sharedsignals icon indicating copy to clipboard operation
sharedsignals copied to clipboard
verified publisher icon openid

Identity in SSF

Open traib-google opened this issue 3 months ago • 0 comments

Subject identity is a core part of SSF events - most events talk about something that happened to/with/by/etc. a subject.

But given the nature of Transmitters and Receivers as distinct peers, it's rare that the exact same subject identifier is known and used by both internally.

E.g. An end-user could have UserIdA assigned by the Transmitter, and UserIdB by the Receiver. When an event is sent by the Transmitter that relates to the end-user:

  • either the Transmitter maps its identifier UserIdA -> UserIdB, and sends UserIdB in the event
  • or it sends UserIdA, and the Receiver does the mapping.

This identifier-mapping problem is currently out-of-band of the SSF specification. But without each Transmitter-Receiver pair solving this problem, the events received cannot be processed meaningfully.

This issue is for discussing ways to make this easier. Some possibilities (no preferences, just brainstorming):

  • Standardize each subject's identifier, e.g. email for user.
  • Standardize each subject's identity management protocol, e.g. SCIM for users and groups.
  • Standardize a way to do identity management / identifier exchange in-protocol (within SSF).

traib-google avatar Oct 07 '25 16:10 traib-google