I didn’t write about the potential hassle that site owners will endure when third-party services become unavailable due to bugs or other problems, but it’s a huge consideration for web developers.

If your site is integrated with any other third-party site for any reason, the performance, stability and reliability of the third-party service is your problem to manage. Your site users will not care that your site is down because OAuth is broken or AWS has an outage or whatever the case may be. They will only know that your site is broken.

Mitigation

The problem is that you can’t build and maintain everything — and you really can’t jettison third-party integrations generally. You can, however, mitigate against failures by developing graceful failover options. Build failover solutions based on the importance of the third-party service. If your entire registration and login solution is dependent on OAuth, your best bet is to include some type of “We’re sorry, but registration and login are temporarily disabled” messaging. This isn’t a perfect solution, but it’s better than “Error 8000EAF0: Cannot connect garbage garbage garbage” or a blank screen.

In many cases, third-party integrations augment your site, but aren’t necessarily a requirement for using your site. Make sure in those cases (particularly for things such as widgets, ads, analytics, etc.) that if a component fails your site design and usability don’t collapse.

Remember that the web is still very young and that everyone — the big services included — are still learning how to make this all work together. The best bet for now is to build your system to be as flexible as possible because the frameworks are still shifting.

Update: I wrote this article last night (Wednesday), but I typically publish mid-morning. Since I wrote this article, tinyurl.com has experienced an outage.

This is not a new concept, but with the recent proliferation of high-profile services such as Twitter OAuth and Facebook Connect, I think it’s time to discuss the pros and cons of using a third-party authentication system for your web site.

Pros

One of the most obvious advantages of using any third-party authentication system including OpenID is that you don’t have to develop the complex systems necessary to validate user registrations, avoid duplicate or spam registrations or manage all of the registration messaging and support. That’s a big deal. If your registration system is too complex because you are trying to ensure that only legitimate users can register, you will undoubtedly lose some potential users who simply find the system too hard to use. Tying into established accounts reduces the barriers to entry for your site.

Another consideration for using a third-party authentication system is the additional features of the third-party service. If you intend to update the user’s Facebook or Twitter status, you’ll eventually need to authorize your user with that service. You may be able to address two needs at one time.

Finally, there is a soft benefit to using a third-party authentication system and that is the added trust. It’s likely that if you use a trusted system or service, your own web site will be implicitly trusted more.

Cons

Using a third-party system does not remove the necessity to keep some user information in a local database or provide some session and cookie management functions. Your web site will probably require additional user information that is not provided by any of the third-party services. Depending on how much of that information is required, using a third-party service may simply add another step to the registration process — increasing the barriers to entry.

Many third-party applications are still evolving. Twitter’s OAuth has only been available for about a month. Facebook Connect is less than a year old and has changed quite drastically (for the better) since its release. OpenID is much more mature as a development tool, but adoption in the user world is still relatively low.

Gotchas

Some things to think about — things that may be pros or cons depending on how your site works with the third-party services.

An advantage of using a third-party for authentication is the fact that there are many to choose from (Twitter, Facebook Connect, OpenID, etc.) so many of your users will already have established accounts with the other sites. But what do you do if your potential user is not connected with any of the third-party sites you use? Consider your audience before committing to a third-party-only authentication solution. If your audience is the bleeding edge web community or if your service is an add-on to the third-party service, you’re golden. Otherwise you may alienate potential users who don’t have and don’t want to be a part of the Twitter-Facebook-etc crowd.

What happens to your users if they decide to leave the third-party site or are banned from using it in the future? People do stop using Facebook, Twitter and other services. People close their GMail accounts (Google provides third-party authentication) and occasionally people are banned from other sites for violations of terms. If your site is not directly related to the third-party site (for example a Twitter search site would be directly related to Twitter), you probably want to make sure that your users can login on your site whether they have an active account anywhere else.

What to do?

I suggest that most sites still need to have a local user login system of some sort. This is to ensure that your users remain your users. Users will not understand or care to know why they can no longer access your site after canceling their Facebook account, they’ll just know that you’ve excluded them and they’ll be upset. No amount of technical mumbo-jumbo will convince them otherwise.

I do encourage the use of third-party authentication systems to add value to your site. There are several reasons to do this:

• Providing additional value-added connections to the third-party services such as updating profile information or status
• Providing social graph information such as which friends of the current user also use your site
• Gathering additional authentication information for your site

Recommendations

Build a simple login system for your site. Limit the amount of information you gather to the absolute minimum you need to provide basic login/account services. This should include a user identifier, password and some method for recovering a lost password. Consider this your first tier of authentication. First-tier users get read access to all of your site and some level of personalization based on their account information.

