Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The UMA V2.0 specifications (GrantFedAuthz – currently these links go to revisions 08) (tbs: link to final specs, and to final spec sections throughout) are in Draft Recommendation form. This section will be completed, and updated as required, as the specifications progress to Recommendation status. Differences and changes noted are between V2.0 and V1.0.n generally; note that internal revision differences between UMA2 revisions are not tracked. (You may find it helpful to refer to the Disposition of Comments document, a record of specification changes during the Public Comment periodperiods.) Where the distinction between V1.0 and V1.0.1 is important, it will be noted; otherwise the label "UMA1" is used.

...

UMA1's endpoint and feature discovery mechanism was defined in total by its Core specification. UMA2 makes use of the OAuth discovery Authorization Server Discovery mechanism instead (still in Internet-Draft form at the time of UMA2 publication), eliminating metadata fields already defined by the OAuth discovery or OpenID Connect specification. The Grant (Sec 2) and FedAuthz (Sec 2) specifications each define only the metadata fields they require. (59, 157, 159, 305)

...

Previously, it was intended to make an IANA registration request of the claims inside the introspection object as independent JWT claims. This would enable them to be formally used in RPTs, such that an RS can validate the access token locally with these claims packed inside it. Because of potential security and privacy considerations, it was determined not to define this token format for now. (FedAuthz Sec 9) (334)

Changes to AS-Client, RS-Client, and AS-Requesting Party Interfaces (Now UMA Grant Specification)

Authorization Server Rotates Permission Ticket

...

UMA2 ensures that the logic of downscoping during token refreshing is properly defined given that UMA scopes are bound to resources, and clarifies that the AS does not perform authorization assessment in this context (Grant Sec 3.6). (306)

Changes to AS-RS Interface/Protection API (Now Federated Authorization Specification)

Resource Registration Endpoint

...