³ÉÈËÂÛ̳

« Previous | Main | Next »

Why did we build ³ÉÈËÂÛ̳ iD?

Post categories:

Simon Cross Simon Cross | 15:40 UK time, Friday, 12 March 2010

badges.jpgYou may have noticed that slowly but surely, we're moving all our existing services to a new sign in system, called . You might also notice that anything we build from now on uses ³ÉÈËÂÛ̳ iD from the start. So far we've migrated all our blogs, nearly all our messageboards, and our three big communities: , and H2G2.

A few people have posted blog comments asking why we've done this, and what what it means for the future. I thought I'd write this to help explain what we're doing and why.

So, why did we build ³ÉÈËÂÛ̳ iD?
The simple answer is that our old system - called 'Single Sign On', or SSO - needed replacing. It had been around for nearly 6 years, skillfully powering all the ³ÉÈËÂÛ̳'s online services which required authentication, but 6 years is a long time on the web. SSO has been showing its age in some very specific ways:

The technology platform
SSO was built on Perl and MySQL. Good technologies for their time, but the ³ÉÈËÂÛ̳ is moving towards a new online architecture (internally called 'Forge') which uses Java and PHP on top of MySQL, Apache and Memcached. Soon, the old Perl-based system will be turned off. SSO would have to have been ported to Forge anyway, so it was a good time to completely refresh it from the ground up.

Performance
SSO used a single MySQL database instance. Forge allows applications to have multiple partitioned databases - which helps to make it horizontally scalable. This means that as ³ÉÈËÂÛ̳ iD gets used more and more, we can make it perform simply by adding more servers. Until recently, you only signed in to small pockets of the ³ÉÈËÂÛ̳ - the odd messageboard here, a one-off application there.

However, with the advent of ³ÉÈËÂÛ̳ iD, nearly every page on ³ÉÈËÂÛ̳ Online will know if you're signed in or not, and will be able to adjust itself accordingly. This new level of personalisation will allow ³ÉÈËÂÛ̳ Online to grow and personalise around you in ways that were never before possible. But this level of integration, and load, will needed a totally new architecture which made heavy use of partitioned (sharded) databases, Memcache, and load balancing.

Internationalisation
³ÉÈËÂÛ̳ Online continues to grow its audience internationally, and has a staggering number of language sites. As these sites want to do things like personalisation, they need sign in features in their native language. Adding features like these retroactively to a product is really hard - they have to be built in from the start. One more reason why we knew SSO had to be replaced.

Although the first versions of ³ÉÈËÂÛ̳ iD are english-only, under the hood, it's been designed with internationalisation in mind. For example, every bit of text you see isn't embedded into the code, it comes from a language specific package. We're now working on increasing the number of supported locales. This will eventualy include not only the main UK languages like Welsh and Gaelic, but languages with different characters (like cyrillic in Russian) and right-to-left text (persian etc) - in fact, anything you can throw at Unicode.

Security
Since SSO was developed, security techniques and technologies have moved on a lot. For example, a while back it was impossible to support the loads we needed to support and encrypt data both in transit and on disk. Now, that's possible. As such, ³ÉÈËÂÛ̳ iD has been built from the ground up with very secure architecture in mind. All personal data is stored on disk encrypted, all personal data is transferred over https, and inside the ³ÉÈËÂÛ̳ there are strict access controls put in place to make sure only the staff who are authorised have access to it. While SSO was good for its time, the security model had to be thoroughly rethought.

But why build your own sign-in system at all?
, , - the modern web is full of distributed, decentralised identity systems. We could have just forgotten about building our own system, and just implemented one, or all, of these.

Well, the good news is they're on their way! ³ÉÈËÂÛ̳ iD was built from the ground up to be compatible with and other distributed authentication systems and later this year, we'll be introducing the ability for you to sign in to ³ÉÈËÂÛ̳ Online using your Facebook login via Facebook Connect, and your Google and Yahoo logins (and more) via OpenID.

However, we still felt we needed our own base-level sign in system, both for those users who don't have external logins they want to use, and also for those who just don't want these things linked together. As the ³ÉÈËÂÛ̳ has a mandate to serve all licence fee payers, building our own standalone system was a necessary evil.

Truly, Single Sign On
The biggest problem with the old SSO system was that, although it was actually a bbc-wide sign on system, almost none of our users realised this. It was mainly down to some user-experience descisions within the SSO interface. While a tiny percentage did use their SSO account for more than one service, nearly everyone created a new SSO account for each ³ÉÈËÂÛ̳ service they registered for. We're trying to move ³ÉÈËÂÛ̳ Online to become a more social, more coherent website. As such, it's essential that our users realise they're signing into the whole ³ÉÈËÂÛ̳ site - not just a part of it.

