I just received this email from one of the two OpenID providers I signed up with
This is a notice that [XXXXXX] will be having a maintenance outage starting at 08:00 on 2007/09/12, Pacific Time. The outage may last as long as 60 minutes, but is expected to be considerably shorter. The reason for this outage is: Database upgrade During the outage, the [XXXXXX]website may be unavailable or unresponsive, and users will be unable log into OpenID-enabled websites using their [XXXXXX]accounts. The latest information about this and other [XXXXXX]vents can always be found on....
I know it’s early days on the OpenID front, but this does illustrate a prime limitation that has to be addressed carefully. If a large percentage of sites adopted the OpenID scheme without an alternative means of authentication then a few well placed DDOS attacks on registrars could essentially block out access to thosuands of sites.
Proceed with caution and make sure you allow users to login to your site with a secret stored locally if you’re implementing OpenID.