[wp-hackers] Re: GSoC 2008 Proposal: Core OpenID Support
peter.westwood at ftwr.co.uk
Thu Mar 20 20:01:49 GMT 2008
> Like it or not, it's not that simple. Mere inclusion of OpenID as a
> registration would have the effect of encouraging registration-only
> comments and discouraging anonymous commenting.
And history has shown that requiring registration can actually make you
less safe as well.
It is much more likely for there to be a exploitable security issue in
any software in the administration area which actually allows you to do
stuff. A number of the recent WordPress vulnerabilities have only
easily been exploitable by the people you trust to access your admin
pages - requiring registration for comments makes this everybody.
> Now, don't get me wrong. I like OpenID itself. I think it has its
> uses. I'd love to login to digg using my OpenID. I'd love to use it to
> login to slashdot, or my favorite online forums, or anywhere where I
> have a username and an identity that I use on a regular basis.
> Anywhere where the discussion is a multi-person forum, not a more
> one-way form of communication like a blog is. So, OpenID is fine for
> what it does. But it really does not fit the "blog" mold, as far as I
> see it.
Me too. For me the killer space for OpenID (or something like it) to be
implemented is the space in which I need to be authenticated and don't
want to have to remember the login information that is so difficult to
remember that I have to write it down. OpenID style authentication is
the sort of things that banks should be using for there login ids. I am
not saying that providing an OpenID login is the only thing that should
use but that is how I should be able to provide my identity.
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
More information about the wp-hackers