[wp-hackers] Should OpenID be in WP core?

Martin Fitzpatrick martin.fitzpatrick at gmail.com
Wed Mar 7 21:30:09 GMT 2007

On 07/03/07, Alex Günsche <ag.ml2007 at zirona.com> wrote:
> On Wed, 2007-03-07 at 13:50 -0500, Elias Torres wrote:
> As for me, I don't think it's a good idea to put OpenID support into the
> WP core. A proper OpenID implementation is everything else than trivial,
> even if you only want it to act as "Consumer".
> OpenID in the WP core would require a set of properly implemented
> authentication mechanisms like Diffie-Hellman key exchange. If you make
> the slightest mistake, you risk not only the End User's security but
> also the Consumer's. On wordpress.com this might be ok, as they have the
> possibilitiy to instantly upgrade all installations. But once you
> distribute a broken OpenID implementation, you must consider that a
> relatively large part of installations will take days, weeks and months
> to upgrade to a fixed version.

It would be interesting to know whether it would be possible to
implement Open ID via a remote server - e.g. using Wordpress.com or
Wordpress.org to actually handle the login-checking then serving a
confirmation back to installed wordpress.


More information about the wp-hackers mailing list