Hi guys,
Spotted a post earlier by Webchick about Open ID now available with Drupal 6 core.
This is great for many reasons - the web is full of login-only sites now and more will follow, so the concept of avoiding filling out registration forms every time you want to have a look or do stuff is very useful.
OpenID is a decentralized, secure single sign-on system. It allows you to create a login at a site you frequent, and use that same login on any other site that supports OpenID. Drupal 5.x and below have supported this with the built-in Drupal module, but OpenID is an open standard, better supported, and more secure.
What it's also potentially useful for is Drupal driven band sites with members-only areas....where the band would like members of another band site to login to their site and vice versa.
the best way of describing it, I suppose is a simple method for cross-fanbase-pollination and as it's becoming more of a trend now for bands to put a large amount of free and exclusive content behind a login, it makes a lot of sense to allow fans of other bands, in a similar genre, for example to pop in.
While it is early days with open id...and distributed authentication of that nature..it is most definitely a positive step in the right direction imho. I think people are exhausted trying to remember all their logins and similarly, web managers are exhausted keeping up with the deviousness of spammers. Open ID won't stop all spam...but asking for a softer form of authentication, that's more robust than captcha and not as intrusive or as laborious as full registration forms will help.
Dub
Comments
It's a really positive step
It's a really positive step I think. Attending Walkah's Yahoo Drupal presentation about OpenID really was eye opening...it sounds like there are plans to have the ability to store common info at specific open ID sites. So you'd enter in some simple info like your name, city, etc and then when you authenticate there would be the option to copy that info to your profile. Not too sure how that would work, but even authenticating without the email rigamaroo is a great relief. Looking forward to using this!
Can you say..
more about how this is more robust/secure than captcha?
i'm presently trying to secure my drupal sites and i find that captcha is really flakey. sometimes it appears to let you in without typing in any accurate info at all. you just have to hit the enter button a few times and voila, you're in :-(. NOT good.
i've tried mycaptch and it works a 1000x better but you can't put it on the login form for some reason? And the textimage is either undecipherable or very easy. nothing in between.
i'm really interested in anything that will secure drupal better than what's currently available. i think login security is lacking in an otherwise good product. so i'd love to hear any info you can provide on how openid is more secure because i don't know much about it's authentication mechanism.
in a weird way, it seems less secure because one source has access to all of your signons. gain access to one set of id/password and you have access to mutliple sites/resource. that obviously is a convenience though.
thanks