Next, if your site allows publishing of any information, add a second level of authentication. Since your first-tier users didn’t do anything to prove they aren’t bad robots, they don’t get to publish. This is where you can get creative. Second-tier authentication may be via email (not my preference) or via a third-party authentication system. Choose a third-party that you trust, then have your users authenticate themselves with that third-party and record the authorization information in your user database. Consider the user a second-tier user at that point and enable additional options and services on your site.

The advantages of this tiered approach are many.

• You maintain a local database of users
• You can provide as many tiers of trust as you need with different authentication methods as seem appropriate
• You can provide alternate authentication methods for each tier so your users have many options to authenticate
• If any one of the third-party authentication services disappears or revokes access to a user or group of users, you can provide an alternate method
• You reduce the barriers to entry to your web site
• Your users only encounter authentication barriers as they seek to increase their interaction with your site

Perhaps at some point in the future, OpenID and OAuth or some new thing will be truly ubiquitous and provide all of the features required for completely hands-off authentication services, but right now I don’t think we’re there. Until then, consider a tiered authentication system that provides the best options for you, your site and your users.

For example if you have something like this (hopefully url encoded, not like this):

http://twitter.com
/home?status=Reading: The Why and The How (http://tinyurl/twath)

You need to change it to this:

http://twitter.com/timeline/home?status=Reading: The Why and The How (http://tinyurl/twath)

Right now, the first link doesn’t work anymore, but the second one works just fine.

There is a little bit of noise on the Twitter Blog that indicates changes are coming. This change may be a side-effect of the things that are coming, but nevertheless, right now all old-style Twitter status links don’t work.

Thanks to @thefluffanutta for alerting me about this!

UPDATE: This morning (3 Apr), the old links seem to be working correctly again. Perhaps it was just a transient error on the site. From here, both link types appear to be working.

If you’re new to this site, please take a look at a few of the recent articles covering topics such as Facebook Connect integration, geolocation, and event tracking using Google Analytics. I also highly recommend familiarity with the following:

1. Google Code. This site is awesome. Google is constantly updating their public APIs making integrations richer and easier.
2. Amazon Web Services. I haven’t touched on this much, but as far as mashups and integrations go, Amazon is the service to beat.
3. jQuery. You better believe that you’re going to need to know Javascript today. If you’re still hacking away at it without a good library, repent now and learn jQuery.
4. jQuery UI. An amazing set of well-developed UI components and themes for use with jQuery.
5. Twitter API and Facebook API. Not as fundamental as the above for general web development and integration, but core to social integrations.
6. PHP. Okay, you can use Python or Ruby or Java or ASP or whatever in the back end. My examples are going to be either PHP or Python, though.

Read up. There will be a quiz.

Well, simply stated, it’s because the times they are a changin’. Back in the old days (circa last year), building bridges to your web site was something you did essentially by yourself using technology. Most of your efforts were centered on SEO (search engine optimization), advertising and building more technology (such as doorway pages) to increase your web footprint. All these efforts were combined to make sure that all of the little robots that scour the web would bring more humans to your sites. The problem is that the robots don’t care … and they’re not friends with the humans.

Fast forward to this moment
The web changes quickly and so do the people using it. When I first discovered Google, I could literally spend hours searching — just to see what would appear. Today, I certainly still Google a lot, but I also have a much more powerful method for getting information: I ask other people. I trust my friends and I know how they can help. I also trust my online social groups and I like their recommendations. So very often now, I go to my social networks and ask the questions.

Just taking a quick peek at my Twitter stream right now, I see the following list of tips, news, questions and feedback:

• “How to use StumbleUpon – A Step by Step Guide”
• “The Helium 3 on the Moon and on asteroids could be mined to give us stable nuclear fusion and …”
• “Who should be in the new A-Team film?”
• “Is Google doing anything with GrandCentral? I have an account & nothing has changed since the beginning (except I can’t invite any more)”
• “I really want to help my community by implementing an economic gardening program. However, I’m not independently wealthy. Ideas?”

People have questions. People have answers. People have recommendations.

Your web site might be an island because you’re not enabling people to question, answer and recommend. If you don’t enable your readers, the barriers to sharing are high enough that it doesn’t happen. Have you made it easy for your readers to recommend your site (or page) on Twitter, Digg, Delicious, Facebook, etc.? Do you have a comment form? Do you also provide an RSS feed and a Twitter account to follow?

