[WG-UMA] New version of draft

Domenico Catalano domenico.catalano at oracle.com
Thu Jul 15 08:37:53 EDT 2010


Hi,

here some thoughts about extending client registration for special case...

A special case of Client Registration is when the Host (in UMA terminology) is an Identity Provider/Claim Issuer (as discussed in the Trusted Claim approach).

For trust management reason, the Authorization Server, in order to verify the client's Identity Assurance Level, may checks IdP (whitelist) from a Trust Framework provider (also discussed in the doc Trusted Claim approach - Identity assurance feature sub-paragraph - sent out by Eve).

To comply this specific scenario, the (push) client registration request may also includes the following parameters:

- IdP domain name (e.g. idp.booble.com)
- Level of Assurance (e.g. LOA_Reference=2)
- Trust Framework provider reference (e.g. https://secure.globaltrust.org/IdP/whitelist)

(attached a diagram/flow about Client-Authorization Server and TFP interactions).

Advantages:
1. Authorization Manager is able to verify if the IdP domain is certified from a TFP with which LOA, before to release client_id and secret.
2. Authorization Manager obtains "certified meta-data" from the TFP about the IdP.


The following links provide an interesting references about trust management aspects:
- http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf   (par. 2.7 Programmed Trust pag. 15)
- http://www.xmlgrrl.com/blog/publications/#oitf

hope it's useful for the discussion.

Domenico


On Jul 12, 2010, at 11:29 AM, Christian Scholz wrote:

> Hi!
> 
> I updated the draft to include Maciej's spec, Thomas' intro and did some
> wording stuff of my own. I also included a TODO section where might want
> to choose a task :-)
> 
> You can find it at:
> 
> http://mrtopf.clprojects.net/uma/
> 
> The source code can be found at
> 
> http://github.com/mrtopf/UMA-Specifications
> 
> Feedback and text changes etc. are welcome! (I don't think it needs
> to be 100% perfect to be submitted but I would like to have those
> questions answered, e.g. about signing and more about the authorization
> requirement).
> 
> -- Christian
> 
> 
> 
> -- 
> Christian Scholz                          Homepage: http://comlounge.net
> COM.lounge GmbH                                    http://mrtopf.de/blog
> Hanbrucher Str. 33                             http://twitter.com/mrtopf
> 52064 Aachen                                             Skype: HerrTopf
> Tel: +49 241 400 730 0                                  cs at comlounge.net
> Fax: +49 241 979 00 850                                      IRC: MrTopf
> 
> Podcasts:
> Der OpenWeb-Podcast (http://openwebpodcast.de)
> Data Without Borders (http://datawithoutborders.net)
> Politisches: http://politfunk.de/
> Technical: http://comlounge.tv/
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma




Domenico Catalano | Identity Architect | +39.335.7257896
Oracle Fusion Middleware
via G. Romagnosi - 00142 Rome, Italy

	Oracle is committed to developing practices and products that help protect the environment





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20100715/d76eb8ce/attachment-0002.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-3.pdf
Type: application/pdf
Size: 28012 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-uma/attachments/20100715/d76eb8ce/attachment-0001.pdf 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20100715/d76eb8ce/attachment-0003.html 


More information about the WG-UMA mailing list