My Ideal Identity Flow

Eran wrote this up.

Assumptions:
 * The notion of Personas (even if its just one) is available in all OpenID providers (if there is just one, its just you)
 * OpenID providers has a standard, yet to be developed, protocol/API which gives:
 * List of personas (if available)
 * Switch current persona
 * OpenID consumers (sites) will support an the Discovery XRD spec to detect:
 * OpenID end-point
 * Signout end-point (for when I want to switch a persona and make sure I'm signed out from a site with the current persona)

Eventual Result: Have an integrated always knowing identity toolbar that can auto sign me in to sites I've previously used with the OpenID provider. The provider will also associate a specific persona with the site I'm logging into so that when I switch personas, it will automagically log me out of the current site with the current persona and allow me (if I want to) to register with a different persona.

Scenario(s):
 * Open browser and log into the defined OpenID provider
 * Go to a site
 * Identity Toolbar will detect if there is an OpenID end-point (through XRD discovery)
 * If there is an OpenID end point toolbar will query the OpenID provider if I've previously signed up to the that site with the current active persona
 * If I did, based on a preset it will either ask me if I want to sign-in or automagically sign me in by initiating an OpenID login with the openid end-point previously discovered
 * When I switch a persona, the toolbar will request the site to sign-out
 * When I access a sign-up page, the toolbar will detect that this is the sign-up end-point and will perform an OpenID login which, since this is the first time, will act as a registration flow and will try to automatically register me with the details of the current active persona.
 * It would be great to have a "guest" mode, in which when I give my computer to someone to browse it will disable the auto sign-in/up features so that the person currently using my computer won't gain access.

It's a bit messed but that's basically the point I've originally assembled on some paper and transfered here for the summary of IIW :-)

The efforts of the XRD discovery will make this toolbar/features closer to reality. Now we just need to close the OpenID providers standard API/protocol and to have sites support the sign-out end-point :-)