I Want to Be a Second Class Citizen

Every day people I know share photos, videos, blog posts, and other content with me. This works particularly well if they use open services where no registration is required, or when the content is public for all to see. Most content sharing sites default to making user-content public. These services allow users to limit access by making their stuff private and only accessible to a small group of friends. The problem starts when I’m invited to view content that is either private or hosted by a members-only hosting solution.

I don’t like creating new accounts. Not because of social network fatigue, but because of being constantly harassed by new friend requests. This is why I closed my Facebook account – my social circle wasn’t big enough to offer value that will counter the never-ending stream of friend requests I was getting from people I met once or knew long ago. If I am not currently in touch with someone I knew back in high school, I am not really looking to revive that friendship. Same goes to someone I met once at a conference. I have nothing against Facebook and can certainly appreciate the value it offers.

However, every once in a while I will get a link from a friend to his recent photos uploaded to Facebook or other similar sites. I have gotten into the habit of just erasing these invites simply because Facebook will not let me view them without an account. If only there was a way for me to prove my identity to Facebook so that my friend can grant me access without actually opening a Facebook account… Oh, wait! There is – OpenID was created for exactly that.

One of the very first use cases of OpenID was to allow people to post comments on someone’s blog even without having an account on that blogging platform. It didn’t allow those users to write full blog posts – for that they needed a local account – but it allowed them some level of participation that enhanced the service. I am not expecting, or even seeing the great value in sites like Facebook, or even Yahoo! for that matter, allowing users to use OpenID identities from other providers to access their services. There is value in having a local identity that is enhanced by the unique services offered. But having some limited access is valuable.

Privacy and access control are key features of enabling the social web to grow. Being able to explicitly set who gets to view our online media and interact with us is of utmost importance. The solution should not be constrained to a group of users with accounts in one closed community, but allow visitors some level of interaction. This is also smart business proven by thousands of ice cream stores offering free samples – people buy more when they get a taste. Since I no longer have a Facebook account, I don’t know how much better it got in the year since I left. Is the interface better? Are photos presented in some unique way? Are they offering new cooler applications? Are more of my real friends now using the service?

Being able to visit and interact with the local population in a controlled and safe way is something that will only serve to enhance the local service. There is nothing wrong with offering a lesser and limited class of citizenship to guests – and it isn’t even new. What is new is the idea of extending some identity-based rights to visitors by letting them prove their identity using their membership from another community. When Blogger added support for OpenID comments it was by far a more compelling feature than letting people setup accounts using OpenID.

The common understanding of OpenID is of a solution that allows single-sign-on, meaning having one username and password that can be used safely with multiple sites. However, OpenID offers a much greater promise of breaking identity boundaries between services and allowing interaction between members of different communities.

Being a second class citizen is perfectly fine if done by choice. If I choose not to open a Facebook account, but still would like to interact with my friends there by passively viewing their photos and leaving comments, I should be able to. I get to enjoy the photos without the hassle of yet another account, my friends get to share their photos with more people they know and trust, and Facebook gets more eyeballs looking at their ads. Everybody wins.

The quest for OpenID adoption shouldn’t be focused on getting services to replace their own usernames and become a full Relaying Party – a service that allows users with an OpenID from other providers to sign-in with those credentials instead of creating yet another username and password. It should be to identify what activities should not require full registration and a local account, and allow those to be performed using an OpenID from another provider.

From a usability standpoint, we need to find the right interface to combine local friends with people from other sites to form a single access control panel. For blog posts the model of comment-first-get-approved-later seems to work well. I can visit a blog on a site I am not a member of, write my comment, sign-in with my OpenID, and have my comment appear either immediately or after moderation. But for access control, there still isn’t a consistent interface for inviting friends from other networks to view photos and in the process granting them access.

I have long maintained that URL identifiers are a barrier for OpenID adoption. My friends know me as ‘eran@hueniverse.com’, not as ‘http://eran.pip.verisignlabs.com’ – my OpenID URL. Within the context of using OpenID as a distributed access control system, this becomes even more true. It is one thing to expect me to know my URL identifier and use it to sign into services. It is another for me to know all my friends’ URLs. We use emails to send messages and it only natural to use emails to invite people to view our photos, while at the same time granting them access. Knowing someone’s email address should be all I need to invite them to view my photos and grant them access.

For example, after uploading my latest photos to my private Flickr page, I should be able to send invitations to a select group of friends regardless if they have a Yahoo! account or not. Flickr should be able to perform discovery on these email addresses and determine if their provider supports identity verification using the OpenID protocol. If I invite a friend from AOL, Flickr should be able to translate that into an OpenID URL and store that as an approved user identity. When my AOL friend comes to view my photos, they should be offered to login using a Yahoo! account, but also as a guest using they AOL screen name. At this point they will use their AOL account and be allowed to view my photos. They will not be able to post their own photos, which will still require a Yahoo! membership, but as that level of participation it is perfectly reasonable to require it.

The cool thing about this, is that even sites that do not wish at this point to support OpenIDs as a Relaying Party, can still accept identifiers from other services – all or a select group of white-listed providers – using the OpenID protocol. I expect this to happen faster with one-off business deals. Facebook allowing Yahoo! accounts, AOL allowing Google accounts, etc. There is nothing wrong with that and it does get us closer to the utopian state of accepting any (trustworthy) identity. This second-class citizenship might not get us to the VIP room, but getting past the bouncer at the door and into the club is really all we want.

6 thoughts on “I Want to Be a Second Class Citizen

  1. Eran,
    Openid and OAuth have different signing algorithms, and different means of conveying the signature. Have you given any thought to unifying the two, they have a lot in common.

  2. Eran-great thoughts, and I think you’re definitely on to something here, both with “let OpenID-based participation be an on-ramp that lets more people get engaged” and “people know how to provision access based on email addresses, and there’s a lot of friction to move that all to OpenID URLs”. Speaking of which, why does this blog not let me comment with my OpenID? :p

Comments are closed.