You see, it’s not about technology, it’s about people. You can work and work and work to feed the robots, but the work of enabling personal recommendations is better. As your visitors become fans, they’ll recommend your services and products through their social network.

Make it easy
If I have to choose between recommending a site that provides me a link to share and a site that I have to manually copy and paste information to share it, I prefer the first. The great news is that enabling sharing on your site isn’t as hard as it used to be — and it’s getting easier. Services like ShareThis and lijit provide turnkey solutions for sharing, aggregating and searching your sites. Feedburner turbocharges your RSS feeds and provides for advertising revenue within your feeds. Social networking sites such as Facebook and MySpace are providing solutions for comment forms and other social tools that work on your site with little or no coding required.

As these tools evolve — and they certainly will — strong interconnectedness with communities of people will be a primary differentiator of web sites. As such, niche sites will have an increased opportunity for success because they won’t be competing in the SEO world, but in the community world and the community will always care more than the robots.

Coming soon…
Within the next two to three weeks, I’ll be showing concrete examples of how to socially enable your web site with some of the drop-in tools listed above and also with some of the more technically intense options available today. Stay tuned!

The problem relates to communicating impersonal messages en masse. I’m not talking about spam. I’m talking about receiving notices about product recalls or getting the latest information about my cell phone coverage or being notified about coupons from my favorite restaurants. The problem with email is that my desire to participate in mass emails from relevant sources decreases over time.

For example, I used to drive a Toyota. Back then I wanted to know about Toyota-specific product recalls, service options, etc. Now I drive a Nissan. I no longer care about the Toyota emails. Same thing with home warranties, insurance, software products, book clubs, political movements, etc. We move, buy new products, switch carriers, change our opinions or just lose interest. But the email keeps coming. And sometimes opting out is more difficult than just marking the sender as spam and letting the email tool do its job.

Opt-in email isn’t the solution, but opt-in is

Opt-in email never felt right to me. Opt-in is so easy, but opt-out is not. I understand. Companies don’t want to lose you. The problem is that they already lost you; they just don’t know it. Everybody loses.

The new opt-in solutions have been available for long enough to mature, they’re just not as ubiquitous as email … yet. The first two opt-in solutions you should be using for your business are RSS and Twitter.

RSS

If you have a traditional web site, you can still produce RSS feeds. You should. If you have a blog, you most likely produce RSS automatically, but are you really using it? Are you making it easy for your readers to subscribe? Have you explained the benefits? Have you pointed them to basic instructions about how to get the most out of RSS? If not, why not?

Twitter

Twitter has been called microblogging and I think that’s a great term. You can use Twitter without a blog or you can combine Twitter with your blog. In any case, if you haven’t started using Twitter, it’s time to get on board. Twitter is two-way communications like email, chat or blogging with comments. Here are some great articles to get up to speed with Twitter in general:

• The Beginner’s Guide to Twitter
• Conversating on Twitter
• Twitter (Wikipedia)

Twitter introductory video

An example

I recently had lunch at Chevy’s in Mesa. While we were there, the waiter provided me with their new opt-in email form and explained that by filling out the form, I’ll get one free appetizer, birthday coupons and general email coupons. Yay for free stuff!

The first thing I said to my wife after the waiter walked away is “this is the perfect example of how a company should be using Twitter.” In the form/email scenario, there are so many problems:

1. The company has to print a form
2. Someone has to fill out a form
3. Someone else has to enter the form contents into a computer
4. The recipient must ensure that desired emails don’t go into the spam bucket
5. The company has to deal with the hassles of mass emailings (this is huge)

The above list doesn’t cover what happens when I decide I don’t want the mailings anymore, or what to do if I change email addresses or email programs or spam settings. It also doesn’t address the huge problems that the company will deal with by managing a large email database.

With Twitter the scenario goes like this:

1. The company either prints small business cards or has a single large banner made that says “Follow us on Twitter: @whatever”

That’s it. If Chevy’s used Twitter like this, I would be able to follow them for as long as I’m interested and unfollow as soon as it’s not relevant for me anymore. Chevy’s gets to alert me (and all followers) whenever there’s a product launch or when they have a promotion. They can still send my free appetizer for following them because they get notified when new followers arrive. The upside is everywhere: no data entry or data management, no email hassles, no customer problems related to spam reports, easy opt-in and opt-out and the flexibility to message as frequently as needed.

What did I miss?