eve at xmlgrrl.com
Thu Jul 1 16:59:16 EDT 2010
Are you thinking of the AM pulling information about protected resources at the host, which might (if we can figure out how to do it) include host-specific policies that the user had set while visiting the host? The AM is the one making policy decisions that result in granting access tokens, even if we have a back channel where it's making the decisions in a fashion that respects the user-at-the-host's wishes.
When it comes time, in step 3, for a host to figure out what to do when approached by a requester with an access token, we have two models in mind. One is for the host to validate the token (carried from the AM by the requester) locally, which requires the token to have some heft. The other is for the host to approach the AM in real time to get the token validated by it, which requires an interaction between them that I suppose could be called "pushing" a token and other information in a request, and then getting an answer back. (It could be done with a sort of a pull pattern too...? Having previously informed the AM where its "tokens waiting for decisions" will sit, the host can tell the AM it needs a decision, the AM can pull the necessary info, and then it can return an answer.)
Hopefully this helps,
On 1 Jul 2010, at 10:57 AM, Joe Andrieu wrote:
> I have an idea about Push/Pull, but first a question.
> In the Pull scenario, when is the AM Pulling for policy?
> Does that occur every time a policy decision is required? Or is it a polling mechanism at arbitrary intervals? Or something else? What triggers the pull?
> Joe Andrieu
> joe.andrieu at auds.org
> +1 (805) 705-8651
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
eve at xmlgrrl.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-UMA