Add blog post describing identity refactor. #289
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I want to post this in advance of the actual work so that we can send notifications to users who might be affected, and refer them to this post.
kentonv
force-pushed
the
refactoring-identities
branch
from
7a94a55
to
e3b9e40
Compare
ocdtrekkie
approved these changes
May 8, 2017
neynah
reviewed
May 8, 2017
| Over the next few weeks, I'll be making a major change to the way Sandstorm handles user accounts and identities. My goal is to make things far less confusing. | ||
|
|
||
| Most Sandstorm users probably have no idea that these features exist, and so won't notice the change. However, if you've linked multiple "identities" (multiple e-mail, Google, or Github accounts) to your Sandstorm account, you may want to read this. | ||
|
|
|
|
||
| We are dropping support for multiple "personas". Going forward, each Sandstorm account will have only one profile -- one name, one profile picture, one entry in the sharing auto-complete list, etc. What we call "identities" today will be renamed to "credentials". A credential will no longer have its own profile, and you will no longer need to choose which credential you are acting as when accessing grains. Authentication-related features of credentials (for login, and for secure sharing) will remain mostly intact. | ||
|
|
||
| Users who rely on the ability to manage multiple personas today will need to transition to using multiple accounts instead. I suspect that there are vanishingly few such users, as most users never understood Sandstorm's identity system in the first place. That said, if you are affected, I apologize. I would love it if you would get in contact with us to let us know about your specific needs, so that we can try to design a better experience for you. (For what it's worth, I personally recommend using the multi-profile feature provided by various browsers to separate your personas into totally separate browser contexts with different window themes -- this makes it much easier to prevent accidental leakage.) |
There was a problem hiding this comment.
-
It's unclear what the impact will be on existing users with multiple personas.
-
Provide the best way to get in touch with us: support@sandstorm.io/dev group/etc.
|
|
||
| ### History: The current system and why it was built this way | ||
|
|
||
| Way back in late 2015, we introduced the concept of "multiple identities" in Sandstorm. Ever since, a user account on a Sandstorm server has been able to have multiple identities attached to it, each with a different profile (name, picture, etc.). Once a user has multiple identities, they can choose which identity to act as when using apps. When users share with each other, they often do so "by identity", meaning you choose the identity (not the account) with whom you want to share. It's even possible for multiple accounts to share a common identity, in order to have multiple people "acting as" the same persona. |
There was a problem hiding this comment.
Perhaps defining a user account would be helpful here.
There was a problem hiding this comment.
Hmm, I'm not sure what you're looking for here. The notion of a "user account" seems self-explanatory to me, but I'm open to suggestions.
I addressed your other comments.
|
|
||
| 2. We wanted to ensure that the user ID seen by an app was a global identifier -- meaning it would be the same even if the app was moved to a different Sandstorm server. This required that the ID be derived from the user's credentials, e.g. a hash of their Google or Github user ID. | ||
|
|
||
| 3. When users share with each other, we wanted them to be able to do so using well-known public identifiers, for additional security. Typically, Sandstorm users share with each other by creating and sending "secret links"; anyone who receives the link can get access. This is convenient, but sometimes you want some additional assurance that a link can't be leaked. In that case, I might want to specify a specific Github username or Google account e-mail address with whom to share, and have Sandstorm guarantee that the receiver must authenticate as that identity to open the link. |
There was a problem hiding this comment.
I -> you
or
I -> a user
Github -> GitHub
|
|
||
| ### What we're doing instead | ||
|
|
||
| We are dropping support for multiple "personas". Going forward, each Sandstorm account will have only one profile -- one name, one profile picture, one entry in the sharing auto-complete list, etc. What we call "identities" today will be renamed to "credentials". A credential will no longer have its own profile, and you will no longer need to choose which credential you are acting as when accessing grains. Authentication-related features of credentials (for login, and for secure sharing) will remain mostly intact. |
There was a problem hiding this comment.
Does this mean all existing identities will be merged into one identity (and one account) or that each identity will be split into separate accounts?
kentonv
added a commit
to sandstorm-io/sandstorm
that referenced
this pull request
May 8, 2017
See explanation here: sandstorm-io/sandstorm-website#289 We send a bell notification to all users who have multiple identities where the display names of those identities are not all the same. We also show a warning on the accounts page for these users. We specifically look for users with varying names on the assumption that if all the names are the same, then the user really only has one identity anyway, and the coming changes will be a strict improvement for them. I didn't feel it was necessary to compare profile pictures, handles, or preferred pronouns because if the display name is the same, it seems unlikely that the profiles vary significantly in these other factors.
dwrensha
approved these changes
May 8, 2017
neynah
approved these changes
May 9, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I want to post this in advance of the actual work so that we can send notifications to users who might be affected, and refer them to this post.
@dwrensha and @neynah, I'd love to get your thoughts on this.
Maybe also @zarvox if you're interested.