If I understood well I think that it might be a business decision rather than something developers can chose from.
A security audit shall help developers understand the weekneses of differnet approaches regarding authentication.
Personaly I would outsource identity management only if I would have no other option, and even so I would keep an eye on it.
Microsoft Passport and OAuth sounds good.
But I still believe that a business decision based on security audit shall be able to push things forward through a less risky identity management.
KR,
Iulian