How does a provider know where to send the invitation to?

[dvh]

In all our proposals we assume that the invitation object contains a user identifier which exists at the given endpoint. If we don't want to expose users via the API because we want to keep the attack surface as small as possible (described in issue #23), then how does a user know where to send the invitation to? In other words, if Joost (user on A) wants to share a resource with Dimitri (user on B), then:

1. Can we make the assumption that Joost already knows that Dimitri is working with B?
   1. If not, the provider needs to know all users of every trusted user which is a problem.
   2. If yes, can we make the assumption that Joost already knows the unique identifier of Dimitri on B?
      1. If not, we could perform a user search on B (because we know that Dimitri is working with B) and we don't want to do that due to the size of the attack surface.
      2. If yes, can we use the e-mailaddress as the unique identifier per platform?
         1. If not, what can we use as the unique identifier per platform?

[dvh]

As discussed we assume the receiving user/group and receiving platform are known by the sender before creating the share.