[wp-hackers] Re: GSoC 2008 Proposal: Core OpenID Support
ron at cavemonkey50.com
Sun Mar 23 02:47:18 GMT 2008
Otto, I am curious about your response to my last reply. Do you understand
what I'm talking about now?
On Thu, Mar 20, 2008 at 4:01 PM, Peter Westwood <peter.westwood at ftwr.co.uk>
> Otto wrote:
> > Like it or not, it's not that simple. Mere inclusion of OpenID as a
> > registration would have the effect of encouraging registration-only
> > comments and discouraging anonymous commenting.
> And history has shown that requiring registration can actually make you
> less safe as well.
> It is much more likely for there to be a exploitable security issue in
> any software in the administration area which actually allows you to do
> stuff. A number of the recent WordPress vulnerabilities have only
> easily been exploitable by the people you trust to access your admin
> pages - requiring registration for comments makes this everybody.
> > Now, don't get me wrong. I like OpenID itself. I think it has its
> > uses. I'd love to login to digg using my OpenID. I'd love to use it to
> > login to slashdot, or my favorite online forums, or anywhere where I
> > have a username and an identity that I use on a regular basis.
> > Anywhere where the discussion is a multi-person forum, not a more
> > one-way form of communication like a blog is. So, OpenID is fine for
> > what it does. But it really does not fit the "blog" mold, as far as I
> > see it.
> Me too. For me the killer space for OpenID (or something like it) to be
> implemented is the space in which I need to be authenticated and don't
> want to have to remember the login information that is so difficult to
> remember that I have to write it down. OpenID style authentication is
> the sort of things that banks should be using for there login ids. I am
> not saying that providing an OpenID login is the only thing that should
> use but that is how I should be able to provide my identity.
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
Ronald Heft, Jr.
Information Sciences and Technology
Pennsylvania State University
More information about the wp-hackers