[WG-UMA] New rreg and core specs

Thomas Hardjono identity at hardjono.net
Wed Dec 15 12:40:56 EST 2010


I just went through the UMA Core spec.  I think it looks very good and
reads well -- a much easier read for me that reading OAuth2.0 (but
that's just me:)


Here are some minor comments/suggestions:

(1) Need to identify which draft of OAuth2.0 is being referred to:

Minor nit. I know that OAuth2.0 seems to be a moving target. Perhaps
within the UMA-core draft, we could cite Oauth2.0 version. 

For example: [OAuth2-draft11], instead of just [Oauth2].


(2) Move paragraph on UMA Profile Patterns to separate section and
enhance:

I would recommend moving the following to paragraph (Section 3,
Step-2) to a separate section, since this is an "advance" set of
concepts and may confuse the first-time reader.

   If the requester is acting on behalf of a requesting party that is
a
   corporation or other legal person, or a natural person who is not
the
   same as the authorizing user, it MUST use an UMA profile pattern
that
   does not involve use of the OAuth end-user authorization endpoint,
to
   allow for issuing an access token that does not require the
   authorizing user's presence at the time of issuance.  If the
   requester is acting on behalf of a natural person who is the same
   person as the authorizing party, it MUST use an UMA profile pattern
   that involves use of this endpoint, such that this person
   synchronously approves token issuance through presenting user
   credentials to the AM and consenting.


(NB. I think this is absolutely valuable stuff, a notch above
Oauth2.0. Please keep the paragraph and expand it.)


(3) Question: Which Oauth profiles

Does UMA only use (refer-to or depend-on) the OAuth2.0 web server
profile? 
(or do we need the other OAuth2.0 profiles).


(4) "Access Grant" terminology (Oauth2.0 draft-11):

I found the introduction of the "access grant" terminology in
OAuth2.0-draft11 to be confusing (but that's just me).

Does the "access grant" terminology alter our UMA terminology in any
way?


/thomas/

____________________

> -----Original Message-----
> From: wg-uma-bounces at kantarainitiative.org [mailto:wg-uma-
> bounces at kantarainitiative.org] On Behalf Of Eve Maler
> Sent: Tuesday, December 14, 2010 7:08 PM
> To: wg-uma at kantarainitiative.org UMA
> Subject: Re: [WG-UMA] New rreg and core specs
> 
> Christian has posted them at:
> 
> http://mrtopf.clprojects.net/uma/draft-uma-resource-reg.html
> http://mrtopf.clprojects.net/uma/draft-uma-core.txt
> 
> 	Eve
> 
> On 14 Dec 2010, at 3:00 PM, Eve Maler wrote:
> 
> > Sorry this isn't uploaded yet -- my fault.  I wanted folks to take
a
> look at this as soon as possible...  This is the latest resource reg
> spec and also a slightly revised core spec to correct the language
> around resource registration and the registration endpoint.  I tried
to
> accommodate or at least capture as many of the issues documented in
the
> 'pad (http://openetherpad.com/uma-rreg-todo) as possible.
> >
> > 	Eve
> >
> > <draft-uma-resource-reg.html><draft-uma-core.html>
> >
> > Eve Maler
> http://www.xmlgrrl.com/blog
> > +1 425 345 6756
> http://www.twitter.com/xmlgrrl
> >
> > _______________________________________________
> > WG-UMA mailing list
> > WG-UMA at kantarainitiative.org
> > http://kantarainitiative.org/mailman/listinfo/wg-uma
> 
> 
> Eve Maler
http://www.xmlgrrl.com/blog
> +1 425 345 6756
http://www.twitter.com/xmlgrrl
> 
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma



More information about the WG-UMA mailing list