As Dare Obasanjo writes, there are a number of things you have to give thought when implementing OpenID on your website.

The real question you’ll have to answer is: how easy do I make it for users to participate on my website and how hard do I make it for spammers to flood my website.

But by delegating authentication to an OpenID provider, your implicitly trusting that provider to do the right thing when authenticating a user. Since, as Tim Bray speculated, there is nothing stopping a provider from “succesfully authenticating” any user URL, you can’t blindly trust any OpenID provider. So depending on the requirements you have for the authentication of your users, you can white-list providers you trust (like HealthVault), or if you’re only worried about bots, you can ask them to solve a Captcha. So the consequence is: since you can’t really trust all OpenID providers, so you force your user to register for a specific one (making their OpenID no longer their single online id) or make them to jump through hoops (by proving they are human).

Does OpenID really make it easier for a user to use your site? Or does it make it easier for you (the developer), since you can drop in a control and think you don’t have worry about authentication.

See also: OpenID is too hard & The problem(s) with OpenID