I'm currently using the OpenID Single Sign On with provider and client and with modules for syncing user profiles. Here's a patch I submitted to sync user profile pictures: http://drupal.org/node/1196160#comment-5003986. I think overall this solution works quite well, though could still use some work.
What sort of issues are people having / working on?
A couple issues I'm working on:
Syncing User Membership across sites
1.) how to sync both the creation and updating of group nodes (since my sites are using modified Atrium sites) between the hub and subsites and
2.) how to sync user membership in those groups (for this I'm imagining using the same method as open_cp_profile)
Reversing the Login Process Some:
What I'm trying to think and work on is the moment when you want to direct a user from the Hub site to the Relying site (for example to a specific group they are a member or to a create content page), but they need to already be logged in on the relying for this to work.
So what I'd like to do is have a way to login users from the hub site. Thoughts?