Scope of subject identifiers #75
Assignees
Comments
|
Having reflected on that, I believe sub_ids should be scoped to the AS (but I don't see the value of changing the label). There's no way GNAP can impose a global identifier even if that existed, and there's even value for GNAP to be able to provide portability between identity systems #171 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
§3.4 Returning User Information: Editor's note:
Subject identifiers here are naturally scoped to the AS; even though using an external identifier like an email address or phone number implies a global namespace in use, the association of that identifier to the current user is still under the view of the AS. Would changing the name to "as_sub_ids" or "local_sub_ids" help convey that point? Would it also be desirable to have an identifier that's globally unique by design? The "iss_sub" type almost gets us there by explicitly calling out the issuer URL, but tuples are hard to deal with in practice and so tend to get ignored in practice in the OIDC space.
The text was updated successfully, but these errors were encountered: