Abstract
This document is a non-normative set of auxiliary material produced by the User-Managed Access Work Group. It provides advice to, and discussions relevant to, developers and deployers of UMA-enabled software systems, services, and applications.
...
Although authorization assessment is an internal process performed by the authorization server, in UMA V2.0 it gains a large degree of normative precision. This section explains, using symbolic set math. (tbs – NEEDS REVIEW)
Define a superset S of all possible assignable scopes to protected resources in a UMA context.
Let s be an element of S (s ∈ S). Define the following subsets of S:
- A = ClientRegistered = {s, scopes pre-registered at AS by client , s.t. s ∈ S}, A ⊆ S;
- B = ClientRequested = {s, scopes requested at AS by client, s.t. s ∈ S}, B ⊆ S;
- C = PermissionTicket = {s, scopes requested at AS by RS on behalf of client, s.t. s ∈ S}, C ⊆ S;
- D = RSRegistered = {s, scopes registered at AS by RS with a protected resource, s.t. s ∈ S}, D ⊆ S;
Calculate the set RequestedScopes (E) as follows:
- E = RequestedScopes = PermissionTicket ∪ (ClientRegistered ∩ ClientRequested);
- E = C ∪ (A ∩ B);
(tbs – INSERT VENN)
Define set SatisfiedPolicyCondition (F) as the set of all scopes for which the client satisfies all relevant policy conditions at the AS.
- F = Satisfied = (tbs...)
...
Anchor | ||||
---|---|---|---|---|
|
...