Not to "derail" the open-id idea I think we should support oAuth 100%
and it certainly would help with persistent applications and scalability...
I don't think that's a derail at all. I don't know OAuth that well,
but it
seems to provide the same benefits of OpenID Provider.
Now... going to a 100% Ajax solution for apps... :-) Yeah, I've seen that
used to solve interesting authentication & session problems. But that does
limit the developer pool and range of apps that'll get built. (Witness the
current scarcity of web-based auth-enabled wikimedia apps.)