[WG-UMA] Modulated Resources & UMA
eve at xmlgrrl.com
Fri Jan 15 10:57:35 EST 2010
On 14 Jan 2010, at 4:26 PM, Joe Andrieu wrote:
> I just wrote a long post and decided to save everyone from it.
> Discovery and similar dynamic generation of resources is simply out of scope for UMA 1.0.
Discovery as an actual service really is out of scope for UMA, I'd say, but I'm hoping we can work in a copacetic fashion with other technologies that *do* specialize in it. (The need for discovery of a user's resources has come up several times, not as requirements on UMA per se, but as features of real-life use cases like health data and social networking portability.)
> I'll share thoughts on how we might be able to help once we're ready for the next revision. For now, let's just note that it would be nice to have one place where permissions are maintained, but with dynamically generated resources (like dynamic XRD endpoints), that's just not possible with UMA 1.0.
> Frankly, this may, in the long term, mean UMA is far less useful for dynamic resources than for ones where the URL can be said to completely determine the content at the endpoint and therefore be a useful anchor for permissioning.
Hmm, this sounds more dire than I think is warranted. The nature of the web is to allow for content at an endpoint to change -- for example, if I permission access to my blog's Atom feed, then the interaction of the policies I set for "length of access" (e.g. GETs for one year, as often as the requester likes) and the volatility of the feed (I usually post every couple of weeks) gives a rough idea of how much changeable content is in play. Even making up URL endpoints on the fly, like the way we're handling the host registration and referral stuff in the protocol, is possible.
In any case, it sounds like you've got more thoughts brewing on this, so maybe when we have the health data use case to look at, we can tease out the blocking issues you see.
eve at xmlgrrl.com
More information about the WG-UMA