Hello !
My name is Jan and I'am member of Scout Associations of Polish Republic.
Half year ago we are tackle with authorization problem. We had many scattered applications, without any global authorization system. We start considering OpenID (this was the first think) but more important things was on one's plate.
One of this most important things is implementing Drupal (what is almost done). Incidentally this is good time to back to talk about OpenID.
One of the most problem in our situation is that we can't guarantee that server will be availible for 2,5,10,100 years. Our hosting is not eternal. Problem with OpenID is when You give OpenID identyficator You can't go back. When Your hosting will disappear user loos access to their account on sites where they use this OpenID. This sucks and we know it.
The question is there any chance to provide to OpenID provider (for Drupal) option "allow login only from domain and subdomains" and/or "Whitelist domain login" which allow narrow down places from which user can log in.
This will be greate feature which solve the problem with "disappearing OpenID" because we can ensure that OpenID provider will be exists as long as sites where this OpenID is used.
What do You think? Is there any chance to implement this in Drupal provider? After I end implementing Drupal I can try dive in OpenID and help, write some patches. Any feedback are very welcomed.
Greetings from Poland!
Jan Koprowski