After a brief jaunt through code and a think, I think I would summarize my reluctance to try to solve the client-determined identifier need for groups using
pubid as follows. This doesn’t touch on the authorization or invite bits involved with
pubid, just some high-level things.
I don’t know if this is deep enough to claim that I’ve looked at how hard it would be to update
pubid in all the various places, but I realize my argument stands even if
group.pubid were easy to modify. I feel like it inherently does something else than the notion we’re after here. Here are my thoughts!
- One of the current core things about
pubids is that they are known to be unique for a resource across all of our data. This is reflected in their use to identify a single resource in 17 different routes in our application at present.
- However, our need for a client-determined identifier needs to enforce uniqueness per authority — the same identifier could be reused in multiple authorities. I believe this to be a de