I’ve read everything on WP that currently exists about OpenID. I understand the broad concept, sort of, but, being a non-techie, not the details. Can someone (very non-techish way) explain:
1. If a person’s Blog “A” was about horses and Blog “B” was about peanut butter and they chose Blog “A” as their OpenID, to comment, say on a FOOD website: would the comment with ‘horse’ ID make the writer look dumb/irrelevant/inappropriate?
2. Using same examples, say Blog “A” was the OpenID listed on many sites and, for whatever reason–by choice or involuntarily or by hacking, etc.–Blog was de-listed/deleted. Would blogger have to ‘start over’ at sites –loose identity, be locked out and have to re-establish/convince who they were/are with Blog “B” –say on bulletin boards, forums, etc?
3. If using Blog “A” as OpenID: after signing in/registering to a website, does that mean everyone can see the address of one’s blog? Or can the blog’s address be made private/hidden?
3. a. I’m asking about privacy/hidden address because: supposing a comment triggers an unstable person to start stalking, doing unacceptable things; how could that even begin to be stopped, once someone had the address of one’s blog?
b. Is OpenID Okay –re: spam, because WP would block the spam if spammers used the
blogger’s OpenID address to get to the blog?
4. What are any disadvantages to using OpenID?
I understand the advantage given for OpenID, no more new names-passwords on websites, and techies must have a good reason for inventing this, but it sounds macho/techie/new toy-ish and I need more understanding. Thanks for your in-put.
1. – that’s certainly the risk. it would probably be better if sites like linkedin were openIdP’s, so that you could aggregate more information about yourself.
2. – yep. so using your wp.com openId might not be the best idea. i’m not sure technorati has ever deleted a profile, though.
3. – your comment is always ‘signed’ with your url, so yes.
a. – you’d probably have to make your blog private, then. (keep the url, move the public blog elsewhere)
b. – because openId requires authentication on the provider side, your blog’s address can’t be spoofed. (that’s a large part of the reason there’s no spam on livejournal).
4. – the standard isn’t widely implemented yet. only a few sites are openId consumers, so having an openid doesn’t yet mean less passwords to remember. the icon/avatar protocol is underdeveloped/not used. other than that, i don’t see much of a downside. but then, i really liked passport, too. ;)
Thanks, Sunburntkamel! (Your name always makes me giggle, it’s one of the best.) I don’t know what your answer to #1. means, I’ll look up “spoofed” later, but: from your answers, dunno, think maybe OpenID isn’t for me…. Does it also mean: comments –with a blog’s address, would start showing up all over Google?
glad it amuses you :)
1) i just mean that if your openID provider is something other than a blog, you could have more information than just your blog. for example, my technorati openID shows 5 or so blogs, my 30boxes profile shows blogs, flickr, last.fm, etc.
4) when i say it can’t be spoofed, i mean that if openID is the only means of logging in on a particular blog, then any comment there from http://sunburntkamel.wordpress.com has to come from me. it can’t be spam, because a spammer can’t log in to wordpress.com as me.
this means that once there are enough open ID providers, you set your blog to only allow openID authenticated comments, and it would solve spam, for any secure openID providers. (spammers could set up their own OpenID server, which would be insecure, but allow them to comment on openID-only blogs)
Ahhh, I see…excellent info, Thanks! I read the “Comments” under WP announcement of “OpenID” but majority were “happy” with a new thing (I knew nothing about), and I didn’t know why, and the rest asked questions, I didn’t understand, mostly not answered. I look to learn something new, at least once a month, but techies don’t use English (!) and sooo many things get lost –in my searches for translation. Frankly: I wasn’t sure if I’d get slammed for asking these questions in the Forum (since they aren’t actually “a problem”), but didn’t know where else….
>”spammers could set up their own OpenID server, which would be insecure”
Why would it be “insecure”? –Do you mean: if a person was reported as using their OpenID to spam –they would loose their ID/ability to post with an authenticated ID –on a website/blog?
Some other meaning of: “insecure”?
Your best guess: think OpenID comments, with a blog’s address, will be all over Google?
I deleted blog-link for this forum, thanks to Nosy’s good help (–or was it Sulz???) because with it: my WP Comments, threads, went up on Google, which I don’t think is appropriate (–and yes, I know, most people WANT to be in Google’s cache/don’t care what is listed).
(It tickles me, every time I see your name, haven’t seen any name anywhere that amuses me as much. You have a good sense of humor, right?) Thanks much for replies.
The topic ‘OpenID: Questions.’ is closed to new replies.