Subject ID

From MgmtWiki
Revision as of 10:41, 12 September 2018 by Tom (talk | contribs) (References)

Jump to: navigation, search

Full Title or Meme

A Subject ID is a digital Identifier associated with some real-world Entity that has established an interchange on the internet by means of a User Agent.

Context

  • Some providers will reuse Subject IDs once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. A fully compliant implementation would not reuse Subject IDs.
  • There is a draft RFC on Subject IDs for use in Security Event Tokens Subject Identifiers for Security Event Tokens.

Problems

Solutions

  • Users are often asked to use their email address or cell phone number as a local user name since the email address and phone number with country code (+1 in North America) are known to be a URI and hence unique in that context. Reuse of email and phone numbers could be an issue.

References

  1. Synonyms for a Subject ID include User Name, display name, gamertag, nom de guerre, Pseudonym, URI or (on Facebook) Name subject to arbitrary termination.
  2. Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an Identifier.