[OpenID] Graphical UIs

[Nate Klingenstein]

George,

> In the case of OAuth, some level of out-of-band establishment is  
> required anyway. If when requesting an OAuth Consumer token and  
> secret, I can also present the resources to be displayed during  
> authentication, then I have a mechanism of establishing the trust  
> necessary to "safely" provide greater UI customizations.
>
> Note that this doesn't preclude RPs from using the OP at any time.  
> It's just if there isn't any trust the user at the RP will see the  
> standard OP UI rather than a customized one (because the OP doesn't  
> have any "trust" with the RP).

I think this is all consistent with what I wrote.  My concern is that  
the requirement for bilateral trust establishment, which is one of  
those N(N-1)/2 kinds of problems.  That's clearly unfeasible in our  
deployment environments, though it may be a more reasonable multiplier  
in yours.  This is where I continue to see a strong roll for other  
trust establishment techniques.

Also, the reliance on OAuth would mean that such a trust solution  
would not be available to those using OpenID alone.

I really think we need a more cohesive solution for OpenID trust  
establishment.
Nate.