authzen icon indicating copy to clipboard operation
authzen copied to clipboard
verified publisher icon openid

specify type for subjects

Open tr33 opened this issue 2 years ago • 1 comments

Ref "Subjects" contains definition for subject entity with a mandatory "id" attribute. There is no definition of a subject type - contrary to "resource", which has a mandatory type.

In practice, an entity (object) may be referenced in both roles, sometimes as a subject, sometimes as a resource - depending on the context. recommendation: describe "subject" and "resource" the same with both mandatory "id" and "type" attributes.

Change: A Subject is a JSON ({{RFC8259}}) object that has the following fields:

id: : OPTIONAL. A field, whose value is of type string, which uniquely identifies the user within the scope of a PEP. This identifier could be an email address, or it might be an internal identifier such as a UUID or employee ID.

type: : OPTIONAL. The type of the subject. Its value is a string that specifies the type of the subject

tr33 avatar Nov 06 '23 13:11 tr33

see previous comment... I'd rather suggest id to be mandatory, any String, + add any attributes as needed, at the discretion of the implementers... Or else, then provide a list of attributes that would make sense for several types of subjects: humans, IoT, Services.

baboulebou avatar Nov 07 '23 01:11 baboulebou