[OpenID] OpenId downtime
Sam Alexander
sam.alexander at vidoop.com
Thu Dec 6 20:05:22 UTC 2007
I think a solution might be to either:
- educate users on redundancy and encourage multiple OpenIDs (even
most non-techies have throwaway e-mail addresses, so this isn't an
entirely new concept)
or
- have Relying Parties use some consistent account recovery method
via a different channel (email, sms, otp, fedex a hardware token,
whatever)
This is really easy for a RP to pick up on, right? It goes like this:
You have entered an identifier that I recognize because its
associated with an account in my database. However, my HTTP
discovery fails on that identifier which means something is up. So
instead of the usual "Failed to find OpenID endpoint" message, I can
say "Hey, I remember your OpenID worked at some point, but your
OpenID provider appears to be down, would you like to login another
way?"
- Sam
On Dec 6, 2007, at 1:23 PM, André Luís wrote:
> Oh.. I hadn't thought of that. *smacks forehead* Well said... We
> would be just moving the single point of failure elsewhere.
>
> Damn.
>
> --
> André
>
> On Dec 6, 2007 7:11 PM, Pat Patterson <Andrew.Patterson at sun.com>
> wrote:
>> The average joe doesn't have his own web page. Of those that do, I
>> suspect a very small minority would be prepared to edit HTML.
>>
>> Of course, some delegation provider could make it very easy to do
>> this, entering your OP details in a form, generating HTML for you
>> etc.
>> But when that provider goes down or out of business...
>>
>> "It's turtles all the way down." - http://en.wikipedia.org/wiki/
>> Turtles_all_the_way_down
>>
>> Cheers,
>>
>> Pat
>>
>>
>> On Dec 6, 2007, at 11:03 AM, André Luís wrote:
>>
>>> How about - really - promoting delegation? I, for one, use my
>>> website
>>> as openid url. If myopenid.com is down, i go there, change my OP and
>>> still login with id.andr3.net
>>>
>>> I don't see this as a challenging concept for the average joe, if
>>> properly explained and made easy for them to switch providers.
>>>
>>> Is there any security risk in something like this?
>>>
>>> --
>>> André Luís
>>>
>>>
>>> On Dec 6, 2007 6:57 PM, Dominick Accattato <daccattato at gmail.com>
>>> wrote:
>>>> Another approach although left up to the authenticating site would
>>>> be for a
>>>> temporary account where the temporary username/password is sent to
>>>> the users
>>>> email address during downtime.
>>>>
>>>>
>>>>
>>>> On Dec 6, 2007 1:53 PM, Dick Hardt < dick at sxip.com> wrote:
>>>>> That would be one approach, but I can see it being very
>>>>> challenging
>>>>> for your average user to manage.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 6-Dec-07, at 10:10 AM, André Luís wrote:
>>>>>
>>>>>> That's why I believe it's a good practice for each user to have
>>>>>> more
>>>>>> than one provider and the consumer services allow to register
>>>>>> more
>>>>>> than one OpenID address for each of their account.
>>>>>>
>>>>>> I'm new to the list, so pardon if any of this have been argued
>>>>>> against.
>>>>>>
>>>>>> Cheers,
>>>>>> André Luís
>>>>>>
>>>>>> On Dec 6, 2007 5:47 PM, Dominick Accattato <
>>>>>> daccattato at gmail.com>
>>>>>> wrote:
>>>>>>> What happens when an OpenId provider is down:
>>>>>>> http://www.alexanderinteractive.com/blog/2007/09/disadvantage-
>>>>>>> of-
>>>>>>> openid-and-web-services.html
>>>>>>>
>>>>>>> --
>>>>>>> Dominick Accattato, CTO
>>>>>>> Infrared5 Inc.
>>>>>>> www.infrared5.com
>>>>>>> _______________________________________________
>>>>>>> general mailing list
>>>>>>> general at openid.net
>>>>>>> http://openid.net/mailman/listinfo/general
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> general mailing list
>>>>>> general at openid.net
>>>>>> http://openid.net/mailman/listinfo/general
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> Dominick Accattato, CTO
>>>> Infrared5 Inc.
>>>> www.infrared5.com
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>
>>
>> - - - - -
>> Pat Patterson
>> Federation Architect, Sun Microsystems, Inc.
>> pat.patterson at sun.com - http://blogs.sun.com/superpat
>> - - - - -
>> Join OpenSSO today! http://opensso.dev.java.net/
>> - - - - -
>>
>>
>>
>>
>>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list