[OpenID] OpenId downtime
Ashish Jain
ajain at pingidentity.com
Thu Dec 6 23:52:38 UTC 2007
This assumes that the RP has the up-to-date email address of the user.
If the RP has completely outsourced its account management to OP, it may
not have the need to store email addresses locally.
Additionally, it creates a weak link to get into the RP.
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Simon Willison
Sent: Thursday, December 06, 2007 4:44 PM
To: Dominick Accattato
Cc: general at openid.net
Subject: Re: [OpenID] OpenId downtime
On 12/6/07, Dominick Accattato <daccattato at gmail.com> wrote:
> What happens when an OpenId provider is down:
>
http://www.alexanderinteractive.com/blog/2007/09/disadvantage-of-openid-
and-web-services.html
I think this is a solved problem - you do exactly the same thing you
do when a user forgets their password: e-mail them a one-time token
that allows them to click a link to log in to your site. Sites that
accept OpenID should have a "my OpenID isn't working" link in exactly
the same way that sites that use passwords have a "I've forgotten my
password" link.
Cheers,
Simon Willison
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list