Since Tom mentioned "smart tokens" maybe somebody more versed in OpenID than me could provide me with a pointer to the relevant specification? It is obviously not here: http://openid.net/specs/openid-connect-core-1_0.html Anders