[Openid-specs-mobile-profile] Issue #185: Generation of sub (openid/mobile)

[naillery]

New issue 185: Generation of sub
https://bitbucket.org/openid/mobile/issues/185/generation-of-sub

Nicolas Aillery:

Details on how the sub whould be generated:

```
-
+
<list style="symbols">
<t>If the Access Token is tied with an End-User, the <spanx style="verb">sub</spanx> is RECOMMENDED to be <spanx style="verb">pairwise</spanx> with a value based on the Sector Identifier of the Client. It is assumed that the Sector Identifier has been verified during the Access Token issuance process. The <spanx style="verb">sub</spanx> MAY also be <spanx style="verb">public</spanx>.
</t>
<t>If the Access Token is not tied with an End-User, the <spanx style="verb">sub</spanx> is RECOMMENDED to be <spanx style="verb">public</spanx> with a value based on the <spanx style="verb">user_id</spanx> and <spanx style="verb">user_id_type</spanx>. 
A pairwise <spanx style="verb">sub</spanx> MAY be used in this case, but the OP MUST take special care to ensure the Client is entitled to use the associated Sector Identifier as the Client's <spanx style="verb">redirect_uri</spanx> that is usually used for this check is not involved in the flow.
Either <spanx style="verb">public</spanx> or <spanx style="verb">pairwise</spanx>, with such an Access Token, the <spanx style="verb">sub</spanx> is less valuable for the Client than the couple <spanx style="verb">user_id</spanx> and <spanx style="verb">user_id_type</spanx>.
</t>
</list>
```

‌