- edited description
Core - Section 8. Need more subject_type
Clients need to know if the identifier is ephemeral or time bound or persistent.
A related issue is filed in FAPI Wg as https://bitbucket.org/openid/fapi/issues/223/need-of-a-customer-unique-immutable
Comments (11)
-
reporter -
For the existing subject types “public” and “pairwise”, we’ve always told RPs that they could use the “iss”, “sub” pair as a durable identifier for the identity. We should explicitly say this.
-
- changed status to open
-
- changed milestone to Errata
-
-
assigned issue to
-
assigned issue to
-
reporter So what is the resolution on it?
Add “ephemeral”, “timebound”, etc.? It is backwards compatible but is not editorial change either I guess.
Agreed on the clarification text about durable-ness when identifier type is “public” and “pairwise”.
-
Adding additional subject types should be done in a new specification. I will add the proposed clarification for the existing subject types as part of the errata edits.
-
reporter So, are you suggesting a mini spec that consists of only one paragraph plus header+footer elements of which the real content is like below?
2. Subject Identifier Types
Subject identifier types are defined in clause 8 of [OIDC]. This document defines a new additional subject identifier type.
ephemeral
This indicates that a differentsub
value will be provided to each visit to a Client, so as not to enable Clients to correlate the End-User's visits to it.
-
reporter Agreement in the call to make it a new document.
Tom is going to open another thicket related to this: metadata to express other properties of
sub
such as what kind of structure, etc. -
reporter - removed milestone
- marked as proposal
- removed component
-
Following on from my comment at the Pacific WG relating to “a-k-a” there is a new claim being added as part of the eKYC&IDA WG specification version 12 see our current master… openid-connect-4-identity-assurance.md
The added claim is defined as follows…
Claim:
also_known_as
Type: string
Description: Stage name, religious name or any other type of alias/pseudonym with which a person is known in a specific context besides its legal name. This must be part of the applicable legislation and thus the trust framework (e.g., be an attribute on the identity card).
I mention this in order that we do not have a name clash
- Log in to comment
Clients need to know if the identifier is ephemeral or time bound or persistent.