Random rants and wandering words
From the category archives:
On a much happier note than the Spearfish Travelodge review that I just posted, while I was on vacation I missed an opportunity to ride TriMet’s MAX light rail trains on a test run down the recently-reopened transit mall in downtown Portland. Fortunately my friends made sure I was there in some form:
Photos posted to Flickr by Igal Koshevoy; I’m not sure who the photographer was.
{ 1 comment }
Seen at WordCamp: Las Vegas, I can’t help but wonder if this means that WordPress users will be faced with another redesign of the admin screens.
{ 0 comments }
Last week I started a new project which I’m unveiling today. I haven’t done much political blogging in a while, and being someone who’s not an Obama fan while living in the Portland area has been an interesting experience. I’m disappointed but not surprised by last week’s election, and wanted an outlet to journal what I’m expecting will be a long four-plus years ahead. As a blogger, the written form in chronological format made since.
Obama’s campaign ran under the moniker of change but I suspect what’s happening is that he shortchanged.us.
*I’ve disabled comments on this post; I don’t want to start a political debate on this site. Feel free to comment over on shortchanged.us if you wish.
[tags]obama, politics, shortchanged[/tags]
{ Comments on this entry are closed }
I’m a big proponent of OpenID. Last week when Will Norris unveiled version 3.0 of his wp-openid plugin for WordPress? I was there in person.
One of the new features in Will’s plugin is the ability for a WordPress blog to act as an OpenID provider. I know there’s some logic behind this feature, but it’s not for Joe Blow with a Blog to take over the world as yet another provider. My buddy Adam wrote a piece at Webmonkey titled Make Your Blog an OpenID Provider, but I respectfully disagree with that proposition.
In an OpenID world, my OpenID will allow me to access all sorts of electronic resources. Some of those resources might be of minimal security concern, such as leaving a blog comment or signing into a bookmarking service. Other resources might warrant tighter security, such as a core e-mail account, domain registrar, or financial institution.
A simple username/password really isn’t strong enough security for my most important information, yet that’s the security provided by WordPress if used as the OpenID provider.
Ideally an OpenID provider will offer some form of multifactor authentication involving something other than a simple password. Vidoop offers their image shield in conjunction with an activated, trusted web browser. JanRain offers a phone call system. Verisign’s Personal Identity Portal allows for a fob-based rotating password. If OpenID is going to be used to protect sensitive information, it should be done with a secure system such as these.
The wp-openid plugin does allow for delegation, meaning one could use their blog URL as their OpenID URL, while using the authentication services of a more secure provider such as the ones I’ve named. Using the plugin to allow OpenID login or delegation is excellent, and something I’d recommend, but configuring one’s WordPress blog as their ultimate OpenID provider is probably a less-than-ideally-secured step away from what I see as the long term goal of OpenID adoption.
[tags]openid, wp-openid, wordpress, identity, security[/tags]
{ 4 comments }
