Lets take a quick look at how Credit Cards (CCs) work - they are primarily provided by Visa, MasterCard, Discover, AmEx, etc which are issued via various banks. When someone swipes a CC at a merchant location, the information is sent to a authorized payment gateway which further talks to the network (Visa, MasterCard, etc) which the card belongs to for authorization. Today, the security weak points are at merchant locations, payment gateways. Security issues include - loss of CC data, privacy info, Identity fraud and so on.
If we apply the CC analogy to OpenID distributed authentication model, then we may have some similar (to CC data) and some much more security issues. If we assume that we are going to get there, what kinds of laws and protection mechanisms need to be in place to make this a success?