Well done... We'll try and get a demo of this up somewhere soon :)
This are great news :-) Please tell me when the demo is up!
well you dont really need that (OpenID + comments) as with silverstripe you dont need a account on the site to leave a comment on the page. It might be more useful to have something like gravtar (http://site.gravatar.com/) support for page comments..
Sig - we could try and get it running on demo.silverstripe.com next week that would be cool to check out
Nice work Markus!
Requiring users to sign in to leave comments is a good idea however - it would dramatically reduce the amount of comment spam we are getting.
Well, while it maybe helps (for some time - until spammers use OpenID themselves) to reduce the amount of comment spam, I think it will also reduce the amount of "ham" comments since it needs more effort to comment something if OpenID authentication is needed.
Another point is that anonymous comments aren't possible anymore then.
Anonymous comments are close to useless - I don't think that's a feature worth crying over ;-)
The lowered amount of "ham" is a legitimate concern; there would need to be an easy, alternative means of verifying your identity other than OpenID. Perhaps the standard registration mechanism with email/password, followed by a verification email after the comment has been posted? The comment will be hidden until the verification email is clicked:
* Enter name, email, password, confirm password, and comment on the comment form
* Comment is saved, hiddden, into the databse
* Email is sent to the user
* At some stage, they get around to clicking the verification link in the email
* At that point, the comment appears on the site
As a tweak, perhaps comments are given an "amnesty" of a day - they are shown without a verification link for a day before being removed form the site.
So the commenting system needs to be changed to work only with registered users. The user can then decide himself which kind of account he wants to create (standard email & password or OpenID).
This also adds the constraint that the email field should really contain a valid(ated) email address and so we need to add a column for the username (if we still want to support user names like "admin") or require for every account a valid email address (which in my opinion would be the best option since it is the easiest way to remember his credentials for everyone).