[OpenID] hidden iframes to test whether OP is up

[SitG Admin]

>To use a hidden iframe at the RP to attempt the checkid_immediate 
>could result in something like the Facebook auto-login experience 
>where the user sees the Facebook login page for a few seconds and 
>then is automatically dragged into his account, which met with some 
>"what the heck just happened?" questions from users.

It would be nice if the top-level page could detect whether the 
framed page had been accessed successfully or not, and then respond 
to it by informing the user and, if necessary, asking what to do 
next. Would the document.domain setting allow for this?
http://www.dyn-web.com/tutorials/iframes/
But then we don't want to send the user to *log in* at their OP right 
away, since their OP probably doesn't want to let arbitrary RP's see 
the page they're presenting to a known user; still, we don't need to, 
as we can redirect them that way *after* they've confirmed that they 
can *see* the OP. So, perhaps a page at the OP that ignores any 
identifying information the user may send along with a request, and 
is able to set document.domain for the purpose of letting RP's see 
that the user can indeed *visit* that OP?

-Shade