I think Diva's point was that when using rich client we can collect the credentials with a dialog and post them to openid. On http level we can do the same tricks but we don't need necessarily switch to web browser but we can stay inside the viewer. -tommi