[wp-hackers] Re: GSoC 2008 Proposal: Core OpenID Support

Ronald Heft ron at cavemonkey50.com
Sun Mar 23 02:47:18 GMT 2008

Otto, I am curious about your response to my last reply. Do you understand
what I'm talking about now?

On Thu, Mar 20, 2008 at 4:01 PM, Peter Westwood <peter.westwood at ftwr.co.uk>

> Otto wrote:
> > Like it or not, it's not that simple. Mere inclusion of OpenID as a
> > registration would have the effect of encouraging registration-only
> > comments and discouraging anonymous commenting.
> And history has shown that requiring registration can actually make you
> less safe as well.
> It is much more likely for there to be a exploitable security issue in
> any software in the administration area which actually allows you to do
> stuff.  A number of the recent WordPress vulnerabilities have only
> easily been exploitable by the people you trust to access your admin
> pages - requiring registration for comments makes this everybody.
> > Now, don't get me wrong. I like OpenID itself. I think it has its
> > uses. I'd love to login to digg using my OpenID. I'd love to use it to
> > login to slashdot, or my favorite online forums, or anywhere where I
> > have a username and an identity that I use on a regular basis.
> > Anywhere where the discussion is a multi-person forum, not a more
> > one-way form of communication like a blog is. So, OpenID is fine for
> > what it does. But it really does not fit the "blog" mold, as far as I
> > see it.
> >
> Me too.  For me the killer space for OpenID (or something like it) to be
> implemented is the space in which I need to be authenticated and don't
> want to have to remember the login information that is so difficult to
> remember that I have to write it down.  OpenID style authentication is
> the sort of things that banks should be using for there login ids.  I am
> not saying that providing an OpenID login is the only thing that should
> use but that is how I should be able to provide my identity.
> westi
> --
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

Ronald Heft, Jr.
Information Sciences and Technology
Pennsylvania State University

9rules Network

More information about the wp-hackers mailing list