Closed davidgtonge closed 5 years ago
@davidgtonge this is primarily an attempt to limit scope and will also be dependent on client registration which in turn is dependent on the CDR Registry/Directory.
Unless I've missed it, I don't see sector_identifier_uri
as part of the OBIE Software Statement which is interesting. I assume PPID are not supported.
I'd read that part of OIDC you quoted in the context of generating a pairwise identifier:
..the Sector Identifier used for pairwise identifier calculation is the host component of the registered redirect_uri. If there are multiple hostnames in the registered redirect_uris, the Client MUST register a sector_identifier_uri.
If the subject identifier is a UUID (which i've recommended in the profile and will probably make mandatory), the hostname doesn't apply so the sector uri appears to offer little value when used for a single client and UUID id.
I've always felt sector uris were more appropriate for grouping clients and different domains.
The sector_identifier_uri
should be supported for PPID but this would need to be considered with respect to the CDR Registry entities and their relationships which are unspecified thus far. I'll create a feature.
I'm interested to understand why:
If PPIDs are mandated then sector identifier uris are very useful.
For example OIDC says this:
So by not allowing a sector identifier uri, you would be restricting Clients to a single hostname for any of their redirect uris.