...
- Consider broadening authorizing user to authorizing party if we want not to preclude these use cases in future.
- Note that the word "endpoint" is unnatural for nontechnical readers, particularly in the formulation "endpoint in a protocol". Does this work sufficiently for techies that we don't have to be concerned about others? Does it make sense to talk about actors, roles, players, ...?
- Consider revising "host service user" (depends on custodianship discussion).
An
authorizing user is a web user (a natural person) who
configures uses a user agent (as defined in [HTTP]) to configure an
AM with access authorization
policies and
terms, in order to instruct it how to make access decisions when a
requester attempts to access a
protected resource on a
host. An authorizing user is the sole party capable of dictating
access authorization terms to a
requesting party in the context of an UMA-based interaction.
A
| Anchor |
|---|
| protected-resource |
|---|
| protected-resource |
|---|
|
protected resource is an access-restricted resource (as defined in [
HTTP]) that can be obtained from a
host with the authorization of an
authorizing user, as
carried out by transmitted in an
AM's resource access decision.
An
authorization manager (or
AM) is an endpoint in the UMA protocol that carries out an
authorizing user's policies and terms for resource access instructions governing access to a protected resource by interacting, in the role of an HTTP server (as defined in [
HTTP]), with
hosts in order to convey resource access decisions and with
requesters in order to determine their suitability for access.
...
An
AM service is an
AM application that is deployed on a network. The legal or natural person(s) who run an AM service are intermediaries that are not involved in
demanding stating access authorization terms terms or making
representations. representations.A
| Anchor |
|---|
| representation |
|---|
| representation |
|---|
|
representation is a statement of an affirmative or promissory nature that a requesting party makes during its process of seeking access to a protected resource. (See also claim.)An
| Anchor |
|---|
| access-authz-term |
|---|
| access-authz-term |
|---|
|
access authorization term (or
term) is a requirement for
a requesting party to make a
representation that to an
authorizing user places on a requesting party, receipt of which is generally a condition for authorizing the requesting party's as one condition for access to a
protected resource.
(See also claim request.)A
| Anchor |
|---|
| claim-request |
|---|
| claim-request |
|---|
|
claim request is the technical expression in the UMA protocol of
an access authorization terma representation, conveyed by
an AM to a
requester.A | Anchor |
|---|
representation | representation | representation is a statement of an affirmative or promissory nature that a requesting party makes in response to an authorizing user's access authorization term to an AM.
A
| Anchor |
|---|
| claim-request |
|---|
| claim-request |
|---|
|
claim request is the technical expression in the UMA protocol of
a representationan access authorization term, conveyed
by by
requester to an
AM to a requester.
An
| Anchor |
|---|
| access-authz-policy |
|---|
| access-authz-policy |
|---|
|
access authorization policy (or
policy) is an instruction an
authorizing user gives an
AM that the AM is capable of applying unilaterally in
calculating granting authorization for
access to a protected resource, without receiving claims from a requester access.
A
host is an endpoint in the UMA protocol that interacts with
AMs AMs in the role of an HTTP client (as defined in [
HTTP]) in order to receive and act on access decisions, and with
requesters requesters in the role of an HTTP server (also as defined in [
HTTP]) in order to respond to access attempts.
...
A
host service is a
host application that is deployed on a network. The legal or natural person(s) who run a host service are intermediaries that are not involved in
demanding stating access authorization terms terms or making
representations representations.
A
| Anchor |
|---|
| host-service-user |
|---|
| host-service-user |
|---|
|
host service user is a web user (a natural person) who interacts with a
host service in order to use and configure it for resource hosting. In general, a user of a host service is identical to the
authorizing user of the same resources at that host, but in special cases they may be different people.
A
requester is an endpoint in the UMA protocol that interacts with
hosts hosts and
AMs AMs in the role of an HTTP client (as defined in [
HTTP]) to attempt, and receive authorization for, access to a
protected resource.
...
A
| Anchor |
|---|
| requester-service |
|---|
| requester-service |
|---|
|
requester service is a
requester application that is deployed on a network. The legal or natural person(s) who deploy a requester service may be intermediaries that are not involved in
demanding stating access authorization terms terms or making
representations representations; alternatively,
or one or them may be a
requesting party.
A
| Anchor |
|---|
| requesting-party |
|---|
| requesting-party |
|---|
|
requesting party is either a legal person (such as a company running a
requester service), or a natural person (a web user) who
interacts uses a user agent (as defined in [HTTP]) to interact with a
requester service, in order to seek protected resource access on his/her/its own behalf. In either case, a requesting party is the sole party capable of making
representations representations to an
authorizing user in the context of an UMA-based interaction.
References
[HTTP] Fielding, Gettys, Mogul, Frystyk, Masinter, Leach, Berners-Lee, "Hypertext Transfer Protocol