[OpenID] popup protocol UX? Re: FB Connect, OpenID and UX

[Allen Tom]

Dirk Balfanz wrote:
>
>
> Actually, I take that back - within the last week the behavior has 
> apparently been unified to always pop up a browser window.
>
The approval screen can show up in a lightbox if the user is already 
signed into FB. Not sure if this matters, but a malicious 3rd party site 
can probably auto-approve itself using clickjacking gymnastics to click 
on the connect button.

Allen