[wp-hackers] GSoC Proposal: OpenID core implementation

Artur Ferreira artur.g.ferreira at gmail.com
Thu Mar 27 23:32:23 GMT 2008


My proposal is about the implementation of OpenID authentication into 
wordpress core.

== What is OpenID ==

OpenID is a decentralized identity, free and open standard that allows 
users to log on to multiple sites using a single digital identity, 
eliminating the need for different credentials for each site the user 

== How wordpress would benefit from this ==

Using OpenID as authentication method users could have only one 
credential for multiple wordpress blogs breaking a wall in user 
interaction thereby removing the trouble of needing to register for 
posting a comment, this would be further applied to all N blogs read by 
the user.

== My Project Proposal ==

Although there are plugins for OpenID (WP-OpenID), the core 
implementation could extend this feature and future plugins 
(implementing other features) could benefit from this.

The implementation will have three modes of operation:
   disabled - the OpenID authentication is disabled.
   dual - both standard user authentication and OpenID can be used.
   exclusive - only OpenID authentication for both users and administrators.

The OpenID users will be exposed to the same features (if compatible) 
that standard users have, like comment auto-approval.
Themes Template changes to support OpenID on comments box.

OpenID user control, you can ban a user for inappropriate behaviour or 
ban it for spam, although in the time being there are no reports of 
openid based spam, but it could happen in the future. This spam-ban list 
could be exposed so that other wordpress blogs could request it and 
update their own openid users spam list, using an RPC or simply a GET 
method, creating a mesh network for keeping friendly blogs updated (and 
warn the openid provider).

Possible additional contributions (time permitting):
- In exclusive mode, user registration will create an openid for the new 
user, using myopenid API or other openid provider.
- Microformat hCard generation on the default About page.

All the configuration will be available through the options panel on the 
wordpress administration.

This will bring native wordpress support for the next generation of user 
management and authentication.

== Information ==

myOpenID - openid provider - http://www.myopenid.com
Wikipedia article - http://en.wikipedia.org/wiki/OpenID

Any thoughts ?
Will be glad to hear some suggestions.


Best regards,
- Artur Goulão Ferreira

More information about the wp-hackers mailing list