Child pages
  • Legal Use Cases
Skip to end of metadata
Go to start of metadata

Legal Use Cases

This page catalogs use cases reflecting contractual and regulatory concerns that are driving the work of the UMA Legal subgroup. Understanding this document requires understanding technical UMA concepts at a broad level; the UMA Technical Roles and Responsibilities section of the UMA in Contractual and Regulatory Contexts draft document provides descriptions of these concepts.


We definitionally distinguish technical entities (which can involve services, applications, devices, people, organizations, and so on all interacting with each other) from contractual parties.

We use the classic placeholder names Alice, Bob, and so on for simplicity when referring to individuals. We add the suffix "Co" when referring to a private-sector organization and "Gov" when referring to a public-sector organization.

Basic access grants by and to individuals with legal capacity

This high-level use case category maps UMA technical entities to contractual parties one-to-one, as a first step in parsing all other use cases.

  • The resources of the resource owner entity Alice relate to her, so she is also the resource subject party.
  • Alice controls access to those resources herself, so she is also the grantor party.
  • Alice'sauthorization server entity is run by an authorization server operator party.
  • Each of the resource server entities hosting Alice's resources is run by a resource server operator party.
  • When Alice shares access to a resource with Bob, he is a requesting party entity acting on his own behalf, so he is also the grantee party.
  • client entity gaining access to a resource of Alice's is run by a client operator party.


  • No labels