More on data formats

Shane Tomlinson stomlinson at
Tue Nov 26 01:46:18 PST 2013

On 26/11/2013 02:17, Chris Karlof wrote:
> Regarding how we signal the subject of the certificate, here's a summary of where we're at:
> For Persona certificates:
> sub: <user's email address>
> email: not used

Does "email: not used" signify "is not present" or "is preset but 

> For FxA certificates:
> sub: <FxA user id as a uuid>
> email: <verified email address supplied by user during signup>
> Regarding how we represent the email/uid in the sub, since JWT allows StringOrURI in the sub, we discussed using URIs to make the implied semantics more explicit. For example, for FxA certificates, the sub could be "urn:uuid:<FxA uid>", and for Persona certificates the sub could be "mailto:<user's email address>".

Was any decision made on whether the issuer or URI scheme will be used 
for a RP to differentiate the two?


More information about the Dev-fxacct mailing list