Child pages
  • UMA Implementer's Guide

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
default-deny
default-deny
Default-Deny Policy Decision-Making Behavior

TBS - discuss other examples of this from V1.0.1 Core Sec 3.5.2: "The authorization server MUST The core specification requires the authorization server to use a default-deny authorization assessment model in adding authorization data to RPTs, that is, "everything that is not expressly allowed is forbidden" for resource sets that resource servers have registered. Exercise caution in implementing default-deny because corner cases can inadvertently result in default-permit behavior. For example, it is insufficient simply to assume that all resource sets have some non-zero set of claims required for access, and then accept an empty set of supplied claims as sufficient for access. See [UMA-Impl] for further discussion.". Default-deny is always a safe position for an authorization server to take, in that it enables "failing closed". Access control systems can be implemented where a default-permit regime applies at a top level, and then an instruction to deny at a lower level. However, it is very difficult to guarantee denial in all necessary cases in such systems. Starting from a position of no access and then granting access rights selectively is a much more rational approach.

...

Anchor
rs-api
rs-api
Resource Server API Constraints

...