{table-plus:autoNumber=true}





|| Epic title || Story title || _as a\(n)..._ || _I want to..._ || _so that..._ || Category || Backlog || Depends on || How to measure || Comments ||
| *Introduce host and AM* | (epic) | As an authorizing user... | I want to tell each of my hosts which AM I want it to use... | so that I can control the selective sharing of resources at a variety of my hosts from one place. | UX | 1.0 | | User can choose an arbitrary AM dynamically (optional), or can select among whichever preconfigured AMs the host finds acceptable. | [R1|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements] |
| Introduce host and AM | *Discover AM metadata* | As a host... | I want to discover an AM's UMA endpoints dynamically... | so that I can begin offering resource protection services to my user using whatever AM they prefer. | Protocol | 1.0 | | Host uses AM address to construct and dereference a hostmeta address. AM hostmeta contains sufficient UMA endpoint data to get started. | [Core spec|http://mrtopf.clprojects.net/uma/draft-uma-core.html] step 1 |
| Introduce host and AM | *Obtain user authorization for host-AM introduction* | As a host... | I want to obtain my user's consent to use their chosen AM for resource protection... | so that I can interact with the AM securely on behalf of my user in offering this protection. | Protocol | 1.0 | Get client credentials as host (story) | Host gets host access token and optional refresh token from AM through user authorization using the OAuth 2.0 web server profile. | [Core spec|http://mrtopf.clprojects.net/uma/draft-uma-core.html] step 1 |
| *Authenticate to AM as a client* | (epic) | As an AM... | I want to securely distinguish each host and requester... | so that I can track their interactions with me, and enable my authorizing user to track such interactions, over time. | Protocol | 1.0 | | AM can keep an accurate record of which host or requester has approached it in each instance, correlating by client ID. | [Dyn reg spec|http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-00] |
| Authenticate to AM as a client | *Issue client credentials* | As an AM... | I want to assign unique OAuth client IDs and optional secrets to each host and requester... | so that I can uniquely and securely distinguish individual hosts and requesters when they approach me on behalf of any of their respective users. | Protocol | 1.0 | | Host or requester either statically acquires a client ID and optional secret (out of band), or dynamically acquires them from an AM endpoint meant for this purpose. | [Dyn reg spec|http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-00] |
| Authenticate to AM as a client | *Require client identification and authentication* | As an AM... | I want to securely identify and authenticate hosts and requesters that approach me for an access token or other interaction... | so that I can track interactions with them accurately. | Security | 1.0 | | Host or requester presents client ID and secret (when one has been issued) to AM when interacting with it. Host or requester does this only over a protected channel such as SSL. | [Core spec|http://mrtopf.clprojects.net/uma/draft-uma-core.html] step 1 (host), step 2 (requester) |
| Authenticate to AM as a client | _Impersonate a client_ | As a malicious entity... | I want to fraudulently obtain and use a legitimate host's or requester's client credentials at an AM... | so that I can impersonate it in interacting with that AM, hopefully leading to fraudulent access authorization or other malicious behavior. | Security | 1.0 | | AM issues a client secret in cases where client authentication is important (out of band in static registration cases). Host or requester acquires client secret only over a protected channel such as SSL (out of band in static registration cases). Host or requester protects client secret at rest (out of band). Host or requester presents client ID and secret (when one has been issued) to AM only over a protected channel such as SSL when interacting with it. | [Core spec|http://mrtopf.clprojects.net/uma/draft-uma-core.html] step 1 (host), step 2 (requester); [dyn reg spec|http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-00] |
| *Share resources selectively* | (epic) | As an authorizing user... | I want to set up selective sharing of one or a set of resources residing at any of my hosts on the web... | so that I can ensure the resources are shared only with parties I choose, and only in ways I choose, allowing me to track sharing using a single "hub". | UX | 1.0 | Introduce host and AM (epic) | User can select desired resources, scoping, operative policies and terms, and any requesting-party constraints in some fashion. User can track sharing and policy details from one place. | [R0a|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements] |
| Share resources selectively | *AM-manage resource without sharing* | As an authorizing user... | I want to indicate that a scoped resource is entirely "hidden" from view... | so that I can protect it without worrying about unauthorized access, and decide later at my leisure who to give access to. | UX | 1.0 | | User can put a host's resource under AM protection/management in such a way as to attach a "do not share" policy to it. User can track authorization attempts through the AM. User can later attach a different policy that allows access authorizations. | [R0b|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements] |
| Share resources selectively | *AM-manage resource without protection* | As an authorizing user... | I want to indicate that a scoped resource is AM-managed but "public"... | so that I can gain the ability to track access from a single "hub" without having to constrain access, and easily change my mind about constraining access later. | UX | 1.0 | | User can put a host's resource under AM protection/management in such a way as to attach a "share with all" policy to it. User can track authorization events through the AM. User can later attach a different policy that allows different or fewer access authorizations. | [R0b|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements] |
| Share resources selectively | *Register scopes* | As a host... | I want to convey to an AM that my user wants it to protect access to one or more scopes of access to the resources I host on the user's behalf... | so that I can offer sophisticated access control features to my user without having to perform the complexities of access authorization myself. | Protocol | 1.0 | | Host registers scope details at AM, presensting host access token to do so. AM retains a correct representation of these details. AM can map policies to host-specific scopes on the authorizing user's instructions. | [R4|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements], [resource reg|http://kantarainitiative.org/pipermail/wg-uma/attachments/20101111/da84d6ca/attachment-0001.pdf] proposal |
