[Wg-uma] Fwd: Use Case: Consumer delegate

Eve Maler eve at xmlgrrl.com
Thu Oct 8 12:22:09 EDT 2009


Stay tuned for another message in response to this.

Begin forwarded message:

> From: Michael Hanson <mhanson at spflrc.org>
> Date: 7 October 2009 3:08:06 PM PDT
> To: Eve Maler <eve at xmlgrrl.com>
> Subject: Use Case: Consumer delegate
>
> Trying to write this as concisely as possible to capture the idea we  
> were talking about.
>
>
> Use Case: Requester Delegate
> The requester may be using a hosted service, which may need to make  
> requests on its behalf.
>
> Problem Scenario:
> The user has entered a relationship with BizService, and wants to  
> authorize it to access her calendar.  BizService is using a website  
> hosted by BizTools, which is the entity that will initiate all  
> network activity and actually hold the tokens generated during the  
> transaction.
>
> The user should be able to authorize BizService to access her data,  
> without granting any privileges to BizTools, and without granting  
> privileges to any other company hosted by BizTools.  This should be  
> done in a way that does not allow BizTools to impersonate BizService.
>
> Let us assume for now that BizService is providing a network  
> endpoint that has the necessary capabilities for the solution  
> scenario -- if the service is fully hosted by BizTools, there's not  
> really a technical fix for impersonation.
>
> Issues:
> * Does the user need to be aware of BizTools, or can she grant  
> authorization to BizService in a way that allows BizService to relay  
> access?
> * Does this scenario require an explicit model of delegation  
> enforced by the AM, so that BizService can't hand off an access  
> token to anybody they want?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UMA diagram.jpg
Type: image/jpg
Size: 100234 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-uma/attachments/20091008/a9610fc2/attachment-0001.jpg 
-------------- next part --------------
>


Eve Maler
eve at xmlgrrl.com
http://www.xmlgrrl.com/blog



More information about the Wg-uma mailing list