Interesting 'hear'. But one piece confused me. In describing the sequence by which a user would use their voice authentication to OpenID into LiveJournal, Avery said the following:
So, to LiveJournal, it thinks that you just went to any standard OpenID implementationTying in Strong Authn to SSO is great - the two pieces complement each other perfectly. Strong Auth gives SSO 'something to do' and provides value to the RP beyond convenience to the end users, and SSO makes Strong Authn practical and cost-effective.
it doesn't know that, instead of just putting in your log-in and your password, that you were actually going through and authenticating yourself by voice.
But this only works if the value of the strong authentication can flow to the RPs - this implying that the RP knows that the user actually used something beyond a password to log-in to the IDP. But, OpenID doesn't support anything to allow the IDP to make this distinction (nothing comparable to SAML's Authentication Context).
With OpenID as it is (or AFAIK expected to be in OpenID 2.0), the RP would be unable to provide a voice-authenticated user any different level of service than a password-authenticated user - this because the IDP isn't able to indicate to the RP that something different happened. The value of the strong authentication effectively disappears at the door. So, why would the RP bother?