On Fri, Feb 22, 2013 at 3:19 PM, Tyler Romeo tylerromeo@gmail.com wrote:
To be absolutely clear, this does *not* solve the problem of bots/tools authenticating on behalf of a user. All it does is solve the problem of where a bot/tool authenticates under its own user account and, out of pure courtesy for the community, asks users to prove their identity before allowing them to use the bot/tool. For bots/tools that actually perform edits as the user, OpenID would be useless.
You're confusing use cases. What you're talking is the use case for OAuth. This thread isn't about OAuth. I believe we have plans to add OAuth next quarter, but if you wish to continue discussing it, please make a new thread.
In cases where a tool is keeping an authentication database, and is not acting on behalf of a user, then OpenID would let the tool eliminate its username/password store.
Also, I think Wikipedia acting as an OpenID consumer would be bounds more useful than acting as a provider. That's not to say that having both wouldn't be a good idea, but the consumer side of it should definitely be a priority. Think of sites now like StackOverflow, where creating an account is as simple as pressing a few Accept buttons.
Sure, it would be great, but allowing authentication as a consumer is a much more difficult step, and we're not ready to take it right now. OpenID as a provider solves some long-standing problems and is a step in the right direction, let's focus on one thing at a time.
- Ryan