OIC does not need to implement all of AX - for example the AX update interface is not widely implemented (most implementers only implement SREG functionalty)
OIC should be closer aligned with Portable Contacts
Dirk Balfanz and Brian Eaton have circulated a new OAuth2 signature proposal. A thorough security review is needed for the OAuth2 user agent flow and the use of signatures to validate identity assertions.
Existing implementers of OpenID 2.0 must be able to provide a seamless upgrade path for existing users. Existing OpenID 2.0 userids should be returned via OIC assertions, so that RPs do not need to authenticate returning users twice to link legacy OpenID 2.0 identifiers with new identifiers.
user/realm specific checkid_immediate settings - existing OpenID 2.0 users who have enabled checkid_immediate for their account for a particular realm should have that preference automatically honored for OIC requests.
realm specific PPIDs should be automatically migrated to OIC