On Fri, Feb 22, 2013 at 4:07 PM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
In cases where a tool is keeping an authentication database, and is not
acting on behalf of a user, then OpenID would let the tool eliminate its
username/password store.
This is exactly what I'm saying. It doesn't do this. If a tool has a
username/password store, i.e., it uses the username and password of each
user, enabling OpenID wouldn't solve the authentication problem. Like I
said, it only works in cases where the bot does all of its work under its
own account.
Let's consider
bugzilla.wikimedia.org, for instance. It has its own
credentials store. With OpenID as a provider on the projects, it could be
possible to use your Wikimedia credentials rather than a username/password
specific to bugzilla.
In this situation bugzilla isn't acting on behalf of a user to interact
with another application. An application acting on behalf of a user with
another application is what OAuth does, not OpenID, and this thread isn't
about that.
Sure, it would be great, but allowing authentication
as a consumer is a
much more difficult step, and we're not ready to take it right now. OpenID
as a provider solves some long-standing problems
and is a step in the
right
direction, let's focus on one thing at a
time.
How exactly is it so difficult? You just set the configuration option for
the extension.
Feel free to bring this question up in another thread. Please search
through the archives before doing so, though. I've answered this question
numerous times over the past 2-3 years.
- Ryan