[OpenID] Widgets and other aggregation

[SitG Admin]

>Any other RP's (like the Bank RP) would require MultiAuth, 
>preventing the OP from getting bank info without the user's consent.

Making it more difficult; requiring collaboration, and (if it came to 
legal action) even conspiracy ;)

I'm still thinking about the implications of adding anything to the 
OpenID exchange, even if done within AX instead of enshrining within 
the spec; default as "these requests may be done on behalf of the 
user" versus "we make a legal pledge that these requests will not 
accompany actions unless the actual user is authenticating", 
political enforcement and tracking of whether given OP's are 
following the standard, x=TRUE versus x=FALSE versus x= not even 
included, and then there are useability complications (depending on 
what the perspective is) that may serve as a barrier to adoption . . 
. donning my RP hat I want OP's to make it clear to me what they are 
doing, one way or another, so I can either reply with the raw data 
(relieving an OP the burden of having to filter out *my* formatting) 
or send an HTML-formatted page (assuming "end-user"), but from an 
OP's perspective I can see where this kind of discrimination could be 
abused and there might be a desire to avoid this kind of abuse.

-Shade