Disclosure: I joined Facebook last Fall. Over a year ago I predicted that they would open up. It's easy as a technologist to think about openness solely in terms of technology, but openness is broader than that. Openness of technology means that others can build using the same tools that you do. Openness of data means that developers can build…
WRAP attempts to simplify the OAuth protocol, primarily by dropping the signatures, and replacing them with a requirement to acquire short lived tokens over SSL. It is not an even trade-off, and the new proposal has a different set of security characteristics, benefits, and shortcomings.
Imagine if your web browser knew who you were on the web. Just as you login to your computer, what if when you fired up your browser, it said "Hello Dave" and asked you to "unlock it" as well. In doing so you become securely logged into your OpenID provider and as you move around the web your browser takes care of automatically logging you into the sites that you want to be, asking you about others, and helping you register with new ones using your OpenID. Argue as much as you want about the details in making this happen, but I think it's hard to disagree that making it easier for people to manage and use their identity (or identities) online is a bad thing.
This morning at Microsoft’s Professional Developers Conference, the Windows Live ID team announced that Windows Live ID will support OpenID 2.0 with a Community Technology Preview today and production support sometime next year.