There is Authentication and there is authorization. Does this scheme limit access to some "class" of users without knowing their identities? If it does, how do you gain access without the openid provider knowing their identity?