If I understood well I think that it might be a business decision rather than something developers can chose from.

A security audit shall help developers understand the weekneses of differnet approaches regarding authentication.

Personaly I would outsource identity management only if I would have no other option, and even so I would keep an eye on it.

Microsoft Passport and OAuth sounds good.

But I still believe that a business decision based on security audit shall be able to push things forward through a less risky identity management.

KR,

Iulian