Interesting. Sounds similar to what passport tried to do. But ofcourse your internet identity would be owned by Microsoft in passport and that wouldn't work. One thing I couldn't find in the application protocol flow is assertion propagation across web sites. This is so that say you logged in with OpenID mechanism on one site (abc.com), you wouldn't be challenged on another site (xyz.com) in the same web session View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012253#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...