[wp-hackers] Single sign-on with Wordpress & Mediawiki

Travis Snoozy ai2097 at users.sourceforge.net
Tue Oct 30 22:43:04 GMT 2007

On Tue, 30 Oct 2007 15:08:45 -0700, "Sneaks" <0vcqn5q02 at sneakemail.com>

> Pardon my ignorance, but given the possible permissions/roles/groups
> and UI management in each package, how well would a local OpenID
> server handle these issues and pass authentication to each
> application?
> I know the OpenID concept is ideally nice, but I'm more interested in 
> getting a traditional, seamless integration out of these disparate 
> packages. My main concern is the end-user's experience. Security
> issues aside (not to minimize them), WP seems to make most of the
> management and authentication process pretty painless.

"Management" == authorization. Authentication != authorization.

OpenID does indeed seem to have at least the capability to handle SSO[1]
a la Passport (Windows Live ID)[2], despite an earlier claim that it did
not[3]. If you'll forgive me for not having done my homework, I actually
had a little trouble tracking down the specs[4] yesterday (I blame sleep
deprivation ;).

It does not -- and should not -- have any hold on authorization,
though. That's a per-service thing. Having a standard to allow for
central management would be nifty, but that wasn't how this discussion
started out.


In Series maintainer
Random coder & quality guy

[2] http://en.wikipedia.org/wiki/Windows_Live_ID
[3] "OpenID isn't a solution for username/password combinations."
[4] http://openid.net/developers/specs/

More information about the wp-hackers mailing list