Difference between revisions of "Subject ID"

Revision as of 10:27, 12 September 2018

Full Title or Meme

A Subject ID is a digital Identifier associated with some real-world Entity that has established an interchange on the internet by means of a User Agent.

Context

• Many web sites require users to have a persistent user name which is unique on their site to identify the user.
• As a general rule Web Sites, and as a practical rule Identifier or Attribute Providers require that the pseudonym be unique within their domain; thus the pseudonym@domain.tld will be a valid URI.
• Some providers will reuse Subject IDs once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. A fully compliant implementation would not reuse Subject IDs.

Problems

• Users may wish to have some name that is not associated with their real name when the web site requires a persistent user name.

Solutions

• Users are often asked to use their email address as a local user name since the email address is known to be a URI and hence unique in the internet.
• When the user has an option, they often pick some sort of description name, such as a gamertag in a role playing game, which is tested for uniqueness within the relevant name domain.
• When a user needs to provide some sort of validated attribute for the duration of a session at a web site, a session ID might provide sufficient security to bind the verified attribute for the session duration.

References

1. Synonyms for a Subject ID include User Name, display name, gamertag, nom de guerre, Pseudonym or (on Facebook) Fake Name subject to arbitrary termination.
2. Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an Identifier.