Building identity on top of OAuth 2.0? (TAKE 2)

[SitG Admin]

>The spec is at http://bitbucket.org/openid/ab/

I don't understand how this is all working, but I do notice that the 
user isn't relaying data anymore. Since private data should've been 
encrypted in the first place, there's no real loss of letting the 
user read their redirect string themselves before committing to it 
(and how many users would even do that?), so I don't see any risks in 
removing this step from the user's role.

-Shade