[WG-UMA] RO asynchronous authorization request
Da Cruz Pinto, Marcelo
marcelo.da.cruz.pinto at intel.com
Tue Aug 5 13:21:25 CDT 2014
I've been meaning to ask this question for a while now: We are seeing many scenarios (mostly consumer-oriented) in which the RO policy at the AS is "always ask me", meaning that the RO wants to be explicitly notified by the AS every time an RP wishes to access a particular resource so that proper access can be granted/denied (notification might be sent via email or some other means by the AS). This means that at the moment the Client needs to obtain an RPT (section 3.4.2 and 3.5 on uma-core), there is an asynchronous interaction: The Client somehow needs to be informed that there is temporary condition (maybe an error condition), and it needs to retry the "/authz_request" call later. So far, we've been doing this by creating a custom claim profile which instructs the Client to retry later (potentially providing timing information, if available), but this could also be achieved by having the "/authz_request" call return a temporary HTTP error (although there is no HTTP error code that suits this condition nicely, so the claim profile option seems best)
Thoughts? Has this been discussed in the mailing list already? If a claim profile is the way to go, I think that this is one of those profiles we may want to include on the spec for interoperability reasons.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-UMA