OpenID According to Simon Willison, OpenID is a simple piece of infrastructure on which smart applications can be built and the buzz around OpenID is growing. This idea has been batted around for some time but the consolidation of ideas and a working version of the system really gives it some legitimacy. I still wonder what the uptake rate will be. If you are still wondering what OpenID is and what it can do for you, think of it as a decentralized authentication system much like Microsoft Passport but much less monolithic.
I can still think of various problems (Tim outlines some of those in his post). However, a good use could be in the WordPress comment moderation system. Since WordPress allows comments from previously authorized commenters, OpenID could be a way to positively identify a “valid” commenter on your blog forever. Of course, if any centralized whitelist type service is introduced in any form, that system could still be poisoned but that would be a weakness of the whitelist and not the OpenID platform. I also fear that since anyone can set themselves up as an OpenID provider, this could lead to a lot of confusion and possible weaknesses in the system. That is a discussion for another day.
At the heart of the OpenID system is the basic premise that only you have control over what shows up on your specified URI. As an example, if you have an LJ account and are setup with an OpenID for that account, you can specify your OpenID URI to login to any website that support OpenID. Once you specify your OpenID URI, you will be redirected to your site which will either ask you to log in or to authorize the website you are visiting to use your identity. (“no password” is slightly misleading)
There is already a lot of activity with openID in the WordPress arena. Have you used OpenID yet?
I’ve actually implemented OpenID in my comment system for added support for other logins. That is, I still use anonymous (moderated) posting, but OpenID gives my commentators a chance to bypass that. Unfortunately, I’ve not seen it in practice yet. I’ve used my own OpenID authentication on other sites (primarily LJ), but no one has shown any interest in reciprocating. I agree that it could potentially be a great thing – it just has to catch on first.
I’ve been wanting, and waiting for WordPress to actually catch the heck up with OpenID.
I’d like to actually see some sort of support built in for it, so my Livejournal friends can just pop over, use their LJ credentials to authenticate, and comment away, without having to fill out the form fields each time to just say a few words.
I’m using the VerseLogic plugin, but it’s just a bit broken, here and there.
“A working version”?
How about that for a working version?
There are some plugins already available for OpenID for WordPress. As well, you can simply install and configure it yourself. It’s really quite simple – I’m impressed!
More on my Blog on OpenID
If you have a look at some of Simon’s posts, you’ll see that he’s suggesting a de-centralised whitelisting approach, where you trust particular site’s whitelists, and perhaps share your own.
Alastair, that can make whitelists even more dangerous!
I hate to link to my own blog, but I believe you’re looking for FOAFID.
I’d love to hear your concerns in detail.
I was fascinated by OpenID when I was introduced to it. Currently I use my blog URL as OpenID and support OpenID in the comments. I think we can really make it mainstream, it really helps me as a user.
Yes as I pointed out to Doug, there are couple of plugins for WordPress. I have implemented them and will see how it goes š
It would be great to have openid for commenting. Implementing that means users get registered on my blog. That means I am creating a database of users. Which is good. Will the users take off from there?
It will be interesting to see the users/readers perspective on that.
Cheers!
Alpesh
Now this might sound non-geeky, Abhijit how can we use our blog url as openid. Do you actually create an account with that id? Baffles me š
Cheers!
Alpesh
I figured this out š
Cheers!
Alpesh
We support OpenID on our blog in the comments and in the admin center of WordPress. For this we use the plugin from Sourceforge. It works very well!
Another advantage of the plugin is, that you can tie OpenID-Identities to an existing WordPress account. So you can either login with your username/password-combination or your OpenID-Account.
I’ve written two articles on this one, if anyone is interested, the first one explains what OpenID is as well as how to use your own URL as login, the second one explains how to install this plugin. Works like a champ and I’ve got it on my blog as well, feel free to try it out there.
I use OpenID at my WP blog too. There wasn’t any advantage in using the default local WP registration system for users to identify themselves (my site is just too small) and I was just getting a lot of spambots signing up anyway. I like that OpenID makes local registration unnecessary but allows people to identify themselves consistently.
Greg, if your WP OpenID plugin doesn’t register users, I want it for my blog!