Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version 12

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Lexicon

...

Terminology in the protocol spec

Following is a working lexicon, very much subject to change. Non-normative examples provided here (TBS!) might or might not be included in the spec. The diagrams were removed temporarily because they are out of date.(This text has now been added to the spec.)

An

Anchor
authz-user
authz-user
authorizing user is a web user who uses a user agent (as defined in [HTTP]) to configure an AM with access authorization policies to instruct it how to make access decisions when a requester attempts to access a protected resource on a host.

A

primary-resource-user
Anchor
primary-resource-user
primary resource user is a web user who uses a user agent (as defined in [HTTP]) to interact with a host in order to use it for resource hosting. The primary resource user may be identical to the authorizing user of the same resource at that host, or they they may be different people.A
Anchor
protected-resource
protected-resource
protected resource is an access-restricted resource (as defined in [HTTP]) that can be obtained from a host with the authorization of an authorizing user, as transmitted by an AM.

...

A

Anchor
claim
claim
claim is a statement (as defined in [IDCclaim]) conveyed by a requester to an AM in an attempt to satisfy a requirement for access policy.

A

Anchor
host
host
host is an UMA protocol endpoint that interacts with AMs in the role of an HTTP client and with requesters in the role of an HTTP server (as defined in [HTTP]), in order to allow an authorizing user to control access to protected resources at that host.

...

A

Anchor
requesting-party
requesting-party
requesting party is a web user, or a corporation (or other legal person), that uses a requester to seek protected resource access on his or her or its own behalf.

Additional terminology

A

Anchor
primary-resource-user
primary-resource-user

...

primary resource user is a web user who uses a user agent (as defined in [HTTP]) to interact with a host in order to use it for resource hosting. The primary resource user may be identical to the authorizing user of the same resource at that host, or they they may be different people.

Discussion

(See the Law.com dictionary for some helpful definitions of legal terms.)

For our purposes in UMA 1.0, an authorizing user is always a natural person (a human being). By contrast, a requesting party may be a natural person (which we may think of as person-to-person sharing, such as "Alice to Bob" with the help of various online services in the middle), or it may be a legal person such as a company (which in typical cases we may think of as person-to-service sharing because the service is run by a corporation or other organization, such as "Alice to a travel website run by Orbitz"). It's possible, though unlikely in the typical case, that Bob will deploy an online service on his own behalf that manages requesting access to a resource of Alice's; in that case, it would be person-to-person just as in the first case. The nature of required claims could be different depending on which kind of sharing is taking place.

...

Where the primary resource user and the authoring user differ, there is likely to be an interaction (invisible to UMA) at the host service that allows (or forces) the primary resource user to designate an authorizing user, and an agreement that the authorizing user acts as the primary resource user's agent or guardian or similar. Do we need to define the term "primary resource user" in the spec itself, if this is the case?

References

Anchor
HTTP
HTTP
[HTTP]
Fielding, Gettys, Mogul, Frystyk, Masinter, Leach, Berners-Lee, "Hypertext Transfer Protocol