In today’s CAB there seemed to be confusion on how pseudonyms are used, and why. This mostly relates to previous RFCs (I think 5 and 9) on how humans are authorised, where such authorisations are stored, and how privacy in such authorisations is guaranteed.
The main source of information on this, as I know it, can be found here
with most relevant:
Within iSHARE, authorisations of a human are registered at an Identity Provider, and are retrieved using the userinfo endpoint. For this purpose, there are some modifications to the OpenID Connect Flow. User identities are protected by sharing pseudonyms in order to comply with privacy requirements.
I am currently working on another project at INNOPAY, so will not be able to answer all questions on this topic. However, it would be good if we can together ensure that within the CAB and participants it is clear how pseudonyms and human authorisations work.
P.S. the forum still notes me as an iSHARE Project Member. Please regard this information as outdated.