The problem with OpenID

I just received this email from one of the two OpenID providers I signed up with

This is a notice that [XXXXXX] will be having a maintenance
outage starting at 08:00 on 2007/09/12, Pacific Time.
The outage may last as long as 60 minutes, but is expected
to be considerably shorter.

The reason for this outage is:

     Database upgrade

During the outage, the [XXXXXX]website may be unavailable or
unresponsive, and users will be unable log into OpenID-enabled
websites using their [XXXXXX]accounts.  The latest information about
this and other [XXXXXX]vents can always be found on....

I know it’s early days on the OpenID front, but this does illustrate a prime limitation that has to be addressed carefully. If a large percentage of sites adopted the OpenID scheme without an alternative means of authentication then a few well placed DDOS attacks on registrars could essentially block out access to thosuands of sites.

Proceed with caution and make sure you allow users to login to your site with a secret stored locally if you’re implementing OpenID.