I have gone over the Globus Auth spec and have the following questions/notes:
1. Section 3.1 says: "one identity may be linked to any number of other primary identities, and thus Globus accounts.". Although this has currently not been implemented, when implemented, I am wondering which Primary Identity is selected when a user logs in using an identity that's linked to multiple Primary Identities?
2. Typo: eduPrinciple should be eduPrincipal
3. Typo: authenticates Globus Auth -> authenticates "to" Globus Auth
4. section 4.3 confusing: first para asserts account creation and 2nd para doesn't.
"For some identity providers, when an unlinked identity authenticates to Globus Auth, an account will automatically be created with this identity as the primary. For other identity providers, Globus Auth will prompt the user to create an account or link the identity with another account."
How is this decided?
5. Typo: Replace "that that" with "that"
6. How do changes in XSEDE's userinfo for a deleted or modified user flow to Globus Auth if the user always uses a campus credential to sign in?