1. Isn't OpenID susceptible to MITM between OP and RP? 2. Is XMPP sufficiently secure? Will requesting the user to simply reply with '1' (rather than follow a link) do? Regards, Dmitry =damnian