So, it sounds like we can do all sorts of cool things if the user defines authentication credentials that are held *by Launchpad*, but if the authentication credentials are held by an arbitrary OpenID provider, all we can do is redirect their browser (HTTP being the lowest common denominator) to the OpenID provider and use the normal OpenID protocol. We can improve on that only by coming up with new standards and getting others to adopt them. Does that sound right? Am I missing something?
So, it sounds like we can do all sorts of cool things if the user defines authentication credentials that are held *by Launchpad*, but if the authentication credentials are held by an arbitrary OpenID provider, all we can do is redirect their browser (HTTP being the lowest common denominator) to the OpenID provider and use the normal OpenID protocol. We can improve on that only by coming up with new standards and getting others to adopt them. Does that sound right? Am I missing something?