More on data formats
Shane Tomlinson
stomlinson at mozilla.com
Tue Nov 26 01:46:18 PST 2013
On 26/11/2013 02:17, Chris Karlof wrote:
> Regarding how we signal the subject of the certificate, here's a summary of where we're at:
>
> For Persona certificates:
>
> sub: <user's email address>
> email: not used
>
Does "email: not used" signify "is not present" or "is preset but
undefined"?
> For FxA certificates:
>
> sub: <FxA user id as a uuid>
> email: <verified email address supplied by user during signup>
>
> Regarding how we represent the email/uid in the sub, since JWT allows StringOrURI in the sub, we discussed using URIs to make the implied semantics more explicit. For example, for FxA certificates, the sub could be "urn:uuid:<FxA uid>", and for Persona certificates the sub could be "mailto:<user's email address>".
>
Was any decision made on whether the issuer or URI scheme will be used
for a RP to differentiate the two?
Shane
More information about the Dev-fxacct
mailing list