I’ve been reading a lot about OAuth, OpenID and how to integrate these which actually seems fairly easy and more or less a requirement for shared APIs in general but the more I’ve read the less I feel I understand where the boundaries of each tech start and finish. I’m still confused about how to provide a ‘Default’ login mechanism that doesn’t use any 3rd party elements.
OpenID will let users use another account on someone else’s system to login to my site whilst OAuth will allow safely exposing my services to 3rd parties without proliferating passwords around this I get and really like the idea of but what if someone comes to the site and they don’t have an OpenID and they aren’t a 3rd party app?
Is the default fallback tech still FormsAuthentication? Or is it possible / sensible to become an OpenID provider?