New since v2.0 beta 1:
- Providers can send unsolicited assertions
- Providers can detect and respond to directed identity (identifier_select) requests from relying parties.
- Completely stateless relying party support (not even requiring application state — we already had session-less)
- More Association members exposed to allow for serialized custom store support (for db-backends)
- Better signing security (64-byte key instead of 20-byte key)
- Added ImmediateMode property to OpenIdTextBox and OpenIdLogin controls.
- New OpenIdMobileTextBox control
- Several new samples (2 sites, several more pages) to demonstrate mobile controls, immediate mode, and custom stores.
- Exposed application memory stores for RPs and OPs so you can customize more without implementing your own store.
- Lots of new tests to verify correct behavior.
- Lots of little bug fixes.
There are a couple of minor breaking changes that will result in a compile-time error if you happen to use those features from v2 beta 1 or v1, but correcting the errors are trivial.