Why do I have an external authentication mechanism? I don't want to maintain a user database just for my blog. It's more moving parts and requires things like sending email pings to random email addresses and mechanisms for resetting or retrieving a forgotten password. Not to mention that it's yet another username/password to be remembered by the person doing the commenting.

So, instead, he authenticates against the php.net cvs setup for any and all users of his site. He transitions from this over to the main point of the post - his thoughts on authentication, specifically the move towards a more centralized resource to bounce the user's information off of. He mentions TypeKey and OpenID as two technologies that are moving in the right direction.

Bringing it back to PHP, Wez notes that the PHP support for both of these technologies is very lacking, but he's been working on a patch for the openssl extension that could help that significantly.