The MU forums have moved to WordPress.org

wordpress MU/.com and OpenID (12 posts)

  1. VxJasonxV
    Inactive
    Posted 18 years ago #

    First of all, let me say THANK THANK THANK YOU for sharing user databases with wordpress.com/forums
    I was going to cringe if I had to sign up again.

    Crossposted from the WP.org plain 'ole support forums.
    ______
    Based off the searchs, looks like this hasn't been an incredibly discussed topic. (For MU, not referenced ever)

    First off, yes, I am well aware of http://www.scatmania.org/archives/2005/08/06/openid-for-wordpress/ but I would like to expand the idea to Wordpress Core, Wordpress MU, and (subsequently) wordpress.com

    It's really great that I can signup at LiveJournal, and talk to my friends there, and they'll definitively know it's me by my user.
    Then it's great to sign up at DeadJournal and do the same.
    Then MySpace, then Xanga, oh, and let's not forget to sign up for a TypeKey identity so the spam crazy MT users will actually recieve my comments, and on and on and on.

    This opens up the known problems:
    Lost username/password.
    Shared passwords everywhere (in many cases).
    Taken usernames/frustrated users.
    Privacy concerns, and the list goes on.

    My key suggestions are for:
    1) OpenID support to be professionally integrated into CORE Wordpress.
    There's a lot of blogs I come across, even more so thanks to Google BlogSearch. And I don't like leaving anonymous comments, and I don't like registering places JUST to comment (probably once!).
    2) OpenIDs to be given to ALL wordpress.com users. Having said this, that means of course that OpenID has to be integrated into Wordpress MU as well (duh?).

    Upsides:
    * NO MORE REGISTRATIONS!
    Anyone with a domain and the ability to host a 2K HTML file can have an OpenID at their own domain, without having to set up an OpenID server.
    How? By delegating their ID out to another OpenID server.

    For now, http://vxjasonxv.com is delegated to LiveJournal, because I have an account there (and they adopted it... because, well, the founder of LJ created OpenID!)
    For example, this is in my index.html page.
    <html>
    <head>
    <title>My Homepage</title>
    <link rel="openid.server" href="http://www.livejournal.com/openid/server.bml" />
    <link rel="openid.delegate" href="http://vxjasonxv.livejournal.com/" />
    </head>
    <body>
    ...

    * One Account, One Password, so many sites.
    Password authentication is done by taking you back to the OpenID server with two steps:
    1) Ensuring you're logged in. And prompting you to log in if you're not.
    2) Confirming that you wish to send your identity to the site requesting it.

    The absolute most important part is that you DO NOT GIVE YOUR OPENID PASSWORD ON A SITE OTHER THAN YOUR OPENID SERVER.
    They don't need your authentication information, only your identity information that the OpenID server will send to them.

    If Wordpress would allow me to use this on my own domain, for myself, and not 'delegated around the web', I would be using Wordpress 100% of the time IN A HEARTBEAT.

    I don't already only because PHP support of OpenID is not 100% there.
    Videntity.org provides libs, but not the page construction to communicate.
    Scatman's implementation needs some touchups and additional features to manage your own identity on external sites (I think).

    I would REALLY like to see this more widely adopted.

    For more information you can see;
    The OpenID Homepage
    Videntity.org (a openid account/social networking site)
    My Original OpenID Rant (@LiveJournal)
    My videntity OpenID profile

    Check it out, wontcha?

  2. VxJasonxV
    Inactive
    Posted 18 years ago #

    Hmmm... I clicked send post without typing anything, and it submitted a blank post.
    OOPS.

    Sorry -_-.

    [edit]
    On a side note... I can't insert more line breaks on the post above, they just get trimmed out...
    So, sorry about the formatting.

  3. altjira
    Member
    Posted 18 years ago #

    Great suggeestion - I wholeheartedly agree with this. I'm getting really sick of signing in everywhere, too, and I would love to see visitors dropping by by their OpenID.

  4. a-bishop
    Member
    Posted 17 years ago #

    wordpress.com now supports OpenID as a server. Matt promised to release a plugin for MU.

  5. xiand0
    Blocked
    Posted 17 years ago #

    So, anyone want to share what the status of the supposedly soon-to-be-released OpenID plugin?

    Also, it would be very cool to have OpenID working as a client, two friends who have their blog at different WP sites should be able to comment at eachothers blog using OpenID.

    If they are at two sites like WP.com as of now then they're both screwed and it's as if WP.com (non of the imaginary sites int his example) didn't have OpenID support at all - because none of them would be able to actually use the OpenID support for anything practical.

  6. drmike
    Member
    Posted 17 years ago #

    They're debating this on the mail list actually. Some want it as a built in feature while other want it as a plugin.

  7. xiand0
    Blocked
    Posted 17 years ago #

    There is a mailing list? Is it public? Can I sign up? Am I dumb for wondering since it's listed somewhere with huge read letters who say "DON'T PANIC?"

    As for where to put it: I'd prefer both Widgets and OpenID as a "core" feature, but OpenID in the core would require the option of turning it off somewhere in the admin panel. Because of some issues.

    I don't know if I should find that mailing list or not, but here's something to consider:

    I want to spam your site. Yes. I'm The Spammer. So as The Spammer I can't Spam your WP site because you're using a Captcha at your site, so I can't send your bots there. But logged in users don't need a captcha, so I setup my own little fake OpenID server and login at sites and spam. This scenario could become a problem, the first thing would possibly be to block given OpenID domains.

    I suspect OpenID-problems may become a part of the real-users-vs-spammer identification armsrace, so I suspect some people would prefer to turn it off. Me? I'd like users to be able to both login and comment using OpenID and have WPMU act as a OpenID provider, and I'd like to be a "core" feature.

  8. lunabyte
    Member
    Posted 17 years ago #

    Sorry, I'm not a big fan of OpenID.

    I understand its intent, but it's too easily faked among other things.

  9. drmike
    Member
    Posted 17 years ago #

    http://codex.wordpress.org/Mailing_Lists

    I'm not either to be honest. Goes against one of the big security suggestions of "Don't have the same password for all of your sites"

    Donncha did make the suggestion of this for an idea for Google's Summer of Code thingie though.

  10. gumdrop
    Member
    Posted 17 years ago #

    Likewise.

  11. JeremyVisser
    Member
    Posted 17 years ago #

    For the benefit of those stumbling across this old thread, the OpenID Server plugin for WordPress MU was released.

  12. jdub
    Member
    Posted 16 years ago #

    For the benefit of those stumbling across this old thread, I've just ported WP-OpenID to WPMU, which answers the needs of the original poster -- logins and comments with OpenID support. :-)

About this Topic