Sector Identifier URIs

[davidgtonge]

I'm interested to understand why:

Sector Identifier URIs SHALL NOT be supported under this profile

If PPIDs are mandated then sector identifier uris are very useful.

For example OIDC says this:

If there are multiple hostnames in the registered redirect_uris, the Client MUST register a sector_identifier_uri.

So by not allowing a sector identifier uri, you would be restricting Clients to a single hostname for any of their redirect uris.

[lukepopp]

@davidgtonge this is primarily an attempt to limit scope and will also be dependent on client registration which in turn is dependent on the CDR Registry/Directory.

Unless I've missed it, I don't see sector_identifier_uri as part of the OBIE Software Statement which is interesting. I assume PPID are not supported.

I'd read that part of OIDC you quoted in the context of generating a pairwise identifier:

..the Sector Identifier used for pairwise identifier calculation is the host component of the registered redirect_uri. If there are multiple hostnames in the registered redirect_uris, the Client MUST register a sector_identifier_uri.

If the subject identifier is a UUID (which i've recommended in the profile and will probably make mandatory), the hostname doesn't apply so the sector uri appears to offer little value when used for a single client and UUID id.

I've always felt sector uris were more appropriate for grouping clients and different domains.

The sector_identifier_uri should be supported for PPID but this would need to be considered with respect to the CDR Registry entities and their relationships which are unspecified thus far. I'll create a feature.