The OpenID Connect Core 1.0 specification defines two subject types, public
and pairwise
.
The public
subject type is used to provide "the same sub
(subject) value to all Clients" or Relying Parties (RPs), while the pairwise
one is meant to provide "a different sub
value to each Client, so as not to enable Clients to correlate the End-User's activities without permission".
In other terms, the public
subject type is a globally unique persistent identifier, while the pairwise
one is targeted to a specific RP.