If I may make one recommendation, do use https. If possible, allow users to turn off their non-https identity. It will be cheaper to do this with <https://idp.net/userid>. I do think the <https://userid.idp.net> looks better. http://josephholsten.com