OpenID [OpenID] MAY be supported. If supported, OpenID 2.0 MUST be used as earlier versions have known security flaws.
It should be noted that OpenID's globally unique identifier model does not provide privacy protection.
We have not validated whether it is possible to implement TAS3 architecture using OpenID. One specific point of uncertainty is passing the IM bootstrap token at SSO time. No native OpenID mechanism is known to exist (standardized; ad-hoc approaches are known). One suggestion, applicable to the RESTful binding would be to use OAUTH.