Difference between revisions of "Subject ID"
From MgmtWiki
(→Context) |
(→References) |
||
| Line 14: | Line 14: | ||
==References== | ==References== | ||
| − | # Synonyms for a [[Subject ID]] include [[User Name]], display name, gamertag, nom de guerre, [[Pseudonym]] or (on Facebook) | + | # Synonyms for a [[Subject ID]] include [[User Name]], display name, gamertag, nom de guerre, [[Pseudonym]], [[URI]] or (on Facebook) Name subject to arbitrary termination. |
# Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an [[Identifier]]. | # Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an [[Identifier]]. | ||
Revision as of 10:41, 12 September 2018
Full Title or Meme
A Subject ID is a digital Identifier associated with some real-world Entity that has established an interchange on the internet by means of a User Agent.
Context
- Some providers will reuse Subject IDs once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. A fully compliant implementation would not reuse Subject IDs.
- There is a draft RFC on Subject IDs for use in Security Event Tokens Subject Identifiers for Security Event Tokens.
Problems
Solutions
- Users are often asked to use their email address or cell phone number as a local user name since the email address and phone number with country code (+1 in North America) are known to be a URI and hence unique in that context. Reuse of email and phone numbers could be an issue.
References
- Synonyms for a Subject ID include User Name, display name, gamertag, nom de guerre, Pseudonym, URI or (on Facebook) Name subject to arbitrary termination.
- Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an Identifier.
