[WG-UMA] Review UMA core spec rev8 until pargr. 2
eve at xmlgrrl.com
Tue May 24 16:53:07 EDT 2011
Glad to give you something to play with. :-)
On 24 May 2011, at 11:46 AM, Cordny Nederkoorn wrote:
> Hi all,
> If you ask a tester like me to review specs it's playtime.
> For rev8 I reviewed until pargr2
> Here goes:
> Phase 2,3 together are described in section2; are the main 3 cors
> Steps still Protect a Resource, Get and Use a Token?
This was a philosophical trick to figure out. While it still seems useful to summarize the value of UMA by talking about three phases (of which the latter two are similar to OAuth), phase 3 is rather unexciting -- it's just the successful conclusion of the whole sequence. So, really, section 2.1.5 (with all of its predecessor steps) is phase 3! Is it worth pointing specifically to this subsection when talking about phase 3?
> Thumbs up for describing steps with If...Then; We testers love it.
> 2.1-2.5: no examples from last revision?
Maciej has promised to supply example content. I think we kept all example content that was in the older drafts that was still accurate.
> Is the use of SHOULD done because of giving the implementer the choice of using the statement?
This is a good question. Thomas, I think you made this choice; were you following OAuth's lead? It's worth discussing whether we should make certain parts of the UMA flow "optional together". For example, what if the resource server is colocated with the authorization server and has a closer relationship with it that doesn't require an expensive interoperable messaging protocol? Is this a case where we should define "conformance profiles"?
> That's it, feedback is welcome and more will follow.
> Cheers, Cordny Nederkoorn
> > http://kantarainitiative.org/confluence/display/uma/UMA+1.0+Core+Protocol
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-UMA