[WG-UMA] UMA Trust Model updated - and thoughts on liability

Eve Maler eve at xmlgrrl.com
Sun Apr 15 15:18:36 EDT 2012

Now that our spec seems to be settling down, I did a refresh of the Trust Model document. While it's not the "user guide" we think we still need, I'm starting to think that this should be just as normative a document as the actual technical spec. Certainly deployers will want to know exactly what the liability consequences are if they issue a PAT, or accept an AAT, or whatever...

It could use an eagle-eye review of all the details, but I feel like this could helpfully inform someone who wanted to deploy UMA for real, and wanted to know how their responsibilities might stack up.

Another neat outcome: Our profiles are the perfect place to twiddle the trust dials.

- The power relationship between the AM and host is really bundled up in the UMA token profiling. Our default "bearer RPT" sets up a situation where the AM is nominally very powerful, but is subject to the access whims of the host. You can imagine a profile where the AM just gathers the claims and passes them along to the host (AM gets less responsibility commensurate with its authority), or the host has to ask for a decision plain and simple (host gets less authority commensurate with its responsibility).

- The ability of the AM (and authorizing user) to hold the requesting party to account is bundled up in the UMA claim profiling. By defining claim profiles and then chaining them in specific orders, we can get some pretty cool abilities to nail down the requesting party's promises and, in some cases, actions. (I wonder if anyone will profile UMA to actually do a DRM solution!...)

Thoughts? Can I ask the trust model team to print this out and review it carefully? Thanks!


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

More information about the WG-UMA mailing list