Quote from BBO@BSR :

I you want to have a deeper look into the security, privacy, usability, trust problems etc. etc.
I recommend that site:
http://idcorner.org/2007/08/22/the-problems-with-openid/

Sounds pretty scary.

However, with security concerns you should always ask what assets there are that need to be protected. I can think of two: your reputation as a racer, and your LFS license. The reputation has no economic value, but the LFS license does. Suppose someone is able to phish your OpenID identity, and use that to unlock S2. Then he can do that on a larger scale, and sell the stolen game-passwords. Or he could play LFS with a stolen license, go on a wrecking spree, and laugh at the bans that follow. That would do real damage, both to the people whose identity is stolen, and to LFS itself.

I agree that single sign-on across LFS-related websites would be nice, but I think two conditions must apply:
- The OpenID identity should not be sufficient to gain access to the sim.
- Users should be warned to keep their LFS identity separate from other OpenID-based identities they might have.

Quote from Victor :

I might do this. Will have to do some more reading to understand how it works, but this line from the developers guide they link to :

sounds interesting. Nothing would change for existing users and new users can use their OpenID. I have nothing against that, if it's safe.

Thanks to the 'similar threads' feature, I found this topic as I was about to post the same thing just in the Programmer Sub-Forum 'Using LFS World stats on your own website.'

I was thinking about this mainly with the 2009 LFS Community Year-End Awards and it's 'security problem.' The idea being with that is that a user can sign in using their username and password from LFS Forum/World/.net, and then from there cast their vote. It's secure because it's their account casting the vote!

But, I would like to add to that and ask the a username list be made available, that way an AJAX popup like the one found on the Search Page's Username Field
(Via what I think is the vB_AJAX_NameSuggest(). This being queriable via an AJAX request though HTTP Access Control or ACD solution would be awesome!

A one year bump, because this might be useful for a PRISM login system on the HTTP side of things. Victor ... what do you think? Where admins can admin their server using their login credentials from LFS to login to the admin panel for PRISM. This way, PRISM never stores the password, just the session.

Bumping again, would be good for certain servers.