[WG-UMA] New editorial issue #109
eve at xmlgrrl.com
Mon Oct 27 15:47:52 CDT 2014
I threw a couple of editorial nits in here. One is a true nit, identified by Andi. The other is an interesting turn of phrase that we need to fix, identified by Justin Richer. We say:
"The resource owner's policies at the authorization server amount to an implicit authorization grant in governing the issuance of authorization data."
Unfortunately, "implicit grant" is the official name of an OAuth grant flow that isn't what we're doing here. As noted in a comment on the issue, I'm now thinking that the right way to capture the pre-authorization/pre-consent nature of what UMA enables is to say that this is an *asynchronous* authorization grant. In fact, it might be really nice to describe UMA as literally defining an "asynchronous grant" flow for OAuth. Thoughts?
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
More information about the WG-UMA