On Fri, Feb 22, 2013 at 4:07 PM, Tyler Romeo tylerromeo@gmail.com wrote:
In cases where a tool is keeping an authentication database, and is not acting on behalf of a user, then OpenID would let the tool eliminate its username/password store.
This is exactly what I'm saying. It doesn't do this. If a tool has a username/password store, i.e., it uses the username and password of each user, enabling OpenID wouldn't solve the authentication problem. Like I said, it only works in cases where the bot does all of its work under its own account.
Let's consider bugzilla.wikimedia.org, for instance. It has its own credentials store. With OpenID as a provider on the projects, it could be possible to use your Wikimedia credentials rather than a username/password specific to bugzilla.
In this situation bugzilla isn't acting on behalf of a user to interact with another application. An application acting on behalf of a user with another application is what OAuth does, not OpenID, and this thread isn't about that.
Sure, it would be great, but allowing authentication as a consumer is a
much more difficult step, and we're not ready to take it right now. OpenID
as a provider solves some long-standing problems and is a step in the
right
direction, let's focus on one thing at a time.
How exactly is it so difficult? You just set the configuration option for the extension.
Feel free to bring this question up in another thread. Please search through the archives before doing so, though. I've answered this question numerous times over the past 2-3 years.
- Ryan