...
Non-domain-scoped identifiers (SAML2 Persistent NameID, OIDC 'sub' claim) are scoped to the IdP entityID. Is that better or worse than scoped identifiers (which do not depend on the IdP entityID)?
How do we handle the requests from our research VO friends, Scott Koranda and Jim Basney? Specifically, they need identifiers to be:
- Persistent
- Unique
- Non-reassigned
- Non-targeted