OpenID

[Nibbles]

Let me ask, What would the purpose of OpenID here?
I use OpenID in quite a few different applications, it is very clearly targeted towards the sites that just need quick and simple authentication without the hassle of registering users. For those sorts of small sites where you just need to prove you are the same person that you were last time, like blog comments or many Wikis, it is perfect.
There is nothing wrong with using it on a large site like this, but it would be awkward I think, you still have to have a username associated with your post, which means you have your password too. If the OpenID provider goes down, your entire account is inaccessible if you have no other way to log in.
It might be a good way to log in needing to remember one less password, or more securely with two-factor authentication if you are paranoid like that, so it isn't a bad thing either. The makers of OpenID might disagree, but for a large community like this I do not believe you should be able to post with nothing more then your OpenID URL, some form of extra registration should be required (I don't think anyone meant that though?).

As for CAPTCHAs, what prevents you from requiring a CAPTCHA before the new user is created in the database?

How OpenID might be integrated into a BB like this would be that you can log in with the OpenID. If the OpenID exists in the database, it retrieves the corresponding user ID and logs you in. If the user does not exist, it brings you to an account creation page with your name, email, etc already filled out, verify you are human, and create the account and UID. The OpenID is mapped to your UID automatically. Now you can login with whatever provider you feel safe with, anywhere from Anonymous OpenID to with your private key/client SSL cert (what I use) to biometric two-factor authentication.

With OpenID is is important to allow multiple URLs to link to the same account if there is anything more then a blog comment, unlike individually registered accounts, you are stuck if your OpenID provider goes down your account does not (and vice versa). All OpenID enabled sites need a way to link a new URL to your account without logging in, similar to a "forgot your password?" link.