With the old SSO model, we had ghettos of interactivity which didn't connect with each other or the rest of the site; each had their own users, their own rules and their own user interfaces. This made it impossible to represent users on every part of ³ÉÈËÂÛ̳ Online consistently.

³ÉÈËÂÛ̳ iD solves this problem in two ways.

Firstly, you can only have one ³ÉÈËÂÛ̳ iD per email address. This is made clear as soon as you try and create a second ³ÉÈËÂÛ̳ iD with the same email address. A single ³ÉÈËÂÛ̳ iD can be used across ³ÉÈËÂÛ̳ Online and a person can have more than one ³ÉÈËÂÛ̳ iD, but they'll need a separate personal email address to register with for each one. Contrary to some comments on our blogs, ³ÉÈËÂÛ̳ iDs are not limited by IP address, so you can have more than one per household. The email address is the important unique field.

Secondly, we created a 'brand' for our login. We're not the first to do this, , , all do it. And remember ? We'd rather not have called it anything, but we did lots of testing that showed that people didn't realise their login was global across our site unless we branded it. We've been careful to keep is a 'soft' brand though. It's represented by colour, language and iconography. This consistent message should remind users where ever they see the 'Cid' symbol (Cid's the bod on the badges pictured above, derived from BBC iD) and the words 'sign in', that they can use the same sign in details they use elsewhere on ³ÉÈËÂÛ̳ Online.

By contrast, SSO's sign in and register pages were branded to match the service you came from - further reinforcing the impression that SSO was service-specific sign in.

But it's a pain to upgrade
Yes it is. Transitioning users from the old system to the new system is not easy. We could have just copied all the old user data from SSO into our new system, but that would have meant millions, literally millions, of old, dead unused accounts in our nice, clean, new system. Instead, we chose to allow our users to 'upgrade' their old SSO accounts to ³ÉÈËÂÛ̳ iD. While this is a little annoying for some users, it is a one-time only process, and means the users we have in ³ÉÈËÂÛ̳ iD have new, clean data - and best of all, it means people can register with sensible usernames again. With 13 million accounts created over 8 years, SSO was full of old, bad data.

We take our users' experiences very seriously, so we've done all we can to make the upgrade process simple, reliable and quick. There will always be some people who experience problems, but we monitor our stats and our help email addresses very closely and try and help each and every one of our users who has problems.

Will it be worth it?
The short answer is, yes.

Change is often disruptive, but necessary. The rollout of ³ÉÈËÂÛ̳ iD across ³ÉÈËÂÛ̳ Online will allow our site to do incredible new things - more personalisation, better interactivity and provide more security to our users. Without this move to use ³ÉÈËÂÛ̳ iD, ³ÉÈËÂÛ̳ Online would not be able to build, grow and become a properly modern interactive, coherent site.

Simon Cross is the Product Manager for ³ÉÈËÂÛ̳ iD.

Comments

  • Comment number 1.

    I don't understand the stuff about facebook, and I don't want to be signed in to any bbc pages other than the community I use. I don't want you spying on me when I read the news!

    And out of interest, the site is called ³ÉÈËÂÛ̳ Online again? How things stay the same when they change...

  • Comment number 2.

    iD will be extended to support OpenID logins? Ace!

    (Presumably I’ll be able to attach an OpenID to my existing iD, though… right?)

  • Comment number 3.

    Should just stick to the ³ÉÈËÂÛ̳ ID for all of the ³ÉÈËÂÛ̳ site. Facebook causes problems

  • Comment number 4.

    @Mina: Facebook connect allows you to sign in to sites other than Facebook using your Facebook sign in details. The other sites do not know or store your Facebook sign in details but it means you have to remember one less set of credentials. This is what we're planning on adding to ³ÉÈËÂÛ̳ iD in the near future. Signing in to ³ÉÈËÂÛ̳ iD does mean that you're signing in across the whole of the ³ÉÈËÂÛ̳ website, not just a single community, but don't worry, we don't spy on you while you're reading the news! It just means that if you want to leave a comment on Have Your Say then you'll already be signed in from when you were talking in your community.

    @Mo: Yep, OpenID will be supported around the same time as Facebook connect. You certainly will be able to link your OpenID account as well as your Facebook account. As was mentioned in the article, we don't like the idea of people having multiple accounts so it only seems natural we should let people do this.

    @Hypestar: It'll still be ³ÉÈËÂÛ̳ iD but people will be able to sign in to it with Facebook. Don't worry, we have some awesome developers here with loads of Faceboko Connect experience so we shouldn't have too many problems...

  • Comment number 5.

    Will the ³ÉÈËÂÛ̳ iD ever be used to restrict content viewing? The scenario I'm imagining is: your ³ÉÈËÂÛ̳ iD is linked with your TV license details and if you've not payed your dues, then you wont be able to use the iPlayer service.

