[wp-hackers] Re: GSoC 2008 Proposal: Core OpenID Support

Peter Westwood peter.westwood at ftwr.co.uk
Thu Mar 20 20:01:49 GMT 2008

Otto wrote:
> Like it or not, it's not that simple. Mere inclusion of OpenID as a
> registration would have the effect of encouraging registration-only
> comments and discouraging anonymous commenting.
And history has shown that requiring registration can actually make you 
less safe as well.
It is much more likely for there to be a exploitable security issue in 
any software in the administration area which actually allows you to do 
stuff.  A number of the recent WordPress vulnerabilities have only 
easily been exploitable by the people you trust to access your admin 
pages - requiring registration for comments makes this everybody.

> Now, don't get me wrong. I like OpenID itself. I think it has its
> uses. I'd love to login to digg using my OpenID. I'd love to use it to
> login to slashdot, or my favorite online forums, or anywhere where I
> have a username and an identity that I use on a regular basis.
> Anywhere where the discussion is a multi-person forum, not a more
> one-way form of communication like a blog is. So, OpenID is fine for
> what it does. But it really does not fit the "blog" mold, as far as I
> see it.
Me too.  For me the killer space for OpenID (or something like it) to be 
implemented is the space in which I need to be authenticated and don't 
want to have to remember the login information that is so difficult to 
remember that I have to write it down.  OpenID style authentication is 
the sort of things that banks should be using for there login ids.  I am 
not saying that providing an OpenID login is the only thing that should 
use but that is how I should be able to provide my identity.

Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5 

More information about the wp-hackers mailing list