An error occurred while saving the comment=rabbit commented
It's a demo OpenID. You could easily deny access to other websites. The user could be instructed that the OpenID is for demo purposes only and can only work at demo1.com, demo2.com, etc. You also wouldn't have to delete the account. If the user tries to login to another site, the user would be halted with a "Hey! This is only a demo but you're getting the idea!" sort of message.
That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.
There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.