I don't know that we need user_id in the JWT spec it may be enough to have it as a OIDC extension if it is not globally useful.
I agree that the definition of prn should be more specific. On 2012-11-26, at 3:56 PM, Torsten Lodderstedt <[email protected]> wrote: > Hi John, > > does it make sense to change the spec as follows: > > - specify the prn claim as being globally unqiue > - add user_id as scoped by iss claim > > What do you think? > > regards, > Torsten. > > Am 26.11.2012 19:51, schrieb John Bradley: >> A user_id is scoped to a iss. >> >> There is some notion that a prn is globally unique, though the JWT spec is >> not clear on that. I think people are thinking of it like a UPN in LDAP/AD. >> >> John B. >> On 2012-11-26, at 3:46 PM, Torsten Lodderstedt <[email protected]> >> wrote: >> >>> Hi John >>> >>> thanks for the explanatian. Just to make sure I got you right. A prn can be >>> a user_id. A prn is bound to the scope of an iss. >>> >>> Regards, >>> Torsten. >>> >>> >>> >>> John Bradley <[email protected]> schrieb: >>> JWT is more generic than OIDC. >>> >>> prn and user_id as used by OIDC are similar. user_id is already in wide >>> use with Facebook's signed request. >>> We were hoping that Facebook would be more likely to migrate from signed >>> request to JWT if the parameter names stayed the same for developers. >>> >>> In the generic case of a JWT the prn may not be a user. >>> >>> The other discussion that I recall around prn was a notion that they are >>> fully qualified and globally unique. >>> >>> We wanted to be clear with user_id that it is scoped to the iss and not >>> globally unique. >>> >>> So a prn was seen as a User Principal name and the user_id was seen as a >>> persistent non reassignable identifier for the user in the context of the >>> iss. >>> >>> John B. >>> >>> >>> On 2012-11-24, at 3:47 PM, Torsten Lodderstedt <[email protected]> >>> wrote: >>> >>> Hi, >>> >>> I've got a few comments on your draft. >>> >>> I’m wondering why neither acr nor auth_time (which are used in OIDC) made >>> their way into this spec? >>> >>> What is the difference between prn and the user_id claim OIDC uses? >>> >>> regards, >>> Torsten. >>> >>> >> >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
