I generally have two separate logins for any system on which I serve as administrator: one for routine activities (writing and editing posts) that has minimal author rights and another that has full administrative rights.

In any case, I have already hand-built some OpenID redirection pages that do what I need, so I probably won’t use the redirection features.

Regarding WordPress as an OpenID provider - there is definitely a use case for it. When I was first playing with OpenID I wanted to be my own provider if only to try to minimize the parts I was using. I’d just hate to have someone use this to authenticate their bank account.

- I’ve not tested SSL specifically in the new release, but I’m using FORCE_SSL_LOGIN with it successfully, so it appears to be working. I’ll make sure and test FORCE_SSL_ADMIN as well.

- I didn’t create the “/author/” convention, that’s built in to WordPress. You can change it with a small amount of code though - see this post.

- Could you clarify your concern about “owner delegation” and being “stuck with only one user ID”. Are you referring to the fact that you can only delegate to a single OpenID, rather than having multiple delegates, in case one fails?

- I agree that using WordPress as a standalone OpenID provider is probably not the best idea. Perhaps I’ll put some stronger language in there explaining why it’s dangerous. Nonetheless, I can’t deny that there is a use-case for it, and as you said all the pieces were basically in place. However, I have no intentions of going out of my way to make it a fully-featured provider (audit log, multiple personas, etc), given that I think it’s a bad idea anyway.