[WG-UMA] Terminology mapping UMA - OAuth2
eve at xmlgrrl.com
Fri Jul 8 13:25:07 EDT 2011
The UMA spec goes into some detail about the ways the terms align. There are subtleties. Take a look at these links:
Section 1 Introduction, particularly 1.2 Terminology
Section 3 Getting Authorization and Accessing a Resource intro, particularly the last list, which has an OAuth comparison
Can't you achieve UMA goals just by using OAuth?
Is UMA up to date with OAuth development?
Perhaps we should add a FAQ about "Why doesn't UMA use OAuth terminology?" There is indeed some history here, and we have at various times examined the pros and cons of aligning, but always decide to stick with our own terms because of the subtleties involved.
Do feel free to ask further questions if you need to! I can try to dig up the specific meeting minutes where we've discussed this in the past.
On 8 Jul 2011, at 8:42 AM, John Bradley wrote:
> Some of it is due to the terms OAuth/Erin uses having changed between IETF drafts.
> Aligning terms has also been a challenge for Connect.
> On 2011-07-08, at 11:29 AM, Rainer Hörbe wrote:
>> When I compared terminology between OAuth2 and UMA, I found that there is some gap. Is there any good reason for this, or could it be aligned?
>> IETF UMA Entity UMA Agent
>> Resource Owner Authorizing user
>> Resource Server Host//Protected Resource
>> Client Requesting Party Requestor
>> Authorization Server Authorization Manager
>> Another question: Is there a test that explains the benefit of using UMA on top of OAuth2?
>> - Rainer
>> WG-UMA mailing list
>> WG-UMA at kantarainitiative.org
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-UMA