An identity provider is somebody that you can sign in with, whether by providing a username and password, a client certificate, a smart card, a fingerprint, a retinal scan, or whatever other means for identification works for them and you.
Once you pass their test, whatever it is, they can then, via the magic of protocols like OpenID, certify to us that you have indeed done so, and since we've decided we're willing to take their word for it (at least on some things), we can go from there.
We hate managing passwords and you hate having to remember them all, especially for random websites like this that you may not use very often. Also if we manage passwords, then we become a target for nefarious people who like to collect other people's passwords; we'd rather they go elsewhere, so...
With protocols like OpenID this all becomes Somebody Else's Problem, and we just piggyback off of a password that you're already using for multiple Other Things, and are thus more likely to remember (and also more likely to be careful with).
Chances are, you already have an account with one of the providers we support; if it's one you use really often (e.g., if it's where you read your email every day, like Google/Gmail, Yahoo, AOL) that would be a good choice.
Then you can pick a provider, any one of the ones we list, create a fresh account there, and not use it for anything else. There will be, however, two complications to consider:
For a particularly bare-bones identity without any the baggage that social-media companies like to attach to their accounts, you can create an ActionID. ActionID is a provider run by NGP-VAN, the same company that produces Votebuilder and NGP, which also both accept ActionID, meaning if you use ActionID to sign-in here, you can arrange for the same ID to access this site, Votebuilder and NGP.
No. You only need to pick one to get started. If you have other provider accounts you can add them later. In fact, you'll probably want to have at least two, just in case Something Bad happens at your first provider (e.g., you forget your password and their recovery procedure doesn't work, or they get annoyed at you for some reason and unceremoniously cancel your account out from under you, or they just Become Evil and you want nothing to do with them any more. Stuff happens...).
GMail, Blogger, and YouTube are all run by Google and use the same userids. Just sign in with Google.
These are all Microsoft services and they likewise all share the same account IDs. Just sign in with Microsoft.
These use OAuth 1.0, the original version of OAuth which has been superceded by OAuth 2.0 and is thus technically obsolete, but still works for what it was designed to do. Thus far, we have not yet implemented an OAuth 1.0 interface, but we could …
If you have some other provider that you use, let us know and we can think about adding it.
No, because with OpenID, we don't get to see your password, only the provider does. All we get is the certificate from the provider, which is specific to our site and thus won't be recognized by anyone else (and is thus useless for getting into anywhere else).
First of all, nobody said you have to use the same password for everything; see next question. It's up to you how you want to compartmentalize things (e.g., you can have a provider for all of your Democratic Party stuff, another for your bank accounts, another for your p0rn sites, and so on...)
Secondly, a password you don't use very much is one you'll tend to forget, so you write it on a post-it note and stick it to the screen. And then somebody comes by, reads it, and gets into your stuff. Contrast this with a password that you use all the time, therefore have no trouble remembering, so it doesn't need to go on a post-it note; and because you're using it for lots of things, you'll be a lot more careful with it, and so it's actually much less likely to be revealed.
It's a bit of a paradox, but security is like that.
They're all protocols, ways of structuring a conversation between computers to accomplish a particular purpose. It's probably best to think of OpenID Connect as OpenID 3.0, since it is intended to supercede OpenID 2.0, even if it is radically different under the hood.
OAuth is a general framework for authorization which can be adapted to establish identity the way OpenID (1.0/2.0) does. Openid Connect is a particular adaptation, the protocols used by Microsoft and Facebook are similar but slightly different adaptations.