An account is a set of credentials, a method of authenticating (and logging out), and some profile information. A user is probably a person, but in general is the abstract basic actor on your system. These two things have always been identified with each other — whether in the database, /etc/passwd, or whatever before that that I wasn’t around for — but that’s now changing.

For example, here at Disqus, we’d like you to be able to login with your Disqus account, Facebook account, Google account, or OpenID. Ideally, authenticating with any of those methods would be equivalent, and all of your accounts would be linked. You could choose the preferred member of your account-set from which to get your profile picture;  you could choose what outbound actions to do through each account, like posting to your Facebook Newsfeed. But we aren’t there yet. Updating the database and UI are just a couple of the problems. Another is how to verify account equivalence, possibly in both directions — is this something there should be a standard for?

Accepting multiple account types is the first step towards reducing the number of account-spaces out there. Once a lot of sites start doing so, users will get accustomed to it, and technologies to assist the process will mature (like browser support for OpenID, or authentication-popup toolkits). Then, new sites will stop feeling like it’s necessary to have their own account-space, and consolidation to a few winners will begin. [1]

So, update your schemas: accounts-to-users is many-to-one.

Andrew
DISQUS
Developer
andrew@disqus.com

[1] There have been a couple attempts (Passport, OpenID) to move directly from a local one-to-one to a new, global one-to-one. There’s too much friction for that work, so it feels artificial. Stack Overflow is very premature in accepting only OpenID, but it’s for the greater good. They can get away with it since it’s a site for developers and has no serious competition.