My understanding is that there is no standard library because there is no standard definition of what a user is.

In some of my applications, users simply log in to do stuff. In others, users are part of a company and their permissions and data access are limited by the limits of that company and the subscription level paid for by the company. In other applications, some users are admins with access to everything, some users are admins with access to some data (row level), and other users are the clients of those admins, with access only to their own data. Some users are tied to firms/companies/customers, other users are not. Some users are just a username and password, others are a large object graph with clients, order histories, report preferences, comments, etc.

Maybe I'm wrong and there's some clean way of abstracting all of those requirements into a system that doesn't require five layers of subclassing and a thousand DB hits to log someone in. I haven't found it though.

May I suggest the authentication library that I have written? It is a generic library (not written for or part of a framework): http://ulogin.sourceforge.net

Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?

I don't have deep knowledge of the Zend Framework, but I have used various components (e.g. Zend_Search) without creating a Zend_Application object or using the MVC framework and I am sure the rest of the library is also designed to be totally modular. Last time I dug though the Zend_Session code, I didn't find any includes outside Zend/Session/. A quick google seemed to confirm this for Zend_Auth, along with the Zend FAQ which states:

Is ZF a component library or a framework?
Simple answer: both. Zend Framework provides all the components required for most web applications in a single distribution. But Zend Framework components are also loosely coupled, making it easy to use just a few components in a web application- even alongside other frameworks! Using this use-at-will architecture, we are implementing features commonly found in more monolithic frameworks. In fact, we are currently working on a tooling component for the 1.8 release that will make it simpler to build applications using ZF components, yet will not sacrifice the use-at-will nature of existing ZF components. It's a testament to the use-at-will architecture of Zend Framework that the tooling component itself can be used standalone.

The only thing I had to do when not using Zend_Search with the MVC framework was add the directory where you installed the Zend Framework to the include path due to the includes in the Zend library. The documentation doesn't document the includes you need when not using the Zend Autoloader, but as everything uses the PEAR class naming scheme, it is easy to deduce from the class names you are using. (so the class Foo_Bar_File would require you to include Foo/Bar/File.php )

There are several OpenID libraries available.

http://wiki.openid.net/Libraries#php

For the rest you might as well roll your own, since figuring out someone else's library would probably be more trouble than it's worth.