Child pages
  • UMA Implementer's Guide

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Although authorization assessment is an internal process performed by the authorization server, in UMA V2.0 it gains a large degree of normative precision. This section explains, using symbolic set math. (tbs – NEEDS REVIEW)

Define a superset S of all possible assignable scopes to protected resources in a UMA context.

Let s be an element of S (s ∈ S). Define the following subsets of S:

  • A = ClientRegistered = {s, scopes pre-registered at AS by client , s.t. s ∈ S}, AS;
  • B = ClientRequested = {s, scopes requested at AS by client, s.t. s ∈ S}, B ⊆ S;
  • C = PermissionTicket = {s, scopes requested at AS by RS on behalf of client, s.t. s ∈ S}, C ⊆ S;
  • DRSRegistered = {s, scopes registered at AS by RS with a protected resource, s.t. s ∈ S}, D ⊆ S;

Calculate the set RequestedScopes (E) as follows:

  • ERequestedScopes = PermissionTicket ∪ (ClientRegisteredClientRequested);
  • E = C ∪ (AB);


Define set SatisfiedPolicyCondition (F) as the set of all scopes for which the client satisfies all relevant policy conditions at the AS.

  • F = Satisfied = (tbs...)



Organizations as Resource Owners and Requesting Parties