Incredibly, I could not find a concise description of how it works which was very frustrating:<p>1. You want to log to site X.<p>2. Instead of signing up, you enter <a href="http://myuri" rel="nofollow">http://myuri</a> which has a a text entry that points to site Y as your open id provider.<p>3. Site X asks you to log into site Y and lets you log in once site X gets an OK from site Y that you've logged in.
What OpenID needs is:<p>1> a fix for phishing, probably involving browser support for OpenID, so it reads the request for OpenID off the page, like browsers now pick up the option of having an RSS feed, and processes it specially<p>2> Time.