Has anyone though of or has interest in slashcode support of OpenID?
It's quite possible I'll soon need single sign on capabilities for
multiples sites, including a slash-based site.
If you're interested, please contact me. I'm also opened to alternatives
if you have anything to suggest! :-)
Alexandre Leroux, M.Sc., Ing.
Environnement Canada / Environment Canada
Centre météorologique canadien / Canadian Meteorological Centre
Division de la réponse aux urgences environnementales /
Environmental Emergency Response Division
I've been kinda wanting to do this for a while now.
I haven't looked over the OpenID spec lately but I think it'd be
pretty straightforward to add code to allow Slash site users to
specify foo.com/~nick as their identity url so they could
authenticate that way on other sites. That seems like it'd be a
project of less than a day or two, including reading the spec, but
we basically just haven't gotten around to it.
If anyone has done it already and wants to submit a patch, go right
ahead, I'd love to add it. (The more-commented the code, the more
quickly I can understand and accept the patch... comments linking to
spec URLs to explain what the code does are especially awesome.)
Or if anyone wants to explain to me in detail what specs to read,
what existing code to reuse, and what my code has to do, I can
probably write the plugin in a weekend. But you'd have to be
persistent, I will probably have lots of email questions. And I'm
not sure which weekend it would be :)
And, there's two sides to OpenID. It'd be harder to enable Slash to
allow login with OpenID somehow. It's not desirable (at least for
Slashdot) to equate merely having an OpenID URL with having created
a Slash user, nor is it obvious what the relationship between those
things would look like. (If you aren't logged in and present OpenID
credentials, do we robo-create a user for you? After you enter a
captcha? What about all the code that assumes a Slash user has a
valid email address? Or do we treat your OpenID URL as a
pseudo-user somehow? That's a huge can of worms. Is login handled
properly by the 4+ different authentiction code paths in Slash?)
The cheap way out would be to just allow existing users to enter and
confirm an OpenID identity URL and then note that fact in their user
data so it can appear on their /~nick page. But would anyone
seriously care about that? If everyone did it, I'm sure some
researcher would wet themselves and write a paper with graphs of
LJ-/. users but I doubt anyone's going to do it unless there's some
benefit. Explain to me what that benefit could be, and I'll
consider working on that part of OpenID.