[OpenID] Distributed ID Servers
Johannes Ernst
jernst+openid.net at netmesh.us
Thu Dec 21 04:43:34 UTC 2006
We already have that, at least to some extent.
First, you can load balance etc. and hide several physical servers
behind the same domain name.
Second, you can specify N>=1 services supporting the same service
type (e.g. OpenID Auth 1.1) at M>1 different domain names, by putting
multiple entries into the Yadis/XRDS file, potentially with priorities.
What we don't have currently is many implementations that check the
aliveness of an authentication server before redirecting the browser
session there. But a simple HTTP HEAD on the service URL should suffice.
On Dec 20, 2006, at 20:05, Darryl wrote:
> Are there any ideas about making the OpenID system
> safe from ID server downtime? I'm thinking that if the
> ID's themselves were distributed around to various ID
> servers, while still associating each ID with an
> actual server, when that server goes down, the system
> could default to the ID server network to see if the
> ID is available elsewhere. All the data could be
> hashed like we would normally hash just passwords,
> this way noone could see who has access to what.
>
> There might also be a way to keep the primary ID
> server's information up-to-date after it goes down
> while still letting people authorize new sites during
> the down time. When the primary ID server goes down, a
> temporary ID server could be chosen and when the
> primary is back online, you could inform it of updates
> on that temp server, and then, when the primary is
> updated, the information propagates. Ofcourse, if the
> information on the temp server is not genuine it
> wouldn't propagate because the primary would refuse
> it.
>
> Just some ideas. I'm sure they couuld be improved upon
> or something.
>
> - Darryl McAdams
>
> -------------------------------
>
> o///
> Be seeing you...
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list