This looks like a good step forward. Can you set up id.mayfirst.org as an HTTPS server, though? Given that members will be using their official mayfirst credentials, it would be ill-advised to make this non-secure.

I recognize that we may run into some interesting failures due to certificate authorities, but i'd rather see those failures than to encourage more cleartext password transmissions.

Your choice of URL seems reasonable to me, btw. The alternative would require some sort of wildcarded TLS certificate, and it also would limit people whose user accounts collide with currently-allocated names. You can resolve the latter problem by using https://*.id.mayfirst.org/, but that still requires the wildcarded TLS cert.

--dkg

This is now done. http://id.mayfirst.org no longer works. The new URL is https://id.mayfirst.org/username.

--jamie

I posted to the openid list and received assurance that our URL scheme is a good one (see thread).

--jamie