Integrate OpenID with account creation

This could perhaps also be used to overcome security vulnerabilities related to lacking SSL certificate. Many sites would benefit from SSL login (and at account registration), but if they only need it for login, it is often more work and cost than what they are willing to invest.

I imagine the following account registration process:

1. No need to fill in any password: Drupal could generate a strong one that the user does not even need to get or know if choosing to use OpenID as the default login method. Drupal sets a strong one anyway just to secure the account from brute-force login attempts. User enters only email and the URL of the desired OpenID provider (for example: "yahoo.com") (or: clicks on a ready-made Yahoo icon if provided). Then clicks on Create Account.

2. The OpenID feature brings the user to the validation site, validates (user logs in at the OpenID provider's SSL login page), chooses the desired OpenID to use, and is then sent back to the initiating site, which then accepts and creates the user account automatically. It then places the user on a landing page which is not logged in, instructing to confirm his/her email by clicking on a link in an email just sent to the email account.

3. The confirmation email includes the (now) standard one-time login link that in fact does not change the password, but lets the user choose to do so (not required). This email confirmation is important regardless of login method.

Landing on the User page after the email confirmation, the user can then either just start using the site, or choose to for example create a password or add more OpenIDs or any other user account updates.

Additional practical options:

• The site admin could optionally restrict / limit the list of accepted OpenID providers to trusted / known providers that themselves are using SSL for their login.<(/li>
• The site admin could disable the password field in both the user registration form, and the login form. The login form could present one field asking the user to enter either user name, email, or OpenID URL. Could also show icons for selected openID providers as a single-click option without typing anything, then the user is sent to the OpenID site for verification.
• The landing page for standard OpenID logins should perhaps be configurable, either use an argument if passed, or go to the front page, not stopping at the user account page which in those cases is most often not desired.

Bonus: No need for SSL on the Drupal site if it is only the login/registration process that needs that.

FYI - related feature request:
"OpenID-only login with optional provider restrictions"
http://drupal.org/node/955900

I would move this to https://www.drupal.org/project/openid but there is no 8.x version there.

More info:
https://www.drupal.org/node/2116417