A Membership System for the Modern Age

This is a prototype post. It documents some thinking I have about where membership systems for various web-platforms need to be in terms of capabilities.

  1. Separation of users, organisations and rights.
  2. Support for multiple e-mail addresses (e.g. mitch.denny@notgartner.com or mitch.denny@readify.net).
  3. Support for authentication via e-mail address or specified username.
  4. Support for merging accounts.
  5. Support for other authentication mechanisms (oauth, Open ID, Facebook, Twitter, ADFS etc).
  6. Support for constrained delegation (what rights does a specific OAuth token have?).
  7. All the other requirements for membership providers.

I think the likes of LinkedIn has a good membership system where I can sign in with either my personal address or my work address, but they know both accounts are me. This stops identity fragmentation based on e-mail address. The extension to this is that if you do end up with two accounts you can merge them.


2 thoughts on “A Membership System for the Modern Age

  1. Fergal O'Donnell (@fodonnel)

    – Forgotten password reset functionality – email a short lived change code
    – Security audit logging
    – Email warnings when changing the login options – e.g when you add a new e-mail address, an email should be sent to the original address warning the user and allowing them to undo it

  2. Wile Coyote

    Rudimentary thinking Mitch… Plethora of material all saying the same thing… how do you get an on-line identity with the intelligence to know whether you are in a work scenario or a private one… and opens the rights which protect you as an individual and any organisation you are connected to, without exposing your privacy to unwanted intrusions…

    I would say that the answer is forming with the advent of Cloud… in that all systems in which you interact can live there… given you are not in the defence or intelligence communities… You should look at some old thinking…. Microsoft Wallet… It was a brave step doomed to failure, but the documentation provides some really interesting reading… and has new scope for implementation with “Cloud”.

    Still, maintaining multiple email addresses is the real problem… why cant email servers get to web directives such as mitch.denny@notgartner.com/readify

    I have always maintained my wile1one hotmail persona since my wile coyote hotmail was hijacked for the 80th time 15 years back… and I use it for every email. If I am required to have a different address (eg as part of a team), I route the email to my hotmail. I only need check one source and being hotmail, it is rarely down. Its the bevy of passwords and logins to sites that brings me unstuck… some require I change password regularly and log on regularly to avoid losing my account priveliges.

    There should be a centralised social network transparency, which accepts that if you are authenticated on hotmail that when you cross over to facebook or twitter, you are the same person… I hate that login screen and checking which damned password I used. I also hate having to change my address details 15 times and remember which ones I have done each time I move.

    I know it is a legal requirement, but it could be overcome if the entities formed a partnership entity which assumed the legal responsibility. Then you could provide that entity details once, and nominate which of the services you want to engage – hotmail – gmail – yahoomail – twitter – facebook- whatever. That was what Microsoft Wallet was all about… easy to see why it failed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s