Six Apart's FAQ on TypeKey
Six Apart publishes a long FAQ about TypeKey.
First, I'd like to thank them for responding. More than a few of the questions I asked a few days ago are answered in this FAQ.
Disclaimer: These comments will change, so don't depend on them not changing.
Users have choice and it is clonable
"Other applications will be able to hook into TypeKey for authentication purposes."
"Movable Type users will be able to use an alternate sign-on system if they wish."
Choice and clonability are good things. It means that other developers can play and that users won't be locked in to a specific piece of software. It also means that a community of developers is virtually certain to exist around this functionality.
Question: Do users of TypePad have choice? Could they switch to a different but compatible service?
It's not clear if anonymity is supported. They say "we believe that we have a number of solutions in place that will help verify identity" but later say it is possible to be anonymous. If my identity can be verified, how can that be anonymous?
Is it an API?
They say it's not an API, but it seems there must be an API that the MT application uses to communicate with the centralized service.
When will the API be released?
In one section they say it will be released before they deploy, and in the next section they say it will be released shortly after. It's not crucial that they release the APIs before, but if they want users to really have choice, they should get the spec into developer's hands as soon as possible. Choice here will help alleviate the dependency on their centralized service, which they recognize as being an issue later in the FAQ.
Good. It must be possible for users to turn the feature off.
They say that running your own membership system is a hassle, but experience with Manila, where every site has its own membership (or can share a membership with others) is that it's not a hassle, as compared to other functions of running your own CMS. The main difference is that the Six Apart membership applies to comments, and UserLand's applies to content -- stories, pictures, weblog posts, gems, preferences. There's no reason why configuration couldn't be done by entering the domain name and port of an application that handles membership.
Privacy, data sharing, uptime
Any centralized service is going to have this issues, and there's no reason to trust Six Apart more or less than any other company. With decentralized membership the problem gets worse not better, instead of sharing data with one entity, you're sharing with N entities.