dmv wrote:
If I understand it, you generate an image request that points to my openid authentication service. In the process of serving that request, I authenticate with my authentication server -- if I have a logged in cookie, this is transparent. You may now query my authentication service about the session tag that you generated and I authenticated to, and it can provide you with details of my account.

Before I argue why that doesn't work, can you confirm that that is what you mean?

Yes, thats what I mean. I realize that this would require a centralized openID server rather then a distributed model. This design was very much shot from the hip. I'm just trying to think about different ways that this might work. It would be cool if there was a way to do this without authenticating every time that didn't require a central server, but nothing is coming to me right now. I'll need to think about it.

That seems like a worthy project. But I don't see that they need to be tied; or at least, yours seems like a secondary benefit that could be a simple extension.

I agree.

I'm not sure how much of an advantage you could derive from it regarding registration, as I claim that the bulk of that is still for client tracking.

The advantage would be that I wouldn't have to validate your email. I validate the certificate instead of sending you an email you have to click on. If I trust the certificate authority its just as good, and less hassle.

RE: news: OpenID support