intertwingly

I’ve implemented a small amount of glue code that calls out to the JanRain Python OpenID library.  Unlike most other OpenID enabled consumers, I’ve made a few simplifying assumptions, if anybody sees something I missed, please leave me a comment.

My assumptions are that if your website is OpenID enabled, (1) you want to authenticate, and (2) you don’t want anybody else to be able to “spoof” your ID.  With these assumptions, I can eliminate the need for anybody to “login” to my site.  People simply enter their comments normally, and when they press “Submit”, Yadis autodiscovery is performed.

• If OpenID is not enabled, then the submit proceeds normally.
• If OpenID is enabled, and you are logged in and accept my site’s trust_root, then again, then you should see no visible change beyond a slight delay.
• Only if OpenID is enabled and you are either not logged in to your site or you haven’t indicated that you trust my site do you see any extra interaction.

Additionally, my site makes no use of cookies or JavaScript.  Instead, I employ URL rewriting techniques to achieve the effect of a session.  Of course, your OpenID provider may require cookies, but that is entirely between you and that provider.

Finally, I haven’t integrated this with my Spam avoidance techniques - with two minor exceptions.  If you authenticate, I put the address of your OpenID provider in the title of the link instead of your IP addresses.  Additionally, if you authenticate, I never put in a rel="nofollow".  Of course, all this is subject to change at any moment.