Hi John thanks for the explanatian. Just to make sure I got you right. A prn can be a user_id. A prn is bound to the scope of an iss.
Regards, Torsten. John Bradley <ve7...@ve7jtb.com> schrieb: >JWT is more generic than OIDC. > >prn and user_id as used by OIDC are similar. user_id is already in >wide use with Facebook's signed request. >We were hoping that Facebook would be more likely to migrate from >signed request to JWT if the parameter names stayed the same for >developers. > >In the generic case of a JWT the prn may not be a user. > >The other discussion that I recall around prn was a notion that they >are fully qualified and globally unique. > >We wanted to be clear with user_id that it is scoped to the iss and not >globally unique. > >So a prn was seen as a User Principal name and the user_id was seen as >a persistent non reassignable identifier for the user in the context of >the iss. > >John B. > > >On 2012-11-24, at 3:47 PM, Torsten Lodderstedt ><tors...@lodderstedt.net> wrote: > >> Hi, >> >> I've got a few comments on your draft. >> >> I’m wondering why neither acr nor auth_time (which are used in OIDC) >made their way into this spec? >> >> What is the difference between prn and the user_id claim OIDC uses? >> >> regards, >> Torsten. >>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
