[steven_h]

I think that this isn't really a problem if you remember that your users will forget which Open ID they used and if you allow them to use all their Open IDs, bad things will happen.

When I implemented Open ID the last time I used their OpenID identifier and then had their e-mail tied to that account, you had to have an e-mail so if your OpenID didn't supply an e-mail then the web app asked for one. If you tried to log in with a different OpenID and used the same e-mail, it would tell you that you already have an account.

This doesn't solve the problem 100% but it helps, you just have to design your applications assuming that you wil be the smartest person to use your application.