I think the main differences are that it uses email addresses instead of an URL (which people don't "get" as being your identity token)
Once it's ready (supporting primary IdP's), the ID doesn't need to be an email address (just an ID with an email-like structure).
and it doesn't give the authorities full power to access your accounts (since the private key for authentication is stored on the browser).
I don't think so. That key is only accepted because it's signed by your IdP, which can just as easily sign another one if the authorities request it.
The main advantages I see are:
- Verifying a login doesn't tell you're IdP who signed in to the site. The site only requests the IdP certificate, not your personal one.
- It's designed for browser support, which is necessary to prevent phishing attacks and improve ease of use. It's hard for your browser to log in to OpenID sites (e.g. the Firefox OpenID plugin(s) fail on several sites which use fancy login UIs).
- Putting more of the logic in the browser simplifies the protocol (although they seem to be adding extra complexities quite fast).