The spec is at http://bitbucket.org/openid/ab/
I don't understand how this is all working, but I do notice that the user isn't relaying data anymore. Since private data should've been encrypted in the first place, there's no real loss of letting the user read their redirect string themselves before committing to it (and how many users would even do that?), so I don't see any risks in removing this step from the user's role.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
