[WG-UMA] OpenID AB discussion about how to handle trusted claims living anywhere

Eve Maler eve at xmlgrrl.com
Tue Mar 15 08:59:03 EDT 2011

Check out the thread here:


Very important stuff. From the UMA side, I think we'd still have the same concerns: UMA-protecting trusted claims (vs. merely OAuth-protecting them) in a relatively straightforward fashion, plus our special use case for gathering trusted claims in UMA Step 2 for associating authorizations with the requester's access token. If the AB solution drifts away from the basic OAuth design pattern, we'll have a tougher time of it, but it seems the folks in this discussion are taking existing OAuth deployment pressures into account.


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

More information about the WG-UMA mailing list