[wp-hackers] Re: GSoC 2008 Proposal: Core OpenID Support

Ronald Heft ron at cavemonkey50.com
Thu Mar 20 17:07:39 GMT 2008

Otto, I want to thank you for your responses. You're really helping me
further develop my proposal.

Regarding the benefits of core support over a plugin, personally I feel
something as heavily integrated in the login process as OpenID belongs in
core. A plugin is not the proper place for something so drastic. Why? Should
an OpenID plugin break on a WordPress upgrade or cease to be supported by
the author, you end up with users who have no way to login to WordPress.

I personally feel that a plugin should be able to be disabled with no ill
effect. Which is why I currently do not use an OpenID plugin, or any plugin
for that matter that would cause problems should I ever have to stop using
it. Something a simple as a plugin that adds [quote] tags to comments I
avoid, because I would have a mess without it.

OpenID is that kind of plugin. Should an OpenID plugin be disabled, you end
up with a mess. Users that have only registered with OpenID have no way of
logging in, and so on. This feature would be better suited for official core

In addition, even if OpenID is disabled by default, just the option makes it
easier for users wishing to login with OpenID. A user would only have to
request for the blog administrator to enable a checkbox, instead of finding
a plugin and then configuring it.

Now in regards to encouraging comment registration, I am rethinking the
implementation of OpenID. I do not think comments should be authenticated
with OpenID. I wouldn't use it, and I certainly would not want to encourage
using OpenID over anonymous comments.

I am thinking should OpenID support be added to core, it should only be
added to the registration and login process, nowhere else. Blogs that have
registration enabled could benefit from the use of OpenID, and OpenID would
not conflict with the regular comment process. If a user wished to use
OpenID, they just create an account / login with WordPress using an OpenID
login, and WordPress handles the rest. OpenID should have no part in the
comment process, other than authenticating the user login.

Should someone want to authenticate comments with OpenID, that is plugin
territory. With core OpenID support, a plugin would only be adding the
proper fields to make that happen, and that plugin would then fall into the
disable without a problem set of plugins.

How does that sound?

Furthermore, should I take on this project, I'd really like to do core
support, but I would be willing to convert it to a plugin mid-summer (Matt's
suggested core commit date) if there is a mass backlash or major issues.
Although, I don't see that happening. If OpenID is used just for the
existing registration or login process, there is no OpenID encouragement or
encouragement of forced registration of comments. Thoughts?

On Thu, Mar 20, 2008 at 10:47 AM, Mahmoud Al-Qudsi <
computerguru at neosmart.net> wrote:

> > The main disadvantage, in my opinion, is that if it was in the core,
> > then more people would use it and require registration on their blogs
> > in order to comment. Since I will not register to leave a comment
> > (regardless of whether they use OpenID or not) I would be unable to
> > leave comments on more blogs. Especially when the lie about OpenID
> > "preventing spam" becomes prevalent, which would happen despite
> > everybody's best efforts.
> I must disagree with this point.
> Unless I misread previous posts, no one is suggesting that OpenID be
> forced down all users & readers throats.
> All the OpenID plugins for WordPress currently out there don't focus on
> OpenID as a *sign-on* mechanism so much as a authentication/ID-verification
> method. You have the _option_ of positively identifying yourself via the
> OpenID architecture, or posting/commenting/logging-in the traditional way.
> -MQ
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

Ronald Heft, Jr.
Information Sciences and Technology
Pennsylvania State University

9rules Network

More information about the wp-hackers mailing list