[OpenID] OpenId downtime

Martin Fick mogulguy at yahoo.com
Wed Dec 12 17:26:14 UTC 2007 

--- Joseph Anthony Pasquale Holsten
<joseph at josephholsten.com> wrote:

> Martin Fick wrote:
> > And none of those other services that you hint
> > at are alltime single points of failures for
> > ALL of your other services!  This really is
> different.
> 
> For peet's sake! Recognize that yes, this is an
> issue. You need to take steps to ensure your 
> authentication provider isn't dead.

I am recognizing this as a flaw in the design 
of openid.  You may raise your hands to the 
world and shout "wake up and live with it," 
in the mean time the rest of us who care 
about solutions will support (and perhaps
even help suggest/design/build) identity 
solutions that provide a backup mechanism 
in an attempt to eliminate single points
of failures for entire suites of 
applications.
 
> This is an issue with every form of authn, it's what
> separates the pros from the amateurs. 

Currently with the hodge podge of insecure 
logins that I have, I do NOT have this single
point of failure, please do not pretend that
openid is no worse off in this regards, it IS!


> What if the government became corrupt? 
> then ID cards wouldn't be worth trusting.

What do you mean "what if"?  The gov. is corrupt 
and gov. IDs still have some value. :)  But this 
is a perfect example of your misunderstanding 
because as pointed out by many ID experts, we 
do not have a single point of ID in most places,
even if supposedly mandated by law.  For example
my driver's license will not get me into my 
office, I need a badge supplied by my office 
for that.  The license is not a single point of 
failure, it could be used as a backup mechanism 
though if I forget my work badge.  Also, even my
license can be backed up, I own a passport.  
What a concept!  If those are lost, I have a 
procedure to get new ones usually involving a 
birth certificate.  None of these are single 
points of failure, why would you suggest that
they are or compare them to a technology that 
is?


> I encourage you to take effort to ensure your
> authenticators are available. But someday, 
> when you need authentication, they won't be.

Despite you negativism, it is very unlikely 
that with my current solution they would ALL 
be down at once since they are widely 
dispersed!  I don't plan on switching to a 
technology, openid, which would make 
this much more likely even with HA openid
providers it would be much more likely!


> Jabber has been used for years as an authn provider.
> There's a drupal plugin if you want to investigate.

Thanks, interesting, any way to make jabber id 
resilient?  But, I am hoping to get the openid 
community to actually come up with an openid 
solution that is resilient, that's why I am on
this list,

-Martin


      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the general mailing list