Francis: sending openid.sreg values to other sites is where we should aim. What we need to implement before doing that is allowing the user to select which items they wish to reveal to the RP (handing out the user's email address to every site that wants the user to authenticate would be bad).
Once that is implemented, we should remove many of the restrictions on that code.
Francis: sending openid.sreg values to other sites is where we should aim. What we need to implement before doing that is allowing the user to select which items they wish to reveal to the RP (handing out the user's email address to every site that wants the user to authenticate would be bad).
Once that is implemented, we should remove many of the restrictions on that code.