Obviously this is just the highest-level sketch of what needs to happen! This needs to be fleshed out. (E.g., the wrap_scope format could be reused here, without any wildcards.)
Also, are we concerned that a malicious host could lie about the attempted resource and method? The only consequence seems to be "false negatives" in managing authorized access, in which case the user would get unhappy pretty quickly.
Finally, note that if the host does not have a back channel to ask the AM this question, it will have to rely on PKI in order to validate the AM's signature if the environment is truly loosely coupled a la UMA, or the host and AM would have to have an extremely tightly coupled relationship of some other kind. These seem to be the only choices, none of which WRAP actually specifies. To date, it seems to assume the last one (e.g., a single business domain runs many services that depend on a centralized authorization server). Is this back-channel validation useful as a generalized mechanism in WRAP for loose coupling that avoids PKI, beyond UMA's particular needs?