@mxstbr The idea of putting keys on your site fits the #IndieWeb spirit very well, I invite you to present it on @indiewebcamp IRC and wiki.
WeChat ID
aaronpk_tv
I think this is cool β Working on a version of the IndiePub plugin for @withknown that does its own authorization
So I thought, this morning, "I'll add a gem to http://manabasecrafter.com to act as an OpenID server." But all the gems are obsolete. Then I thought "Didn't I use something called MyOpenID at one point?" They've closed. Then I thought "Didn't Google offer one?" They discontinued it last month. Then I thought "I'll do it the dumb way and just use the WordPress plugin that does it on a dummy site." That plugin is no longer supported and incompatible with the current version of WordPress. Then I thought "I'll try it in raw PHP." There is apparently one working library, and all they offer is an example server "to give you an idea of how to write your own implementation."
To prevent this kind of attack we need to: limit the number of login attempts, ban IPs that send a large number of login requests