Comment Spam?
From what I’ve been reading, comment spam on MT blogs is a big problem. Not that you’d know it here, because we rule, but since MT blogs are mostly the same in the way their comment pages work, spammers are using the anonymous comment system prevalent in the blogging world to increase their Google rankings. The link above points to SixApart’s blog, the company that makes Movable Type as well as TypePad. I think I have an idea for a solution.
One of the proposed (and subsequently squashed) solutions offered up by SixApart is perhaps that each commenter have to register with each site in order to comment. This sucks, and everyone knows it. But what if you could sign on once and be able to comment everywhere? This is called identity federation, and it could work.
What’s identity federation, you ask? Well, as Ping Identity Corp is a major client of mine, I’ll tell you. In essence, the simplest form of identity federation is the ability to single sign-on to multiple, cross-domain web applications. Create an account on one system, link it to an account on another and voila: once you’re signed into one, you’re immediately signed into the other. I’m not really qualified to go into the hows and whys of this, but suffice it to say that SourceID is at the heart of it all, adheres to the Liberty standard and is implemented in Java and .NET. A PHP5 version should happen soon, I assume. In essence, each application has to be registered with an identity federation that includes all the applications in a ‘trusted circle’ of sorts.
So what do single sign-on and identity federation have to do with blogs, you ask? Well, I’ll tell you that, too. Say SixApart runs a centralized identity repository. And say PHP or perl someday in the near future include a way to check credentials against this repository the way SourceID.Java and SourceID.NET do. And say Movable Type’s (or your) database system allows for instant identity provisioning (creation and destruction of temporary identities on a given system). You sign in once to SixApart’s application (which in this case would pretty much just exist to authenticate you), and immediately you’re authenticated to any system that would run the (open-source) SourceID protocol and are registered with the central federation. This could be built into home-rolled systems as well as MT or TypePad.
And then let’s say that some of the prominent players in the field (say, AOL, Yahoo, Google, and other large companies developing blog apps) get in on the thing and share the identity repository across multiple domains and servers; sharing the load required to run such a distributed application.
You’d have an almost user-transparent, reliable, redundant, open-source, highly-customizable way to authenticate commenting and discussion among weblogs. And given the nature of the internet, you’d probably end up with a whole lot more as well.