openid / connect / issues / #1096 - Core - Section 8. Need more subject_type — Bitbucket

Issue #1096 open

Nat Sakimura created an issue 2019-06-06

Clients need to know if the identifier is ephemeral or time bound or persistent.

A related issue is filed in FAPI Wg as https://bitbucket.org/openid/fapi/issues/223/need-of-a-customer-unique-immutable

Comments (11)

Nat Sakimura reporter
- edited description
Clients need to know if the identifier is ephemeral or time bound or persistent.
- 2019-06-06T14:32:20+00:00
Michael Jones
For the existing subject types “public” and “pairwise”, we’ve always told RPs that they could use the “iss”, “sub” pair as a durable identifier for the identity. We should explicitly say this.
- 2019-06-06T14:45:04+00:00
Michael Jones
- changed status to open
- 2020-02-13T16:04:53+00:00
Michael Jones
- changed milestone to Errata
- 2020-02-13T16:05:24+00:00
Michael Jones
- assigned issue to
  
  Michael Jones
- 2020-02-13T16:06:27+00:00
Nat Sakimura reporter
So what is the resolution on it?

Add “ephemeral”, “timebound”, etc.? It is backwards compatible but is not editorial change either I guess.

Agreed on the clarification text about durable-ness when identifier type is “public” and “pairwise”.
- 2020-06-04T00:34:48+00:00
Michael Jones
Adding additional subject types should be done in a new specification. I will add the proposed clarification for the existing subject types as part of the errata edits.
- 2020-08-07T19:29:20+00:00
Nat Sakimura reporter
So, are you suggesting a mini spec that consists of only one paragraph plus header+footer elements of which the real content is like below?

2. Subject Identifier Types

Subject identifier types are defined in clause 8 of [OIDC]. This document defines a new additional subject identifier type.

ephemeral
This indicates that a different sub value will be provided to each visit to a Client, so as not to enable Clients to correlate the End-User's visits to it.

‌

‌

‌
- 2020-11-09T06:36:06+00:00
Nat Sakimura reporter
Agreement in the call to make it a new document.

Tom is going to open another thicket related to this: metadata to express other properties of sub such as what kind of structure, etc.
- 2020-11-17T00:09:24+00:00
Nat Sakimura reporter
- removed milestone
- marked as proposal
- removed component
- 2020-11-17T00:10:25+00:00
Mark Haine
Following on from my comment at the Pacific WG relating to “a-k-a” there is a new claim being added as part of the eKYC&IDA WG specification version 12 see our current master… openid-connect-4-identity-assurance.md

The added claim is defined as follows…

Claim: also_known_as

Type: string

Description: Stage name, religious name or any other type of alias/pseudonym with which a person is known in a specific context besides its legal name. This must be part of the applicable legislation and thus the trust framework (e.g., be an attribute on the identity card).

I mention this in order that we do not have a name clash
- 2020-11-17T21:00:17+00:00
Log in to comment

Assignee: Michael Jones

Type: proposal

Priority: major

Status: open

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!