Does an OpenID provider need to create his own database or can he use multiple databases(for example when the user creates an OpenID, the user,pass,email are provided from one of those databases). I wouldn't like to create another database containing the info from the others , I would like to write in them the ids and probably some flags that show me when the user is logged or not. To be clear, I have a webmail application and a music download application. When the user is logged into webmail he should only provide the OpenId to the music download application and then should be logged in. If he's not logged in the mail application he should be redirected to the provider (I am using Community ID 1.2.1 written in PHP) where he should provide the user and password from the mail database.
Another question, related to the first: if a user changes his password in one of those databases after he has created an OpenID the id remains usable, right?