| Share resources selectively | *Check which scopes are registered* | As a host... | I want to get confirmation from an AM which scopes it thinks are registered on behalf of one of my users... | so that I can mitigate the risks of getting out of synchronization with the AM. | Protocol | 1.0 | Register scopes (story) | Host can retrieve currently registered scopes on a user's behalf. Host can subsequently register scopes as a corrective action. | [Resource reg|http://kantarainitiative.org/pipermail/wg-uma/attachments/20101111/da84d6ca/attachment-0001.pdf] proposal |
| Share resources selectively | *Request registration of resources and available scopes* | As an AM... | I want to request resource registration details from a host directly... | so that any changes the user has made to resources at the host since the last time they visited the AM will be automatically picked up for policy mapping here. | Protocol | Pending | | User changes to resources (such as deletion of resources or addition of new resources intended to be protected) performed solely by interaction with the host are reflected in AM's representation of which resources at that host are protected with which policies.  AM can automatically attach policies to resources that did not exist when user originally directed AM to attach policies to related resources at the same host. | No consensus to solve this in 1.0 |
| Share resources selectively | *Attach a policy to several resources at multiple hosts* | As an authorizing user... | I want to selectively share several scoped resources, possibly residing at multiple hosts, under the same policy regime... | so that I can unify my management and monitoring of access authorization of all of the resources as a set. | UX | 1.0 | | AM associates chosen policy with multiple scoped resources. Access authorization to any of the resources is granted to the same set of requesting parties under the same conditions, such as presenting the same claims (by value) in satisfying identical claims requests. | |
| Share resources selectively | *Set up selective sharing efficiently* | As an authorizing user... | I want to indicate how I want to share a resource solely while visiting the host of that resource... | so that I can share resources in the most efficient and friction-free way possible. | UX | Pending | | Host maps selected resources to scopes in some AM-independent way. Host conveys to AM only the scopes under that AM's protection, not specific resource knowledge. | Originally known as ["Problem B"|http://kantarainitiative.org/confluence/display/uma/UMA+F2F+2010-11-01] |
| Share resources selectively | *Change policy* | As an authorizing user... | I want to modify the policy that applies to a scoped resource... | so that I can ensure that access to the resource is exactly as broad or narrow as I wish as my needs change. | UX | 1.0 | | AM provides a feature for user to modify policies and map different policies to scoped resources. | [R0c|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements] |
| Share resources selectively | *Allow user to change policy* | As an AM... | I want to allow my user to modify the policy that applies to a scoped resource I manage... | so that I can be responsive in offering the level of selective sharing the user wants. | Protocol | 1.0 | | AM changes the criteria for issuing access and refresh tokens as soon as the policy is changed. AM invalidates all existing refresh tokens and requires requesters to re-qualify. (@@correct? what about scope upgrades etc.?) | |
| Share resources selectively | *Stop access to resources* | As an authorizing user... | I want to stop further access to one or more of my resources... | so that I can remediate access problems, protect resources that suddenly become sensitive, or choose to become a more private person. | UX | 1.0 | | AM provides a feature for user to revoke authorization to specific requesting parties immediately. | [R0c|http://kantarainitiative.org/confluence/display/uma/UMA+Requirements] |
| Share resources selectively | *Allow user to stop access to resources* | As an AM... | I want to allow my user to stop further access to one or more scoped resources I manage... | so that I can be responsive in offering the level of selective sharing the user wants. | Protocol | 1.0 | | AM invalidates all existing refresh tokens. (@@correct? enough?) | |
| -- | *Extract promises* | As an authorizing user... | I want to associate required promises with a policy applying to a scoped resource... | so that I can extract enforceable promises from requesting parties regarding their access to that resource. | UX | 1.0 | | User can set up one or more promises as required claims associated with a policy that gets associated with a resource. | |
| | *Require promissory claims* | As an AM... | I want to require promissory claims to be conveyed by a requester from a requesting party... | so that I can authorize access only for requesting parties that meet my authorizing user's requirement for promises. | Protocol | 1.0 | | AM generates only the claims-required messages that match the user's policy instructions and correctly assesses the status (sufficient or insufficient) of any claims returned in response. | |
| -- | *Reserve authorization management to the host* | As a host... | I want to control which of a user's resources are available for AM protection/management or not... | so that, for liability, legacy, or practicality reasons, I can retain control over some portion of access authorization management over those resources. | UX | 1.0 | Share resources selectively (epic) | Host can unilaterally discriminate between AM-manageable resources and non-AM-manageable resources (out of band). | |
| -- | *Authenticate to AM as user* | As an AM... | I want to authenticate my authorizing user... | so that this user's interactions with me are kept private and secure. | UX | 1.0 | | The correct user can access their own AM settings and preferences. Other users can't access that user's settings and preferences. | |
| -- | _Obtain fraudulent access_ | As a malicious requester... | I want to fraudulently obtain an access token meant for a legitimate requester and use it at a host... | so that I can gain access to a protected resource to which I do not have rightful access authorization. | Security | 1.0 | | Requester to which an access token has been issued is correlated with requester which uses that access token so that a different requester can't successfully use it. | |
{table-plus}