes we need to make compromises. If that deserves biting critiques, then so be it.

    @BenFox, We were concerned about losing people as well. We were told to expect an 85% drop in new member signups by going to only OpenID, but we trusted our instincts and made the change because we believe this is where the web is going. We saw a 11% drop, almost exactly inverse the expectation. This fact was included in Larry's blog post last week at http://ma.gnolia.com/blog/2008/04/03/on-our-new....
  • Carlo Zottmann · 1 year ago
    A lot of good background information. All valid reasons. Thank you!

    I can see your points there. But if I might offer a suggestion: maybe explain those things on the page where you're asking for a screen name. A link to the FAQ would probably do, too. But the way it is now is plain out confusing -- obviously, and to me at least. ;)

    Who'd have thought that indirectly linking/comparing a site to porn would provoke a discussion like this. Days like this make me think the internets aren't that bad after all. Heh.
  • Todd Sieling · 1 year ago
    We were kind of offended by that comparison, and a bit hurt by the boldness of a FAIL title, but I'm glad it's turned into a good discussion. Indeed, the internets work pretty good sometimes, and this is one of them.
  • Carlo Zottmann · 1 year ago
    Well, sorry about the comparison. It was about the situation in general, not just Ma.gnolia.

    When I wrote that post I wasn't in the best of moods. Over the last few weeks I've seen a number of "zomg, we're OpenID-capable now" announcements and implementations (some of them by rather new sites), most of them half-assed (in my eyes). So there was a bit of anger which had piled up, and just by chance it was you who ended up on the receiving end.
  • Todd Sieling · 1 year ago
    I hear you; it's totally happened to me, too. All that aside I'm glad the conversation happened.

    I'm going to propose some new text for the OpenID page to round out the discussion of benefits while keeping the ideas accessible. Even if that change doesn't get accepted, this whole discussion has allowed us to improve how we explain things to people visiting Ma.gnolia and other projects we're working on where OpenID will be used. Small steps on a long journey, but I think they're good ones.
  • BenFox · 1 year ago
    I am afraid that I must agree Carlo's post. The idea of OpenID is not to give websites the possibility to authenticate users but give the user the comfort not to have to provide additional data. I bet there you will have quite a drop-off rate. All additional data requested from the user should be optional. Of this makes no sense to your service the OpenID support itself makes no sense. Just my topence.
  • Chris Messina · 1 year ago
    Well, just because you use OpenID doesn't mean that site operators can't demand that you provide additional information in creating your account. Just because you show up to a bar with your ID doesn't mean that they have to let you in.

    I do see an opportunity for Ma.gnolia to improve the messaging and flow in this case, but perhaps it has more to do with your expectations about using OpenID then with Ma.gnolia's implementation. Can you explain where you got the impression that a site shouldn't be able to require additional information when you sign up?
  • Carlo Zottmann · 1 year ago
    Oh, I don't think it "shouldn't be able". I just think it's highly inelegant and defeats the advantage of using an OpenID.

    The OpenID site starts to explains the concept by saying:

    "OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience."

    So naturally, that's what I expect. :)

    As I've said, I can see why they chose to make use of OpenID, but I fail to see the advantage for the end user.
  • Chris Messina · 1 year ago
    While we're on the subject, perhaps you can give me an idea of what you'd recommend for a user's profile URL if they sign in with Ma.gnolia? Elegance aside, this is a common problem, so if you create an account with your OpenID on Ma.gnolia, what link would you want to give to your friends to find your bookmarks?
  • Carlo Zottmann · 1 year ago
    My idea would be to make use of formerly disallowed characters (in a site context). Let me explain.

    Let's say I have a site, example.com. example.com has used an 0ld sk00l signup form for years, which allowed letters and numbers in an user name, so you could register "factory joe", but neither "factory.joe" nor "factory joe".

    Now when implementing OpenID, I'd take the URL, strip the redundant bits ("http://", for example), so I'd end up with something like "factoryjoe.com" or "me.yahoo.com/factoryjoe". Maybe clean that up even more (replace slashes etc.)

    Done.

    So now you have user URLs like http://example.com/user/factoryjoe.com or http://example.com/user/me.yahoo.com-factoryjoe.

    Awfully pretty? No, not really. Practical? Yes. To me, this doesn't look worse than http://example.com/user/factoryjoe1532 (which was picked because "factoryjoe" was already taken).

    Added bonus: the users may remember they actually have an OpenID.

    I don't have a silver bullet here. I am not the smartest person on the planet. But I thought about it, and I am pretty sure there's better ways than "OpenID? Cool! Now pick an user name". :)

    So to answer your question: I'd happily go for ma.gnolia.com/people/carlo.zottmann.org.

    Cheers,
    C.
  • Todd Sieling · 1 year ago
    I think the OpenID.net description does end up misleading in trying to be as easily understood as possible. I would argue that not having to re-enter a screen name is a secondary benefit, at best, when compared to the benefit of being able to use a trusted service to authenticate oneself across many websites. Reducing password duplication and keeping one's identity in control, not to mention the advantage we've seen in verified identities for accepting new members, would take precedent for vote.

    Those notions are harder to pack into something short and memorable, though, so I understand why they're not front and center in that description.
  • Hendrik Mans · 1 year ago