I always use the same OpenID provider (Google, with a strong unique pw and 2-factor auth) in every site that supports it, without thinking twice. It's my understanding that, as long as the provider is safe, it doesn't matter if one or more of these sites get compromised, the rest of them will remain safe.
However, one comment in another question put me in doubt:
One part of the issue is that you "lose" control of your users' identities, so you might be exposing your data (...). However, typically a user will use his OpenId for several sites, some of lower security, which might potentially put his identity on the higher-security site at risk. (A question of trust boundaries and attack surface). BUT, if he wants to mix identity between secure- and not-so-much sites, that could be his choice.
I've been reading about user-centric and enterprise-centric identities and some related concepts, but couldn't quite understand how this can happen. Afterall, each Relying Party only trust the OpenID Provider, not necessarily one another. Activity in one of them will not be endorsed by the other, even if it reports it as linked to the same OpenID account. Besides, sensitive info in a RP won't necessarily find its way back to the OP, much less become available to the remaining RPs.
And anyway, a site (or collection of related sites) can create its own "persona" independently of the method of authentication. StackExchange, for instance, have a single network profile that centralizes all actions from the same user across its many sites, and at the same time allows each user to authenticate to the same account through many OpenID providers (if either of the providers are compromised, then of course the user account will be at risk, but not if all providers are safe and some other relying party - linked to any of them - misbehaves).
Am I missing something? Should I use different providers for sites that I care more or less, or is ok to keep using a single one for everything?
P.S. When I first read "I Just Logged In As You" and its followup I thought it was a problem with OpenID, but after a careful reading I understood that the actual problem Jeff faced was password reuse, and other than that his provider account would still be safe. Is that correct, or is there really a possibility that a compromised Relying Party can end up interfering with the OpenID Provider?