[WG-UMA] Proposal: How to turn UMA's OAuth scopes into UMA-style scopes

Eve Maler eve at xmlgrrl.com
Mon Jul 2 23:33:14 EDT 2012


Our protection API token (PAT) is a totally vanilla OAuth bearer token that is issued for scope "protection", and our authorization API token (AAT) is likewise a totally vanilla OAuth bearer token that is issued for scope "authorization". (The same software component might have reason to acquire both a PAT and an AAT at different junctures.)

If we were to turn these two scopes into UMA-style scopes, ready to be used someday with UMA-style resource sets, here's how things could look:

The "protection" scope would instead be something like the following string:

http://docs.kantarainitiative.org/uma/scopes/protection

And if you did a GET on it, it would resolve to something like this JSON structure, with the media type application/uma-scope+json:

{
  "name": "UMA protection",
  "
}

It might include an icon to illustrate the protection concept:

{
  "name": "UMA protection",
  "icon_uri": "http://openclipart.org/image/100px/svg_to_png/58957/Lock.png"
}

Likewise, the "authorization" scope would instead be something like:

http://docs.kantarainitiative.org/uma/scopes/authorization

And it would resolve to:

{
  "name": "UMA authorization"
}

or:

{
  "name": "UMA authorization",
  "icon_uri": "http://openclipart.org/image/100px/svg_to_png/20381/ossidiana_lock_and_key.png"
}

Any comments on this rendering of our consensus from the last meeting?...

	Eve

Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl




More information about the WG-UMA mailing list