JAWW (beta)

The ward is a factory for the Combine

WordPress.com jumps on an OpenID bandwagon

today WordPress.com has become another Identity Provider, still isn’t an OpenID enabled service [yet?]

finally*, after Bill Gates has taken notice of, AOL has added support for (Server), Digg has announced they will support it, enhancement ticket on WP.org Trac, several topics in Ideas and number of in Support » Requests and Feedback section on WordPress.org and almost immediately after one more attempt trying to get an attention to the OpenID support has been made in the wp.com Ideas Forums, wp.com FAQ blog promptly reacts with post titled “What is OpenID?“, which is not only a mere explanation, but in fact is an announcement of implementing OpenID support as a Identity Provider (IdP) and at the same time is one of criteria meeting the requirements of the ‘OpenID Code Bounty‘ program.

now any wp.com user can use it’s wp.com account as the only identity to SSO to a number of OpenID enabled sites (i.e. post images to the Zoomr or leave unanonimous comments on a LiveJournal).

that’s all really great, my sincere congratulations to the WordPress.com team on taking decision and time to implement this!

but how about OpenID Consumer support, so that people who already have an external OpenID from plenty of public OpenID Identity Providers (such as MyOpenID or LiveJournal.com for instance)?

currently there are several plugins which makes a standalone WP installation an OpenID Consumer enabled service which I believe could be quite easily adapted for MU version of WP (WP.COM core is running on), that’s why together with Scott Kveton I share my hope for the coming WP.COM support of an OpenID Consumer (although, for some reasons I’m not so sure it’s going to happen as soon as Scott thinks).

*) judging by WordPress IRC meetups, it appears, Matt has been interested in the OpenID long since of May 2005.

5 responses to “WordPress.com jumps on an OpenID bandwagon

  1. timethief March 8, 2007 at 23:42

    As you know I’m a non-geeky blogger. I have done nothing about open-ID as yet. Yes, I read the blah, blah, blah. But I cannot see any advantage in using it. I’m also wondering if using a single ID would make it more likely that it could be hacked and used in some nefarious way.

  2. options March 9, 2007 at 17:29

    come on TT, enough to play down your achievements. I entitle you as a ‘Super Professional Geek Time Thief’ ;-)

    OpenID is just about how many IDs you gonna carry in your online wallet (how may Login/Passwords pair you have to remember), how many of them you have to recover in case you forgot a Password or even Login name.

    it just adds a little comfort to WWW habitants allowing them to skip registration on OpenID Consumer enabled sites (WP.COM is not among them) making their Internet experience more happier.

    in a nutshell all OpenID does is provide a way to prove that you own a URL i.e. identity (in your case it’s ‘timethief.wordpress.com’)

    I’m afraid I can’t explain details better than Mark, Simon and other people who implements and evangelize it, but let’s try to see it by example:

    let’s say you’ve some fellows on OpenID enabled site and want to leave some comments on their blogs so that they will be able to continue communicate with you (via your own blog, e-mail etc).

    so, for instance you’ve found a blog with nice pictures of Van. Island (btw, what a wonderful nature you’re living at) or found a lost doggy or may be would like help to save a colt or marmot etc etc.

    in all cases to reply you’ve got three choices:

    1. login as ‘Anonimous‘ (so, next time when you’d like to communicate with that peson you’ll have to say: “’tis me again, remember my cool ‘Anonimous’ comment on the previous thread?”, “– huh?”)

    2. register to login on that site a have another identity (login, password, e-mail etc)

    3. and, finally, just use your already existing wp.com OpenID (timethief.wordpress.com)

    what way would you prefer?

    as for security issues, everything can hacked — it’s just a matter of price. of course, there’s no sense ‘to have all eggs in one basket’, but just don’t tell me you’re using the same login/password pair for your banking account.

    in the closing, let me quote a small fragment from wikipedia:

    Unlike most single sign-on architectures, OpenID does not specify the authentication mechanism. Therefore, the strength of an OpenID login depends on how much a relying party knows about the authentication policies of the identity provider. Without such knowledge, OpenID is not meant to be used on sensitive accounts (banking, e-commerce transactions, etc.), but if an identity provider uses strong authentication, OpenID can be used for all types of transactions.

    I should tell ya that wp.com in particular (and wp.org software in general) uses a kinda lame (relatively other IdP) weak authentication mechanism, but it’s sufficient for doing some blogging business.


  3. Pingback: WordPress.com is not about to support OpenID Consumer « JAWW (beta)

  4. timethief March 10, 2007 at 01:18

    Thanks for paying me a compliment. Obviously you haven’t seen the “closed” forum threads and don’t know about the shit-kicking I took. I’m laying low and licking my wounds but never again will I feel the same as I did before about wordpress.

    Thanks for taking the time to explain the openID thing to me. I truly appreciate it. :)

  5. options March 10, 2007 at 21:32

    uhm.., it wasn’t supposed to be a complimentary remark as a matter of fact.

    you just don’t need any words that would complement you, do you!? (and this time it’s a real compliment ;-)

    look what I happened to dig for ya on the Simon Willison’s (he is da man who implemented OpenID for the WP.com stuff) Weblog: that’s his presentation on ‘The Future of OpenID‘ from ‘The Future of Web Apps’ conference which has been held in London just recently. PDF slides are very nice.

    btw, his blog consumes (i.e. accepts) OpenID, hence you can ask him a couple of question regarding it, using your wp.com OpenID (just giving it a test at the same time ;-)

%d bloggers like this: