WordPress has announced that you can use your WordPress blog URL as your OpenID. If I understand this right, this means you can go to a site that supports OpenID, and log in by entering your WordPress blog URL, being redirected to the login page for your blog, and if that’s successful, you’re redirected back to the site you wanted to get into, and you’re recognized as being logged in.
Well, I guess this is cool. Certainly for people who have a blog but are otherwise not very technical, this is a way to get word out to those people, and get them using this service that a lot of them would never have heard of. However, I don’t believe WordPress actually supports logging into WordPress using an already-existing OpenID that already exists somewhere else. Odd.
At first, I thought that the idea here was to have *one* OpenID that could be used in a bunch of places. However, that would mean that there would have to be one issuer of OpenIDs that is globally trusted all across the internet (or at least that subset of the internet that you care about I guess). That doesn’t currently exist, best I can tell.
So that implies that, in the future, for each site I go to, I’ll have to remember not only if the site uses OpenID, but *which* OpenID provider I have to use, which to me sounds more complex than just remembering a bunch of passwords, which is what I do now, and don’t have a huge problem with.
I guess there’s still some shaking out that has to be done. Where I work, we’re actually implementing a small pilot CAS solution. Elsewhere on campus, they’re looking at pubcookie…. where it stops, nobody knows! 🙂
Technorati Tags: openid, cas, authentication, wordpress, blog, pubcookie, security, technology, single-signon, sso
