Abstract
This document is a non-normative set of auxiliary material produced by the User-Managed Access Work Group. It provides advice to, and discussions relevant to, developers and deployers of UMA-enabled software systems, services, and applications.
...
| Anchor | ||||
|---|---|---|---|---|
|
TBS - discuss other examples of this from V1.0.1 Core Sec 3.5.2: "The authorization server MUST The core specification requires the authorization server to use a default-deny authorization assessment model in adding authorization data to RPTs. Default-deny is always a safe position for an authorization server to take, in that is, "everything that is not expressly allowed is forbidden" for resource sets that resource servers have registered. Exercise caution in implementing default-deny because corner cases can inadvertently result in default-permit behavior. For example, it is insufficient simply to assume that all resource sets have some non-zero set of claims required for access, and then accept an empty set of supplied claims as sufficient for access. See [UMA-Impl] for further discussion."it enables "failing closed". Access control systems can be implemented where a default-permit regime applies at a top level, and then an instruction to deny at a lower level. However, it is very difficult to guarantee denial in all necessary cases in such systems. Starting from a position of no access and then granting access rights selectively is a much more rational approach.
...
| Anchor | ||||
|---|---|---|---|---|
|
...