[WG-UMA] Modulated Resources & UMA

Joe Andrieu joe at switchbook.com
Thu Jan 14 19:26:09 EST 2010


I just wrote a long post and decided to save everyone from it.

Discovery and similar dynamic generation of resources is simply out of 
scope for UMA 1.0.

I'll share thoughts on how we might be able to help once we're ready for 
the next revision.  For now, let's just note that it would be nice to 
have one place where permissions are maintained, but with dynamically 
generated resources (like dynamic XRD endpoints), that's just not 
possible with UMA 1.0.

Frankly, this may, in the long term, mean UMA is far less useful for 
dynamic resources than for ones where the URL can be said to completely 
determine the content at the endpoint and therefore be a useful anchor 
for permissioning.

-j

On 1/14/2010 3:51 PM, Eve Maler wrote:
> You're absolutely right that seeing an "XRD file" as a static resource is problematic.  People have talked about dynamically generating custom XRDs for a while, and it seems like the way to go for a lot of metadata purposes.
>
> I sure hope UMA isn't going to get into the business of actually modulating dynamic generation of resources.  Rather, I was assuming that the resources in question will be amenable to UMA protection precisely to the extent that they can be exposed as web resources with URLs, which lots of other systems do all the time.  (After all, my blog resides in a huge database, and the blog management software comes with rewrite rules that say how to expose them as resources.  Lots of magic happens when someone attempts to do a GET on a random entry from the archives.)
>
> It may be that "XRD file" is simply the wrong way to think about it; it's more like an XRD database, with various parts of it and views onto it added/modified/shared as resources (files, if you will).
>
> (If this is crazy, let me know...)
>
> 	Eve
>
> On 14 Jan 2010, at 10:38 AM, Joe Andrieu wrote:
>
>> In the call today, George brought up UMA as the authorization manager
>> for an XRD file.
>>
>> This intrigued me because this is not a simple binary protection. It
>> wasn't about either granting or denying access to an XRD. It was about
>> modulating the XRD file for certain users. That is, Bob may get one set
>> of resources in the XRD and Sally gets a different set of links in the
>> XRD sent to her.
>>
>> Dynamically generating an XRD isn't particularly hard... it is the same
>> as any dynamically generated web resource.
>>
>> But we, the UMA work group, haven't really discussed how an AM might
>> participate in modulating dynamic generation of resources. We have
>> presumed access is all or nothing.
>>
>> I'm guessing this is a "deferred" use case, as it is intriguing, but
>> probably extending the scope beyond what we want to address in UMA 1.0.
>>
>> Thoughts?
>>
>> -j
>>
>> --
>> Joe Andrieu
>> joe at switchbook.com
>> +1 (805) 705-8651
>> http://www.switchbook.com
>
>
> Eve Maler
> eve at xmlgrrl.com
> http://www.xmlgrrl.com/blog
>
>
>

-- 
Joe Andrieu
joe at switchbook.com
+1 (805) 705-8651
http://www.switchbook.com


More information about the WG-UMA mailing list