Now, there is a “best practices” recommendation where you should allow any given “user” (in terms of one person) the ability to link multiple OpenIDs, or set a plain ‘ole username and password, in case their OpenID Identity Provider is down.

I personally would rather go with additional factor authentication. Simple (private’ish) profile questions that only come into play when a provider does not resolve.

That’s just me, though.

I partly followed the “best practices” concept and just made each user have an OpenID field which is checked against when logging in via OpenID.

Although i didn’t go so far as to allow them to have multiple OpenID’s, as considering they could still login with a regular username + password it seemed a bit silly.

IMO, if one wants to use multiple OpenID providers with a single app, they should just setup their own OpenID page which links to any one of the various providers they want to use.

Regards,

James

You should also take a look at OAuth… “OpenID for APIs” in a sense… or a kind of generalized FlickrAuth. We’ve been building this out for the last several months to solve problems that both Ma.gnolia and Twitter have had in either getting OpenID to work on the desktop side (Ma.gnolia Dashboard Widget support for OpenID) or on the API side (Twitter’s various mashups that ask for your Twitter username and password).

Basecamp currently exposes a limitation of OpenID in that it assigns you a username and password to access your protected RSS feeds… instead, Basecamp should grant external applications a token that allows for user-controlled access to their data. OAuth provides the protocol to solve that exact problem.

http://groups.google.com/group/oauth