Open ID Integration

  1. Samuel Wood (Otto)
    WordPress.org Tech Dude


    You want to find an OpenID SERVER, which is not unique to WordPress.

    No, I don't want an OpenID Server. I want it *integrated into WordPress*. If you're going to argue for putting it in the core, then you should at least be able to get it into a plugin of some sort first.

    If you're going to integrate it, *integrate it*. Don't half-way do it and then tell me that's what you want in the core. That's silly.

    So no, I'm not changing my rating. OpenID doesn't seem to actually do anything that I would consider to be useful for WordPress, and after looking at all the links and information about it, I disagree that any implementation of it should be added to the WordPress core. In fact, the more I read, the more I dislike it.

    -1 to the idea from me, unless and until somebody explains:
    a) What you expect OpenID to *actually do*, if it were implemented in the core, and
    b) Why it should be in the core and not in a plugin.

    I think it's perfectly acceptable for the case of WordPress MU, BTW. There it makes a little more sense. But not for the normal WordPress.

    Posted: 10 years ago #
  2. Jason



    WordPress.com is an OpenID server, but not a consumer. Matt says they'll be releasing the plugin (mentions it to potentially MU users only?, I hope it'd be for all installed WordPress versions...)

    THIS IDEA, this particular idea, is about the ability to consume IDs.
    In my mind, if OpenID handling is built into WordPress core, then you can shut off anonymous comments, and require a login. Then, anyone with an OpenID, which is many many people by now, can simply comment using their OpenID identity.

    THAT is the extent of this feature request. Hence why I say, you're voting for something that the idea isn't specifying.

    If you want to put your opinion forward on an OpenID SERVER (i.e. WordPress says that you are otto42.com , or whatever your domain name is / wherever your blog is hosted), use http://wordpress.org/extend/ideas/topic.php?id=500

    That particular idea specifically about providing identities.

    Again I say. You tried out the VerseLogic plugin thinking it was a server. It wasn't, it was a consumer plugin and nothing else.

    I'll break it down point by point.

    I tried the VerseLogic openID plugin out, and I must say, I dislike it. A lot. It doesn't do anything I expect OpenID to actually do.

    It does everything that it was supposed to do. It was a Consumer. It allows other people to comment on your blog via THEIR OpenIDs.
    It doesn't provide you with one, nadda. It's a consumer, not a server.

    What I want is something that will be an OpenID server.

    See above. WordPress rolled out an OpenID server on wordpress.com , it may or may not be coming to WordPress.org installed versions soon. At least to MU, preferably to all installed versions.

    I want to use my own domain as my OpenID.

    And you can do that, with an OpenID SERVER (plugin).

    I don't want to delegate out anything of any kind.

    You don't have to.

    I don't want people logging in with an OpenID to get a new WordPress user created for them.

    That's not a fault of the plugin nor OpenID, it's a fault of wordpress. Because wordpress just 'has' to have it's own user management, otherwise it's an anonymous user. (Which is outside both bounds of OpenID. Awesome, isn't it?)
    Note also that if all OpenID users are anonymous users, than any OpenID can be spoofed by another anonymous user filling out the URL field using an OpenID, *but not signing in via OpenID*.

    Do you understand this 'caught in the middle part'?

    I do want them to be able to comment and have it fill in some of the fields like email address and name and such based on the OpenID transactions and such.

    WordPress needs to change for that to happen, and admittedly, someone needs to write an OpenID plugin for wordpress that also incorporates the Attribute Exchange protocol.
    However, this is just another reason why you should be rating this idea UP and not down.

    OpenID just doesn't seem to do any of this. It seems very badly designed to me, and overly complex for what it does.

    It's not overly complex, and this is exactly what OpenID does.
    Wordpress is not suited to handle your situation (in terms of consuming), and a OpenID SERVER for WordPress has not yet been released.

    When they work out the kinks and make it actually useful, then I say put it in the core. Not before.

    When WordPress makes drastic changes to support it, it can be apart of OpenID.
    Not before.

    Posted: 10 years ago #
  3. Jason


    Ok. I guess I lied. This idea just says "Support OpenID" and not only a consumer, only a server, or otherwise.

    The point I'm attempting to make here is that you, Otto42, are blaming the downfalls of misunderstanding the purpose of a piece of software on OpenID. And that's WRONG.

    Besides, we're asking Matt & Co. to build this feature INTO wordpress. Since obviously a 3rd party plugin isn't accomplishing your needs.