    Is that part of the plan, I wonder?

  • Comment number 6.

    #5. At 11:35am on 13 Mar 2010, Paul Livingstone wrote:

    "The scenario I'm imagining is: your ³ÉÈËÂÛ̳ iD is linked with your TV license details and if you've not payed your dues, then you wont be able to use the iPlayer service."

    Well I suppose anything is possible, technically speaking, but until the ³ÉÈËÂÛ̳ iD for your TVL number, name and address (none of which they do at the moment, unless things have changed radically since I created my iD) there will be no way of linking peoples iD with an address - even more so when one can sign-up using 'chuck-away' email addresses such as Gmail and Hotmail.

  • Comment number 7.

    @Paul: No, there are definitely no plans for anything quite so nefarious! The closest we'll get to content restriction is preventing children from accessing mature or unsuitable content and likewise preventing adults from accessing children's message boards etc.

  • Comment number 8.

    #7. At 3:44pm on 13 Mar 2010, Mark wrote:

    "@Paul: No, there are definitely no plans for anything quite so nefarious! The closest we'll get to content restriction is preventing children from accessing mature or unsuitable content and likewise preventing adults from accessing children's message boards etc."

    How the heck are the ³ÉÈËÂÛ̳ going to police such a measure, how will you know that little Jimmy signing up for his ³ÉÈËÂÛ̳-iD is actually just 10 and not 25 as stated, how are you going to know that Little Jane isn't actually a 40 year old bloke in a dirty raincoat, also, assuming that you did mean accessing and not posting-to children's message boards etc, you do realise that that you will be preventing parents (or other adults who might have legitimate reasons to access such message boards etc.) from checking on what their kids/charges are reading and/or contributing to - short of the adults logging-on with the kids computers/accounts, but hang on, we're back to adults pretending to be kids again...

    The ³ÉÈËÂÛ̳ should NOT be playing the "net-nanny", for one thing it lulls both parent and child into a fail sense of security were the internet is concerned. No one wants to see kids get hurt but wrapping them up in cotton-wool doesn't protect them when they find they don't have the cotton-wool coat on, it's as crazy as teaching a kid how to cross the road by only ever using a one-way street, as soon as the kid comes across the more usual two-way street...

  • Comment number 9.

    So will iPlayer also be migrated from Pearl to Forge?

  • Comment number 10.

    Boilerplated: I believe the ³ÉÈËÂÛ̳ already do this - there was some kid-orientated page I came across a few months ago and it asked me to log in, then complained I was too old. I had to create a new account with a fake DOB to see the site. No idea what page it was though.

    I'm never entirely sure how such a system can be enforced - it's fairly easy to enforce drinking regulation as you're checking people are over an age - and expecting ID, but kids don't have ID (and shouldn't have to!)

    You can bet the government has some scheme planed to give all kids ID cards to help solve this problem.

  • Comment number 11.

    Simon - thanks for your explanation of the new system (to which I had no problem migrating, in fact it was seamless in my case). It is a bit of a surprise to hear about the perception of the old system not being '³ÉÈËÂÛ̳-wide' - I had always regarded it as such.

    I have a question regarding the 'old, dead, unused accounts'. In the current messageboard system, my entries are shown as "Russ (U2360818)". On the assumption that the new ID system is essentially an 'opt-in' one (in the sense that a user has to confirm current details), what will be shown for those users who have not upgraded to the new system, either because they are not around anymore, or because they may have ditched a previous identity?

    I ask this question because I do often look back over old messageboard threads, and it would be a shame if the identity of many 'old' users was wiped.

    Russ

  • Comment number 12.

    @Boilerplated: You're right of course - there's no way to be totally sure that someone hasn't created another account with a different date of birth. This is something we can't solve completely and will not attempt to do so. What we have created is a system that goes as far as it can to address the problem. It's not watertight in that respect but then it doesn't claim to be so, nor does it promote itself in that way. In fact the only time anyone would come across this feature is when trying to access something they are not permitted to access.

    For the casual browser this will be enough to stop them. For someone slightly more interested, they may try registering another account but most people would stop when it complained that they had already registered with that email address.

    As for accessing as opposed to posting, that is at the discretion of the message board or service in question.

  • Comment number 13.

    12. At 5:56pm on 14 Mar 2010, Mark wrote:

    "@Boilerplated: You're right of course - there's no way to be totally sure that someone hasn't created another account with a different date of birth. This is something we can't solve completely and will not attempt to do so. What we have created is a system that goes as far as it can to address the problem. It's not watertight in that respect but then it doesn't claim to be so, nor does it promote itself in that way."

    So why do it, the fact is that SOME parents WILL think it's water tight - it is the ³ÉÈËÂÛ̳ after all, a trusted brand...

