Several friends of mine, notably some blogger friend of mine, were complaining that they are unable to post their comment in my blog. When I asked them into detail, they told me that when they trying to post comment, this blog asked them to login, while they do not have an account in this blog. Some of them even tried to register for an account in this blog to post comments, but I had disabled the registration mechanism for this blog.

Actually, there is no error for the comment system of this blog. And the login screen they saw, are not from the authentication system of this blog. It is actually the authentication system of their own blog/website.

So why do they have to login to their own blog/website when they comment in my blog, since this blog is not a Blogspot blog? Here I will explain why.

This blog commenting system has OpenID integrated. If you did fill your website URL at the “website/OpenID” text area, the comment system will attempt to check and see if that URL have OpenID enabled for that domain name or not. If it found that OpenID is enabled for that domain name, it will require you to login and authenticate your OpenID by logging in to your blog/website in order for your OpenID system to allow you to authenticate your identity in this blog. If you had already logged in to your blog/website before posting the comment, you will only see the OpenID grant/deny page of your blog/website.

If you concern that your password will be intercepted, then I would tell you that you do not need to worry. OpenID itself is an authentication system which allow you to login to other websites without password. You only need to login to your own blog/website and you can use your domain name or URL to login to OpenID enabled websites without the need of registration and passwords.

And if you left the “website/OpenID” text area blank, you can still post the comment, but you will be considered as anonymous by the comment system and need to go through moderation process, although it will show your gravatar and your nickname. This also applies to domain name or URL which do not have OpenID enabled.

So why I implement this troublesome commenting system in my blog?
The answer is very simple. I want to make sure the person who posted the comment is not some impostors who using someone else’s identity to create conflict in my blog. As I am some how considered as a public enemy by quite a lot of people, since the day I started blogging, it is necessary for me to implement such kind of identification security to my blog.

Furthermore, it is too easy for using someone else’s identity to post a controversial comment if there is no identification security is implemented. You just need to know the person’s nickname and email, then you will be able to pretend as that person and use his/her gravatar in the comment.