Prompted by Automattic’s absorption of Gravatar, and consequently Matt’s implementation of Gravatars on his blog, I’ve incorporated the code to display gravatars on this blog here. You will find the relevant code to do similarly (if you’re running WordPress) here. Add the code immediately before the comment_text() call in your comments loop, and you’re all done.
As it happens, I wound up having to create two accounts at Gravatar, one for each of two of my mail addresses. I expect it’s already on the todo list over there, but I definitely think it should be possible to associate an account with more than one email address.
I gather that a new WP2.3 version of the WP-OpenID+ plug-in is also nearly ready for prime time. It’s going to be interesting to see how these various identity management tools work together.
The more security minded piece of the net that I follow isn’t thrilled about OpenID, at least in part because it’s so impossibly easy to do a phishing attack on it.
accumulated wiki information here:
http://wiki.openid.net/OpenID_Phishing_Brainstorm
Thanks for the heads-up on this phishing thread, Edward, it’s very interesting reading.
(Did I just call a security thread interesting? What is happening to me???)
It strikes me, though, that beyond (potentially) spoofing someone’s identity in comments on a blog, there isn’t much that can be done with a stolen OpenID identity? Also, since it is in the nature of phishing attacks that the phisher has little or no control over whose identity is being hijacked, it makes the value of impersonating J. Random Blog-Commenter moot.
Or am I missing something important?
Great article. I have this bookmarked. Thanks from Autoversicherung