    What you have created is like one of those houses that has a dummy burglar alarm boxes on the front wall, no passers-by bother about suspicious activity as they assume that the property is protected by said alarm...

    "In fact the only time anyone would come across this feature is when trying to access something they are not permitted to access."

    Who says they are not permitted to enter, I though we were talking about the public social media areas of the ³ÉÈËÂÛ̳ not internal Intranet areas, who are you to tell a parent that they can't access (on their own accounts) the areas were their kids visit.

    "For the casual browser this will be enough to stop them. For someone slightly more interested, they may try registering another account but most people would stop when it complained that they had already registered with that email address.

    As for accessing as opposed to posting, that is at the discretion of the message board or service in question."


    So again the parent or legitimate adult gets rejected whilst the 40 year old man in the old raincoat and that nice fresh throw-away hotmail or gmail account gets accepted!

    Unbelievable cluelessness, how long and how much money did this cost us...

  • Comment number 14.

    #8 #13
    In a previous post and its comments (/blogs/bbcinternet/2009/10/bbc_trusts_good_news_for_cbbc.html) Marc Goodchild, Head of Interactive and On Demand for ³ÉÈËÂÛ̳ Childrens, has talked about many of the issues brought up here around child safety on ³ÉÈËÂÛ̳ sites, and in particular why things have been done the way they have.

  • Comment number 15.

    In reply to Paul @ 14:

    Thanks for reminding me of that other blog were I (also) asked difficult questions about the ³ÉÈËÂÛ̳'s policy in respect of on-line security, the C³ÉÈËÂÛ̳ "brand" and were the host decided to walk away after posting the one follow up, basically repeating official policy position rather than entering any sort of debate...

  • Comment number 16.


    Sign in to sign to sign in, to What ?

    So, it says my under 16 year-old son to 'protect' him must have a ³ÉÈËÂÛ̳ 'sign-in' ID to play a game on the C³ÉÈËÂÛ̳ web-site. Oh and once he's signed in I, his parent must give my consent, by e-mail. Yes, he doesn't have an e-mail address, because he is 8 years-old, he doesn't go near a keyboard without me at his shoulder. So, I enter my e-mail address and 'no this e-mail address is already being used' yes by ME - BECAUSE I'M SIGNED IN !!!!!

    25,000 staff and not one of them capable of understanding a log-in script. I give up, but then £3.5Bn in 'unique funding' can't be wrong.

  • Comment number 17.

    @DarkStar: Really sorry you're having so many problems. If you could put your problem into an email (and include the URL for the game you are trying to sign your son up for) and send it to membership@bbc.co.uk we will work together to fix this issue.

  • Comment number 18.

    So, with a ³ÉÈËÂÛ̳iD, will it be possible to link your TV licence to it, so that when abroad, it's still possible to view iPlayer content as though you were in the UK ??

    This is one of the biggest problems with iPlayer when on holiday - I can't watch anything as I am "not in the UK", even though I am a UK rewsident on holiday with a valid TV licence.

  • Comment number 19.

    @CBers no, we've got no plans to connect your ³ÉÈËÂÛ̳ iD to your TV Licence.

    Sadly, the iPlayer and most other AV service will continue to be limited by IP address - i.e. WHERE you are accessing it from.

  • Comment number 20.

    iD will be extended to support OpenID logins? Ace!

  • Comment number 21.

    @Sesli Chat Yep - that's what we're working on right now!

  • Comment number 22.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 23.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 24.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 25.

    All this user's posts have been removed.Why?

  • Comment number 26.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 27.

    It’s a good idea to launch the ³ÉÈËÂÛ̳ iD. In my opinion, the PHP and MYSQL languages are best than Perl and MySQL.

    ³ÉÈËÂÛ̳ iD was built from the ground up to be compatible with OpenID. This is a good idea.

    [Unsuitable/Broken URL removed by Moderator]

  • Comment number 28.

    I saw above that will be available for open ID... is it ready?

  • Comment number 29.

    I promised my 10 year old and 6 year old boys that i would like to express joy with the programme 'Tinga Tales' currently on Cbeebies daily at 07.40. The only problem is that you probably have not that many and we see the same ones again and again.
    My boys love both the questions and the answers. The beautiful African voices given to the animals are wonderful and sound very authentic. Even Lenny Henry sounds Africa.
    So please, quickly make another series with more questions to answer!

    suzy-anne lees
    xx

  • Comment number 30.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 31.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 32.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 33.

    This comment was removed because the moderators found it broke the house rules. Explain.

Ìý

More from this blog...

³ÉÈËÂÛ̳ iD

³ÉÈËÂÛ̳ navigation

³ÉÈËÂÛ̳ © 2014 The ³ÉÈËÂÛ̳ is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.