Strong opinions, weakly held

Quick and dirty identity management

Am I the only person who has noticed that more and more companies are using the user management facilities in phpBB to manage identity across their entire Web sites? The ability to create, update, and otherwise manage user accounts is functionality that has to be built for most Web sites, and it seems like a lot of people are just opting to use the features already built into phpBB rather than building something new. At first I associated this trend mostly with Web sites associated with games, like Curse Gaming and Warcraft Realms, but it’s popping up elsewhere as well. For example, the folks who sell MyEclipse use the forum login for handling all account issues, including keeping track of who’s allowed to download their products.

I suspect that this trend arises from the fact that if you want to provide forums as part of your site and you don’t want to write them yourself, the easiest approach is to just extend the account management facilities of the forum rather than writing your own system and hacking the forum software to interact with it. It kind of makes you wonder whether there isn’t room for a generic open source PHP login system or perhaps even just a simple standard that Web applications could use to provide even more opportunities for integration. Forums are just one type of software that requires logins, there’s also blogging software like WordPress, wikis like Mediawiki, and plenty of other account-based software as well. Using your forum’s user tables works fine if you only want to use one off the shelf application, but when more enter the picture, you’re as stuck as you ever were. It seems like this is an area where some standardization effort would pay off.


  1. Dick Hardt has been speaking about a unified identity services for a while now and I’m inclined to agree. He gave a note at Supernova 2005 called Distributed Business and can be heard over at IT Conversations. Worth a listen.

  2. One more note: Dick Hardt has a a blog here and also comments over at identity 2.0, which is a good starting point when thinking of this.

  3. PAM, SASL, GSS-API, OpenID, Kerberos, TypeKey, LID, rc3.org login, and on, and on, and on…

    So many standards to choose from, so little time. YADIS nails it dead on: building Yet Another Decentralized Identity Interoperability System

    Several of those have already been thru the IETF. The trouble is that by its very definition, identity means different things to different people. There are solutions to specific problems already.

    An awful lot of technologists keep wanting a “user managed” system; the problem is that 99% of the population doesn’t want a system that they have to maintain/update/authorize, etc. It doesn’t pass the grandma smell test.

    People’s idea of identity management now is using the same userid/password for all web sites; leaving off the @domain depending on the site.

    So we know what users want: userid/password. What do techy’s want? A scalable trusted distributed federated identity management system (with synergy no less). What do businesses want? Security and confidentiality. So the tech solution (federated) is orthagonal to the business requirements.

    Folks are going to continue to take the business risk in starting up identity businesses, like Sxip, like SentriSystems, etc. All hoping to be the standard and making gobs of money.

    Could a true ID system be built that meets all the requirements? Let’s talk; maybe we can start a company and make gobs of money being that standard.


    I’ve been racking my brains for the past few weeks trying to figure out how to do this very thing – a member’s area with pretty much the stuff that phpBB + a few mods will accomplish.

    Even better is this guy supports PostgreSQL, so I won’t have to have more than on DB engine running (the rest of the site uses it as well).

  5. Does phpBB talk to LDAP? As long as all your “off the shelf applications” have a highly configurable LDAP interface, this problem should be solved, right?

Leave a Reply

Your email address will not be published.


© 2019 rc3.org

Theme by Anders NorenUp ↑