    Here's what I'm saying. You're doing the wrong thing by voting this idea down. VOTE IT UP, so that we can get it done RIGHT.

    Posted: 10 years ago #
  4. Varsity


    This is a no-brainer, just so long as it runs normally without the "GMP" or "BCMath" libraries the plug-in needs. Not all hosts have them.

    Posted: 10 years ago #
  5. Samuel Wood (Otto)
    WordPress.org Tech Dude


    VxJasonxV: Please. I'm not an idiot, don't assume I am just because I disagree with you.

    I've read the specifications. I've watched the materials. I've even read the technical details and considered how to implement such a thing.

    I'm a *programmer*. This is what I do.

    So rest assured that when I say OpenID sucks, I say it in the full and complete knowledge of a) what OpenID is and b) what OpenID can do. I'm not simply basing my impressions off of one plugin.

    >>>OpenID just doesn't seem to do any of this. It seems very badly designed to me, and overly complex for what it does.

    It's not overly complex, and this is exactly what OpenID does.

    It *is* overly complex, and it doesn't do *any* of the things I want such a system to do. It's designed, from the very beginning, to be essentially useless, as far as I can tell.

    Face facts, OpenID doesn't *do* anything. It's like building a trust network without any actual levels of trust. The protocol is immature and silly and *useless*.

    Prove me wrong. Tell me what it does. Then I'll tell you why it doesn't do what you think it does.

    And for now, I will continue to vote the idea down. Why? Because I think OpenID is the wrong direction. I think a new protocol should be created. One that is actually *useful*.

    When WordPress makes drastic changes to support it, it can be apart of OpenID.
    Not before.

    Which is yet another reason I vote it down. WordPress is fine. It acts in the way virtually all blog systems act, in this respect. By your own admission, OpenID is not suitable for these sorts of systems. OpenID doesn't make any sense.

    Posted: 10 years ago #
  6. Samuel Wood (Otto)
    WordPress.org Tech Dude


    Let me try another approach...

    OpenID appears to have been invented for the purpose of having a unified login at sites that previously could/would have required you to get an account there. That's fine. it kinda makes sense for that.

    However, a blog is rarely that sort of place.

    -My blog has 1 user: me.
    -My blog allows anonymous comments. Since users can't register, it *only* allows anonymous comments.
    What benefit does being an OpenID consumer have for my site?

    The answer to that, as far as I can tell, is none.

    Given that, let me also state that:
    -I do not comment on blogs that require me to get an account
    -I will also not comment on blogs that require me to get an account *or* use an OpenID.

    My point being that comments *should* be anonymous. If a place does not allow such comments, or they put any impediments in my way such as captchas and such, I leave. Immediately. And never return. These sorts of blogs *die*. Usually quickly.

    Now, WordPress is primarily a blogging platform.

    Given the above: Where is the benefit of OpenID integration, as a consumer?

    The answer is still *none*.

    Posted: 10 years ago #
  7. Jason



    So, that means that GPG, SSL, and everything else is just as worthless, right?
    Any of them can be self-signed, or even not signed. They still provide security, even without trust.

    OpenID is not about trust. PERIOD.
    "It's like building a trust network without trust". That's a completely empty statement, because trust isn't part of the issue! Surely you don't trust joeblow1854 who signed up for an account on the forum...

    This is merely the decentralized exchange of identifiers/identities (if absorbing profile information) and that's it. There's nothing more to it.

    What does a username and password get you that an OpenID doesn't? Oh right, a password. (And there's nothing wrong with that.)

    OpenID allows you to have a single individual authenticated to your
    website/service WITHOUT the need for an unnecessarily long signup step.
    It doesn't do that? Ha! Go look at Jyte, go look at Zooomr, go look at LiveJournal. I can join/claim/comment/whatever at Jyte, I can have a gallery on Zooomr, and I can comment on LiveJournal; in one line, and one click (not counting the actual content, that comes after like every service).
    And I can do it anywhere that an OpenID Consumer is implemented. ANYWHERE.

    Are you telling me that everyone has done identity wrong? You haven't mentioned a better alternative, except "a new one". Sxip, Homesite, Passport (Live ID, whatever), i-names, and everyone? All trash and should be wiped from the web?

    OpenID makes sense, and is perfect for blogs (and I'll get to the reason later. And WordPress works the way all other blogs do? Great! That means that WordPress will act like MoveableType and feature an OpenID consumer.

    And on the other hand, WordPress works like every other blog does? Great!
    That's absolutely boring and uninspiring.

