[WG-UMA] New rreg and core specs

Thomas Hardjono hardjono at MIT.EDU
Wed Dec 15 13:51:49 EST 2010


Just starting on rreg now :)

/thomas/


__________________________________________


> -----Original Message-----
> From: Eve Maler [mailto:eve at xmlgrrl.com]
> Sent: Wednesday, December 15, 2010 1:13 PM
> To: Thomas Hardjono
> Cc: wg-uma at kantarainitiative.org; Thomas Hardjono
> Subject: Re: [WG-UMA] New rreg and core specs
> 
> Thanks for these comments!  (Can I tempt you to do the same for the
> rreg spec too? :-)  We need to do an analysis of draft 11 and figure
> out implications for our spec.  You're right that we should identify
> the OAuth draft (the current one we use is 10) more clearly.  As we get
> more specific about conformance language, I think we're going to want
> to name/number an UMA "snapshot" so that it can become a consistent
> testing target.
> 
> 	Eve
> 
> On 15 Dec 2010, at 9:40 AM, Thomas Hardjono wrote:
> 
> >
> > I just went through the UMA Core spec.  I think it looks very good
> and
> > reads well -- a much easier read for me that reading OAuth2.0 (but
> > that's just me:)
> >
> >
> > Here are some minor comments/suggestions:
> >
> > (1) Need to identify which draft of OAuth2.0 is being referred to:
> >
> > Minor nit. I know that OAuth2.0 seems to be a moving target. Perhaps
> > within the UMA-core draft, we could cite Oauth2.0 version.
> >
> > For example: [OAuth2-draft11], instead of just [Oauth2].
> >
> >
> > (2) Move paragraph on UMA Profile Patterns to separate section and
> > enhance:
> >
> > I would recommend moving the following to paragraph (Section 3,
> > Step-2) to a separate section, since this is an "advance" set of
> > concepts and may confuse the first-time reader.
> >
> >   If the requester is acting on behalf of a requesting party that is
> a
> >   corporation or other legal person, or a natural person who is not
> > the
> >   same as the authorizing user, it MUST use an UMA profile pattern
> > that
> >   does not involve use of the OAuth end-user authorization endpoint,
> > to
> >   allow for issuing an access token that does not require the
> >   authorizing user's presence at the time of issuance.  If the
> >   requester is acting on behalf of a natural person who is the same
> >   person as the authorizing party, it MUST use an UMA profile pattern
> >   that involves use of this endpoint, such that this person
> >   synchronously approves token issuance through presenting user
> >   credentials to the AM and consenting.
> >
> >
> > (NB. I think this is absolutely valuable stuff, a notch above
> > Oauth2.0. Please keep the paragraph and expand it.)
> >
> >
> > (3) Question: Which Oauth profiles
> >
> > Does UMA only use (refer-to or depend-on) the OAuth2.0 web server
> > profile?
> > (or do we need the other OAuth2.0 profiles).
> >
> >
> > (4) "Access Grant" terminology (Oauth2.0 draft-11):
> >
> > I found the introduction of the "access grant" terminology in
> > OAuth2.0-draft11 to be confusing (but that's just me).
> >
> > Does the "access grant" terminology alter our UMA terminology in any
> > way?
> >
> >
> > /thomas/
> >
> > ____________________
> >
> >> -----Original Message-----
> >> From: wg-uma-bounces at kantarainitiative.org [mailto:wg-uma-
> >> bounces at kantarainitiative.org] On Behalf Of Eve Maler
> >> Sent: Tuesday, December 14, 2010 7:08 PM
> >> To: wg-uma at kantarainitiative.org UMA
> >> Subject: Re: [WG-UMA] New rreg and core specs
> >>
> >> Christian has posted them at:
> >>
> >> http://mrtopf.clprojects.net/uma/draft-uma-resource-reg.html
> >> http://mrtopf.clprojects.net/uma/draft-uma-core.txt
> >>
> >> 	Eve
> >>
> >> On 14 Dec 2010, at 3:00 PM, Eve Maler wrote:
> >>
> >>> Sorry this isn't uploaded yet -- my fault.  I wanted folks to take
> > a
> >> look at this as soon as possible...  This is the latest resource reg
> >> spec and also a slightly revised core spec to correct the language
> >> around resource registration and the registration endpoint.  I tried
> > to
> >> accommodate or at least capture as many of the issues documented in
> > the
> >> 'pad (http://openetherpad.com/uma-rreg-todo) as possible.
> >>>
> >>> 	Eve
> >>>
> >>> <draft-uma-resource-reg.html><draft-uma-core.html>
> >>>
> >>> Eve Maler
> >> http://www.xmlgrrl.com/blog
> >>> +1 425 345 6756
> >> http://www.twitter.com/xmlgrrl
> >>>
> >>> _______________________________________________
> >>> WG-UMA mailing list
> >>> WG-UMA at kantarainitiative.org
> >>> http://kantarainitiative.org/mailman/listinfo/wg-uma
> >>
> >>
> >> Eve Maler
> > http://www.xmlgrrl.com/blog
> >> +1 425 345 6756
> > http://www.twitter.com/xmlgrrl
> >>
> >> _______________________________________________
> >> WG-UMA mailing list
> >> WG-UMA at kantarainitiative.org
> >> http://kantarainitiative.org/mailman/listinfo/wg-uma
> >
> 
> 
> Eve Maler                                  http://www.xmlgrrl.com/blog
> +1 425 345 6756                         http://www.twitter.com/xmlgrrl



More information about the WG-UMA mailing list