Difference between revisions of "Subject ID"
From MgmtWiki
(→Context) |
(→Context) |
||
| Line 5: | Line 5: | ||
* Some providers will reuse [[Subject ID]]s once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. A fully compliant implementation would not reuse [[Subject ID]]s. | * Some providers will reuse [[Subject ID]]s once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. A fully compliant implementation would not reuse [[Subject ID]]s. | ||
| + | * There is a draft RFC on [[Subject ID]]s for use in [[Secure Event Token]]s [https://tools.ietf.org/html/draft-ietf-secevent-subject-identifiers Subject Identifiers for Security Event Tokens]. | ||
==Problems== | ==Problems== | ||
Revision as of 10:38, 12 September 2018
Full Title or Meme
A Subject ID is a digital Identifier associated with some real-world Entity that has established an interchange on the internet by means of a User Agent.
Context
- Some providers will reuse Subject IDs once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. A fully compliant implementation would not reuse Subject IDs.
- There is a draft RFC on Subject IDs for use in Secure Event Tokens Subject Identifiers for Security Event Tokens.
Problems
Solutions
- Users are often asked to use their email address or cell phone number as a local user name since the email address and phone number with country code (+1 in North America) are known to be a URI and hence unique in that context. Reuse of email and phone numbers could be an issue.
References
- Synonyms for a Subject ID include User Name, display name, gamertag, nom de guerre, Pseudonym or (on Facebook) Fake Name subject to arbitrary termination.
- Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an Identifier.
