subject deviceId - unclear definition

[tr33]

The "subject" has a definition for "deviceId":

deviceId: : OPTIONAL. A field, whose value is of type string, which uniquely identifies the device of the Subject

What exactly is „a device“, its syntax and intended use in the context of a policy?

recommendation:

• remove the "deviceId" attribute until further specified.
• or define a dedicated structure with optional, freely defined attributes where an "deviceId" can be defined as a custom attribute without further specification.

[baboulebou]

This should be left as an open string imho, implementers should be able to use whatever string format here. The provided example has a Mac address, but this could easily be a custom-generated fingerprinting UUID for example, or whatever really.