Open Source | QLVR Version 0.7.0

Search
Categories
- Collaboration (2)
  - Content Management Systems (1)
    - Drupal (1)
    - Wordpress (1)
- gadgets (6)
- Open Source (1)
- OS (1)
  - MacOSX (1)
- Renewable Energy (1)
  - Solar Power (1)
- Social Networks (2)
  - LinkedIn (1)
- Web (1)
  - Web Development (1)
  - Web Hosting (1)
- Wireless (10)
  - EVDO (3)
  - HSDPA (1)
  - WiFi (4)
    - 802.11b (3)
    - 802.11g (3)
  - WiMax (1)
- Work (4)
  - Remote Working (4)
Recent Comments
Blogroll
- Engadget
gadgets
- Engadget
technology
- Engadget

Recent Posts
Tags
at&T sprint WiFi wireless data EVDO starbucks WiMax t-mobile mvno macbook apple voce pens pilot hi-tec-c cavalier voce mvno jetpens jetpens.com USB charger rechargable power iphone iphone2 hsupa HSDPA steve jobs power supplies power supply mbp ex720 moleskines speedtest energizer portable power compusa energi to go
Other Ads
Meta
Archives

OpenID - Still relatively unknown despite easy Open Source CMS integration

Posted on November 15th, 2008 at 11:02 am CST in Content Management Systems, Drupal, Open Source, Wordpress by Kelly Hair

I ran across this article on ZDNet by Joe Brockmeier on OpenID in my newsreader yesterday. Joe discusses references a survey about OpenID available at FactoryCity. A sniplet:

The results of the survey, where 302 users responded (one response was rejected) showed that just shy of 20% of the respondents were aware of OpenID — but only 9% were sure of what it’s used for, and only 1.3% actually used it.

It got me to thinking that a major way to change the 81% of people who have not heard about it is through publicity.

In a nutshell, OpenID is an Open Source distributed authentication system. With a single ID, you are able to login to multiple websites. The beauty of the protocol is that it can integrated into your sites very easily. From an administrative standpoint, you don’t have to be a developer to integrate. The authentication method has caught on in the Open Source content management/site building community and is supported natively by Drupal (starting in version 6 but modules exist for older versions ) and can easily be extended in Wordpress (OpenID plugin).

The benefits:

As a user, you have one less username/password combination to store in your cranium/favorite password manager.
As an administrator, you can provide, through third party providers, an easily extended secure authentication method. In other words, you don’t have to employ SSL certificates since the OpenID providers generally provide this (like my personal favorite - MyOpenID)
As a strategy, you can even create your own OpenID provider. This is similar to what AOL is doing

Potential drawbacks:

From an administrative statdpoint, you rely on a third party for the authentication of users on your web site.
From both an administrative and user standpoint, OpenID is an emerging standard. It may not be appropriate for transactional sites - especially banks.

I believe the benefits outweigh the drawbacks. The drawbacks can be mitigated by:

Allowing both traditional login as well as OpenID login on your site. Generally, a user must have a user/pass to login to your site to begin with. After logging into the site, they associate their site login ID with an OpenID. While some sites allow registration with an OpenID, it’s in your court as to how your authentication will work. Personally, I don’t mind outsourcing my authentication to OpenID…
To mitigate the potential issues thought *could* occur with a flaw/exploit in either the prototcol, ore more importantly, the OpenID provider, you could, ideally should, employee a third piece to the authentication puzzle. Some possibilities for transactional sites could include one time passwords, a PIN only known by the customer, SMS/text codes per transaction/login.