<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>I think the img tag is the best solution. That way, the end user can know if they were logged into a site or not. If the image shows up, they logged in. Also, there's better support for mobile browsers, and a bit more defense against fishing type attacks (the end user could choose their image.)</div><div>-Brett</div><br><div><div>On Feb 18, 2008, at 1:03 PM, John Ehn wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Well, with some tweaking elsewhere. Hidden iframes are the smoothest way to do it.<br><br> <div><span class="gmail_quote">On 2/18/08, <b class="gmail_sendername">John Ehn</b> <<a href="mailto:john@extremeswank.com">john@extremeswank.com</a>> wrote:</span> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">It was just an example. In theory, you could do it with an IMG or OBJECT tag. <div><span class="e" id="q_1182e599d955bafb_1"><br><br> <div><span class="gmail_quote">On 2/18/08, <b class="gmail_sendername">SignpostMarv Martin</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:signpostmarv.martin@slopenid.net" target="_blank">signpostmarv.martin@slopenid.net</a>> wrote:</span> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">John Ehn wrote:<br>> 5. Each site's iframe performs regular OpenID authentication using<br>> the identity info already cached by the AX update receiver.<br> ><br>Doable without iframes ?<br></blockquote></div><br></span></div></blockquote></div><br> _______________________________________________<br>specs mailing list<br><a href="mailto:specs@openid.net">specs@openid.net</a><br>http://openid.net/mailman/listinfo/specs<br></blockquote></div><br></body></html>