[Openid-specs-fapi] Issue #66: CustomerId == sub == x-fapi-customer-id: Should standardize as sub (openid/fapi)
Nat Sakimura
issues-reply at bitbucket.org
Tue Jan 31 15:19:49 UTC 2017
New issue 66: CustomerId == sub == x-fapi-customer-id: Should standardize as sub
https://bitbucket.org/openid/fapi/issues/66/customerid-sub-x-fapi-customer-id-should
Nat Sakimura:
In the spec, there are three ways to express semantically equal thing.
CustomerId == sub == x-fapi-customer-id
As an OIDC related spec, it should standardize on `sub`.
Also, the http header value for this fixed value may not be trustworthy as it is not a secret and can be reproduced by anyone. So it should not be relied upon. Perhaps, it should be removed from the Security parts and moved to Part 4 to make sure that people does not misunderstand that this is a security feature.
Responsible: Nat
More information about the Openid-specs-fapi
mailing list