    However, a blog is rarely that sort of place.

    Bull. Been to any WordPress powered news site lately?
    Nearly every gaming blog I visit has multiple editors, and presumably multiple administrators too.

    My point being that comments *should* be anonymous.

    What on earth are you talking about? You honestly think that everyone would prefer to have their words be 'just part of the crowd'? Why do you think everyone and their mom has a blog? It's to have a name, to be something/somebody outside of their limited physical presence. (By that I mean physical reach is by FAR shorter than digital reach.)
    It's to have (get ready for it)

    a Digital Identity

    And guess what OpenID is?

    If you don't want it, don't use it. But considering you apparently don't use user management (besides yourself), don't rate it down. It's of no interest to you, fine. Just don't rate it down.

    If you think it's wrong, then tell me why.
    OpenID has purpose.
    OpenID has implementation(s).
    OpenID has (and is continuing to gain) adoption.

    So why does it not do what we expect it to do?
    I think both you, and I, are making the same mistake about each other.

    One last question though, because I am really really confused...
    If OpenID is technically unsound, stupid, and not solving any problems... why did you try using it?
    Surely you would have read the spec, thought it wrong, and not bothered to install anything about it?

    I really do get a vibe that you installed a consumer and expected a server. And if this argument is spawning from that alone... well, I don't know why we're arguing.
    Answer me this (among everything else), why did you even bother installing the VerseLogic plugin?
    Why are you now suddenly opposed to everything OpenID when you apparently wanted an OpenID server in the first place? (Which is something the VerseLogic plugin IS NOT.)

    If you want an OpenID server, check out wordpress.com's faq on it ( http://wordpress.com/blog/2007/03/06/openid/ ) , if that satisfies your needs. Go vote up http://wordpress.org/extend/ideas/topic.php?id=500

    Posted: 10 years ago #
  8. mxcl


    I'm also a *programmer*, and I think OpenID is just marvelous, and well implemented, and quite simple to implement and use. I think Otto42 guy is just jumping to conclusions and a bit full of himself, although I'm not that full of myself, so I admit I may be wrong.

    For me OpenID is just a way to log in easily to places, to avoid dishing my email out for authentication. To allow me to have a single-sign-on that people can look up and check out where else I go on the Internet. It does that perfectly, and as I understand it, it doesn't actually aim to do much else.

    Posted: 10 years ago #
  9. Jason


    It does that perfectly, and as I understand it, it doesn't actually aim to do much else.

    And that's perfectly fine. It doesn't need to encompass anything else.

    Get you there (there being in the website, authenticated) and be done with it.

    Posted: 10 years ago #
  10. Samuel Wood (Otto)
    WordPress.org Tech Dude


    Why in the heck would I ever have to authenticate to somebody else's blog?
    Why in the heck would I ever WANT to authenticate to somebody else's blog?

    I don't want an account on your blog.
    I want to leave my comments for you to read, certainly.

    But I don't want to have to get an account to do that.
    I don't want to have to jump through hoops to do that.
    I certainly don't want to have to go through OpenID, jump back to my own freakin' blog (or OpenID Server of whatever stripe) and give my login credentials there and then allow you to know my info before going back to your blog.

    I want to write a comment, not form some kind of lasting relationship with you and your blog.

    In other words, if I have *any* signup step on your blog, even the OpenID one (even the AJAX based OpenID one that eliminates the extra forwarding the browser around), then I'm not going to do it.

    I'm not going to authenticate with your blog just to leave you a comment. No matter how "easy" it is.

    So, OpenID may make sense for places where you want to have an account on that site. Digg, for example. Or any place that I read often enough where I actually want an account of some sort.

    But it absolutely does not make sense for places where I do not want to have an account.
    And yes, blogs are exactly those sorts of places.

    Yes, I did want a server. But I also expected the consumer part to do something other than what it actually does. When I learned that it actually creates accounts in WordPress, I removed it instantly. I don't want other people to have accounts. I'm not interested in that.

    What I *thought* OpenID was, was a simpler way for people to leave their information, by allowing them to put it into their server or whatever and then to use it on various sites via a single sign-on type of system.

    What it actually turned out to be is exactly what you describe: a decentralized authentication system.

    WordPress has no need for a decentralized authentication system.
    Blogs in general have no need for a decentralized authentication system.

    IMO, of course.

    Posted: 10 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

  • Rating

    668 Votes
  • Status

    This is plugin territory