Just having a braindump on this hot topic.

1. We should look to improving the user login side of OG/CW. Currently, you just go into the "preferences" page and set your ID to whatever you want.

If we have a password associated with the ID, this will hopefully prevent impersonation and other suchlike abuses. OK so the form may be sending the password in clear text, but the paranoid could always wrap the login page in https. The authenticated values result in a session cookie, much as happens with the preferences at present. It's probably best if the cookie does not hold much - just a session ID: index into a session table with a foreign key on a user table to retrieve preferences server side.

Secondly, the first password should be emailed to a valid email address. This also enables use of a "forgotten password" link or button on the login page.

An alternative to this would be manual "vouching" for new user requests. More work for the admins, but less work for the developers possibly.

2. Ideally we want OpenGuides to stay wiki, i.e. allow anonymous contributors. But, there's no reason why it needs to be a WorldWideWiki, open to Chinese and Russian spammers. We could restrict the anonymous login from anywhere but the same country as the guide is located in, decoding the country from the IP address (I'm sure there's a module or three that does this). Of course we still want genuine contributors to add content from abroad - but they can always register and log in :).

My £0.02th

Ivor.