[WG-UMA] OpenID AB discussion about how to handle trusted claims living anywhere

Eve Maler eve at xmlgrrl.com
Tue Mar 15 08:59:03 EDT 2011


Check out the thread here:

http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20110314/thread.html

Very important stuff. From the UMA side, I think we'd still have the same concerns: UMA-protecting trusted claims (vs. merely OAuth-protecting them) in a relatively straightforward fashion, plus our special use case for gathering trusted claims in UMA Step 2 for associating authorizations with the requester's access token. If the AB solution drifts away from the basic OAuth design pattern, we'll have a tougher time of it, but it seems the folks in this discussion are taking existing OAuth deployment pressures into account.

	Eve

Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl



More information about the WG-UMA mailing list