agreed. Has that already been documented cause it should probably be a technical note to implementers.<br><br><div class="gmail_quote">On Dec 6, 2007 6:44 PM, Simon Willison <<a href="mailto:simon@simonwillison.net">simon@simonwillison.net
</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On 12/6/07, Dominick Accattato <<a href="mailto:daccattato@gmail.com">
daccattato@gmail.com</a>> wrote:<br>> What happens when an OpenId provider is down:<br>> <a href="http://www.alexanderinteractive.com/blog/2007/09/disadvantage-of-openid-and-web-services.html" target="_blank">http://www.alexanderinteractive.com/blog/2007/09/disadvantage-of-openid-and-web-services.html
</a><br><br></div>I think this is a solved problem - you do exactly the same thing you<br>do when a user forgets their password: e-mail them a one-time token<br>that allows them to click a link to log in to your site. Sites that
<br>accept OpenID should have a "my OpenID isn't working" link in exactly<br>the same way that sites that use passwords have a "I've forgotten my<br>password" link.<br><br>Cheers,<br><font color="#888888">
<br>Simon Willison<br></font></blockquote></div><br><br clear="all"><br>-- <br>Dominick Accattato, CTO<br>Infrared5 Inc.<br><a href="http://www.infrared5.com">www.infrared5.com</a>