Okey, i will try to write this post in english, and i sorry if some doesnt understand but how all must know i'm a spanish speaker and i don't have a lot of practise about writing english, just reading.

The reasons for not to use OpenID on gNewBook are the current issues about security and privacy, and some others generals but less important.

The core reasons for gNewBook existance are the need for use a Social Network with security, privacy and freedom, the first and last are implemented trough the applications in self, a free software solution, code published and where the code is tested for all. The second, privacy, is i bigger difference, we not only worried about the privacy of the users data, we want that evrething about this be controled and decided for the users. That is why the users decided and build the Term of Use and Privacy, but always when we integrate an aplication from third people (providers) we must check the privacy and security from his implementations.

OpenID still have security problems, that of course we cant fix, because is not under our control. The problem could involucrate from phishing issues (man-in-the-middle) if users uses URL, or even affected for DNS poisoned, to the consideration that if an attacker gains access to a user's OpenID login, he immediately has access to all sites that user can login to where the same OpenID/password combination has been used, and all we know that the normal user always use the same and since all OpenID providers have the option to stay logged-in to it (thus authenticating without providing a password), CSRF attacks become very easy because no password is required.

But, our big worried is about privacy, since all authentication process goes via the OpenID provider, the provider can track all the sites their users are accessing, funy right?

Are other issues, about what happend if the user can't log in because his provider is down?, or what if the provider have security problems like a very famous chilean OpenID implementation called BetaID, cracked some time ago.

Yes, maybe this are only stupid ideas, but i still prefer be safe of where my data goes, my privacy (i dont like others know what i do and what pages i visit) and not using OpenID whe could implement any secure options, and always this be under our control.

Finally, what about legal issues?, all this work only for a promise?, dont joke, is not a licensing or legal statement about the use of logo and trademarks of OpenID, and really this mathers because we dont have the rights legaly talking, just a personal or corporative promise like Microsoft Open Promise that at the end, legally talking is a joke if you going to use it for your own implementations.

In conclusion, if you going to use OpenID for free software projects, please dont, still we be sure that all this issues are fixed.

You could find more information here:

http://practicalid.blogspot.com/2010/04/openid-issues-list.html

http://factoryjoe.com/blog/2009/02/17/bbc-digital-planet-podcast-featuring-openid/

http://factoryjoe.com/blog/2009/04/06/does-openid-need-to-be-hard/

http://en.wikipedia.org/wiki/OpenID#Legal_issues

http://openid.net/intellectual-property/

http://wiki.openid.net/Formal-IPR-Policy

http://lists.openid.net/pipermail/openid-general/2007-August/012524.html

http://www.mail-archive.com/board@openid.net/msg00769.html