By: hyunwoo kim user 26 Nov 2019 at 1:11 a.m. CST

3 Responses
hyunwoo kim gravatar
Hi. I read about Pairwise IDs in the OpenID Connect Provider section of the Gluu 4.0 Doc. Can this control access to the OIDC Client? What role does Pairwise IDs play?

By Mohib Zico staff 26 Nov 2019 at 2:57 a.m. CST

Mohib Zico gravatar
Pairwise Identifier is like persistent Identifier of SAML. Goal is to release same identifier for each person in various websites ( though different subject identifier for each websites ). I haven't used pairwise id for authorization but it's a good thing to test for sure.

By William Lowe staff 26 Nov 2019 at 9:24 a.m. CST

William Lowe gravatar
OpenID Connect offers two types of subject identifiers: public or pairwise. With Public Subject Identifier, the sub=claim is the user ID or equivalent, e.g. sub=will. This allows the possibility of correlating user activity across multiples sites. The Pairwise Subject Identifier allows each client to get issued a non-reversible hash of the sub=claim, which prevents correlation of a specific user across multiple sites.

By hyunwoo kim user 27 Nov 2019 at 7 p.m. CST

hyunwoo kim gravatar
Thanks to answer.