The short version: Can I use an OpenID (or other similar) provider behind the scenes to create "local accounts" on my web site?
The details: I'm working on a site that requires the user to log in. I plan to support logins via several OpenID providers. However, even though we technical people know that actual credentials are not shared with a relying party site, some users are nevertheless reluctant to use their third-party credentials in this way. That means that in actual practice, most sites that offer an OpenID login also offer the option to create a local account specific to that site.
But this puts me back in the situation of having to create the infrastructure to securely handle passwords, password resets, etc, etc, etc -- the very situation that OpenID tries to save me from.
It would be great if I could create an account on behalf of my users at some OpenID provider when they choose to create a local account on my site instead of signing in with an existing OpenID account. Then I would just store the same kind of data that I store for Google and Twitter accounts.
Are there providers that work in this way? Is this a dumb idea? Your thoughts would be greatly appreciated.
