[wp-hackers] Should OpenID be in WP core?

[Alex Günsche]

On Wed, 2007-03-07 at 13:50 -0500, Elias Torres wrote:
> There's currently an open ticket on Trac [7] to support OpenID for both
> accounts and comments. In the comments you'll notice a great start [8]
> from Alan J Castonguay. I think that it's fair to say that we could wait
> and see for the adoption of the plugin before adding it to core, but I
> think that it'll take a long while before we have enough users using
> this style of adoption.

Before anything else, I should say that I have never used OpenID so far,
although I have read a couple of documents on OpenID (including the
specs), and I believe to mostly understand what it is about.

As for me, I don't think it's a good idea to put OpenID support into the
WP core. A proper OpenID implementation is everything else than trivial,
even if you only want it to act as "Consumer".

OpenID in the WP core would require a set of properly implemented
authentication mechanisms like Diffie-Hellman key exchange. If you make
the slightest mistake, you risk not only the End User's security but
also the Consumer's. On wordpress.com this might be ok, as they have the
possibilitiy to instantly upgrade all installations. But once you
distribute a broken OpenID implementation, you must consider that a
relatively large part of installations will take days, weeks and months
to upgrade to a fixed version.

Besides, I have to admit that I'm still very sceptic of OpenID. For
example, it leaves protection against techniques like DNS spoofing to
the implementations on both sides. Also, it appears not to take any
measures against MITM attacks. It is to say that the OpenID specs
recommend HTTPS in order to increase security and circumvent some of the
problems, but that's of course not an option for WordPress.


Regards,
Alex

-- 
Alex Günsche, Zirona OpenSource-Consulting
work: http://www.zirona.com/ | leisure: http://www.roggenrohl.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc