I think that there wouldn't be security risk. The only thing that
would be needed is more legal jargon when signing up that allows the OP
to use a third party to act on behalf of the OP in case they go down.<br><br><div class="gmail_quote">On Dec 6, 2007 2:03 PM, André Luís <<a href="mailto:andreluis.pt@gmail.com">andreluis.pt@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">How about - really - promoting delegation? I, for one, use my website<br>as openid url. If <a href="http://myopenid.com" target="_blank">
myopenid.com</a> is down, i go there, change my OP and<br>still login with <a href="http://id.andr3.net" target="_blank">id.andr3.net</a><br><br>I don't see this as a challenging concept for the average joe, if<br>properly explained and made easy for them to switch providers.
<br><br>Is there any security risk in something like this?<br><br>--<br><font color="#888888">André Luís<br></font><div><div></div><div class="Wj3C7c"><br><br>On Dec 6, 2007 6:57 PM, Dominick Accattato <<a href="mailto:daccattato@gmail.com">
daccattato@gmail.com</a>> wrote:<br>> Another approach although left up to the authenticating site would be for a<br>> temporary account where the temporary username/password is sent to the users<br>> email address during downtime.
<br>><br>><br>><br>> On Dec 6, 2007 1:53 PM, Dick Hardt < <a href="mailto:dick@sxip.com">dick@sxip.com</a>> wrote:<br>> > That would be one approach, but I can see it being very challenging<br>> > for your average user to manage.
<br>> ><br>> ><br>> ><br>> ><br>> > On 6-Dec-07, at 10:10 AM, André Luís wrote:<br>> ><br>> > > That's why I believe it's a good practice for each user to have more<br>
> > > than one provider and the consumer services allow to register more<br>> > > than one OpenID address for each of their account.<br>> > ><br>> > > I'm new to the list, so pardon if any of this have been argued
<br>> > > against.<br>> > ><br>> > > Cheers,<br>> > > André Luís<br>> > ><br>> > > On Dec 6, 2007 5:47 PM, Dominick Accattato < <a href="mailto:daccattato@gmail.com">
daccattato@gmail.com</a>><br>> > > wrote:<br>> > >> What happens when an OpenId provider is down:<br>> > >> <a href="http://www.alexanderinteractive.com/blog/2007/09/disadvantage-of-" target="_blank">
http://www.alexanderinteractive.com/blog/2007/09/disadvantage-of-</a><br>> > >> openid-and-web-services.html<br>> > >><br>> > >> --<br>> > >> Dominick Accattato, CTO<br>> > >> Infrared5 Inc.
<br>> > >> <a href="http://www.infrared5.com" target="_blank">www.infrared5.com</a><br>> > >> _______________________________________________<br>> > >> general mailing list<br>> > >>
<a href="mailto:general@openid.net">general@openid.net</a><br>> > >> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>> > >><br>
> > >><br>> > > _______________________________________________<br>> > > general mailing list<br>> > > <a href="mailto:general@openid.net">general@openid.net</a><br>> > > <a href="http://openid.net/mailman/listinfo/general" target="_blank">
http://openid.net/mailman/listinfo/general</a><br>> > ><br>> > ><br>> ><br>> ><br>><br>><br>><br>> --<br>><br>><br>> Dominick Accattato, CTO<br>> Infrared5 Inc.<br>>
<a href="http://www.infrared5.com" target="_blank">www.infrared5.com</a><br></div></div></blockquote></div><br><br clear="all"><br>-- <br>Dominick Accattato, CTO<br>Infrared5 Inc.<br><a href="http://www.infrared5.com">www.infrared5.com
</a>