...
Terminology in the protocol spec
(This text has now been added to the spec.)
An Anchor
authorizing user: An UMA-defined variant of an [OAuth20] resource owner ("An entity capable of granting access to a protected resource."); a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource on at a host.
A Anchor
protected resource: An access-restricted resource at a host.
host: An UMA-defined variant of an [OAuth20] resource server ("An HTTP server capable of accepting authenticated resource requests using the OAuth protocol.") that enforces access to the protected resources it hosts, as decided by an authorization manager.
token validation URL: The URL at an authorization manager that a host can use to validate an access token.
claim: A statement (in the sense of [IDCclaim]). Claims are conveyed by a requester on behalf of a requesting party to an authorization manager in an attempt to satisfy an authorizing user's policy. (Protected resources may also contain claims, but this is outside the view of the UMA protocol.)
requester: An UMA-defined variant of [OAuth20] client ("An HTTP client capable of making authenticated requests for protected resources using the OAuth protocol.") that seeks access to a protected resource.A
requesting -party Anchor
Additional terminology
A Anchor
primary resource user: A web user who who interacts with a host to store and manage protected resources there. The primary resource user may be identical to the authorizing user of the same resource at that host, or they they may be different people.
Discussion
(See the Law.com dictionary for some helpful definitions of legal terms.)
For our purposes in UMA 1.0, an authorizing user is always a natural person (a human being). By contrast, a requesting party may be a natural person (which we may think of as person-to-person sharing, such as "Alice to Bob" with the help of various online services in the middle), or it may be a legal person such as a company (which we may think of as person-to-service sharing because the service is run by a corporation or other organization, such as "Alice to a travel website run by Orbitz"). It's possible, though unlikely in the typical case, that Bob will deploy an online service on his own behalf that manages requesting access to a resource of Alice's; in that case, it would be person-to-person just as in the first case. The nature of required claims could be different depending on which kind of sharing is taking place.
A claim may be affirmative, representing a statement of fact (as asserted by the requesting or another claim issuer); or promissory, a promise (as asserted by the requesting party specifically to the authorizing user). A statement of fact might be "The requesting party is over 18 years of age." A promise might be "The requesting party will adhere to the specific Creative Commons licensing terms indicated by the AM." There are technical dimensions to expressing and conveying claims, but since UMA strives to provide enforceability of resource-access agreements, there may also be legal dimensions.
In cases where a claim constitutes acceptance of an access-sharing contract offer made by the authorizing user (as presented by the AM as his or her agent in requiring the claim), the authorizing user and requesting party are the parties to the contract, and all other legal or natural persons running UMA-related services involved in managing such access are intermediaries that are not party to the contract (though they might end up being third-party beneficiaries in some cases).
Where the primary resource user and the authoring user differ, there is likely to be an interaction (invisible to UMA) at the host service that allows (or forces) the primary resource user to designate an authorizing user, and an agreement that the authorizing user acts as the primary resource user's agent or guardian or similar.
References
Anchor
Fielding, Gettys, Mogul, Frystyk, Masinter, Leach, Berners-Lee, "Hypertext Transfer ProtocolUMAnitarian: An UMA WG participant.
UMAnize: To make a host UMA-protected. (Thanks to Domenico for that one.)
References
Anchor | ||||
---|---|---|---|---|
|
http://github.com/theRazorBlade/draft-ietf-oauth/raw/master/draft-ietf-oauth.txt
Anchor | ||||
---|---|---|---|---|
|
http://tools.ietf.org/html/draft-hardt-oauth-01
Anchor | ||||
---|---|---|---|---|
|
http://tools.ietf.org/html/draft-hammer-hostmeta
Anchor | ||||
---|---|---|---|---|
|
http://wiki.idcommons.net/Claim