[OpenID] OpenId downtime
Martin Fick
mogulguy at yahoo.com
Fri Dec 7 02:43:22 UTC 2007
--- Gabe Wachob <gabe.wachob at amsoft.net> wrote:
> The XRD descriptor allows listing of multiple
> OpenID providers - for just this (and other)
> reasons.
Hmm, could you explain or point me to a document
explaining how to do this without incurring a single
point of failure.
> Regardless of the mechanism, I don't know how
> current implementations do "fallback" - it's not
> clear how an RP would detect that an OP like
> myopenid.com is "down". For example, in the example
> given, the auth page loads just fine -
> it's "administratively" down, but still reachable
> by a browser...
Perhaps this needs to be considered with an extension
to the protocol. I still can't see myself committing
to openid until I find that it has a simple
redundancy mechanism. The key here is that it has to
be simple, I don't want to have to resort to
email/other password backup mechanisms for all my
sites as most of the suggestions suggested here would
have me do. This would put me right back to the
current insecure practices, but even worse, it would
mean that if my openid provider/site is down that I
now have to switch/perform recovery for every site
that I use the openid at!! This is much worse than
the current mess of insecure passwords. Why should I
switch to openid if I can't really control my identity
in a reliable way? Someone please tell me
there is a good solution to this!
-Martin
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
More information about the general
mailing list