One thing that i'd like to hear more thoughts on is Open ID in a smart
client enviroment - fundamentally because of the trust mechanism it
uses we have to be redirected to the provider and then redirected back
to the consumer.
However, surely an extensible mechanism should be considered here to
allow trusted Open ID providers to provide authentication? A trusted
open id client could call the web services of an open id provider
directly (or proxied via the owner of the application).
I'd love to be able to add open id to my client app and the general
thoughts around it at the moment are "that's not what it's for/how it
is supposed to work" - which is kinda odd for something the is so
fundamental as an identity solution.
Looking forward to getting involved!
Regards,
Steven
http://livz.ORG