Child pages
  • Legal Considerations in UMA Authorization

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • In our examples, Bob and the companies that run Airplanr and FrodoReviews are requesting parties: legal persons (such as corporations) and real human beings (other than Alice herself) who use a requester endpoint to seek authorized access to some protected resource.

Image Added

We'll explore this most complex set of players more in a moment.

...

Now we have enough language to begin discussing potential access authorization agreements and liability that may obtain between two parties (yes, in the legal sense) interacting in an UMA environment: the authorizing user and the requesting party.

Image Removed

Person-to-service access: a walkthrough

@@TBS - new diagram

Person-to-person access: a walkthrough

@@TBS - new diagram

TBS

Here are the choices for requesting party:

...

Note that 1.a.ii and 2.b.i are protocol alternatives (denoted with A and B) for what could be the same basic kind of authorized access. In the first, the authorizing user and the requesting party are both Alice, and if any claims are required she supplies them to herself, but she has chosen to use some service run by a third party to manage requests for access. In the second, Alice uses the same such service but expects it to speak for itself in responding to demands for claims (possibly providing claims about her in the process).

Similarly, 1.b.ii and 2.b.ii are protocol alternatives (denoted with X and Y). In the first, Alice authorizes Bob for access, and Bob happens to use an intermediary service to help manage his requests. In the second, Bob uses the same such service but expects it to speak for itself in responding to demands for claims (again, possibly providing claims about him in the process).

...

Intermediaries the authorizing user may employ in protecting resources

Alice likely is an ordinary user of the web, and tends to use web applications written by third parties rather than hacking her own services and deploying them on the networked workstation that sits under her home-office desk. Thus, she chose to use the third-party services run by the TravelIt and CopMonkey companies, and in creating accounts with them, she likely had to agree to (or negotiate) terms of service with each of these companies. They are thus intermediaries in providing UMA protection to her resources, rather than parties to actual authorized access.

Image Added

...

Sharing with Airplanr

@@TBS

Image Added

...

Sharing with FrodoReviews

@@TBS

Image Added

...

Sharing with Bob through Schedewl

@@TBS

Image Added

...

The nature of claims

...