Can a sub_id change?

[PieterKas]

Is a sub_id considered constant throughout the transaction, or can this change over time. If it does change, how should the "old sub_id" be recorded? As part of the azd claim? Should we add information to that effect?

@tulshi and @gffletch

[gffletch]

I think we moved away from sub_id to just using sub. However, the larger question is an interesting one. Is there a case where in completing a requested transaction, one of the calls to one of the workloads SHOULD NOT receive the sub claim. Is the TraT then leaking information? I haven't thought about this more than writing this comment :)

[tulshi]

Hmm. interesting question. We do not have a means of creating constrained versions of TraTs today. I'd punt this for later though. I'm not sure this is critical to the TraTs draft as of now.

[gffletch]

I agree. Within a single trust domain, this is probably less of an issue.