Excellent question and I'm sure there will be more of these coming as emerging ecommerce markets are entering their consolidation stage.
So, let me express first and foremost, that the intial synchronization process I'd never trust to a plugin alone. This should be monitored closely and be prepared for several iterations dealing with anomolies.
Secondly I recommend against using a synchronization between 2 indenpendently operating stores/websites, for the following reasons:
- A bug in one of the stores has a high change to trigger the same bug or side-effects in the other store(s).
- Decoupling is almost impossible and will leave residue.
- It does not scale - in fact it scales detrimental: a third store must now be compatible with 2 others, the fourth with 3 etc.
Now, since you also want Single Sign On we can strike two birds with one stone - or maybe 3 even:
- Solve the single sign on by leveraging social logins. There are a bunch of extensions out there dealing with them. Pick one from reputable developers and offer also the social login that may be a niche world-wide but very well represented in the community your shops aim for.
- Keep stores loosely coupled by keeping the SSO information in a separate entity, which is used to mix and match. In addition you can build your own to complement the services and will not be dependent on one or more social networks.
- Synchronization now has become trivial as it only needs to provide the information necessary for finding and verifying the login credentials, which means other applications may be hooked up to it.
Depending on the implementation platform you use, data can be made available locally and replicated. I would pick LDAP for this as it's replicatioin is fast and simple to setup and naturally fits the customer model
