Abstract
This document contains non-normative release notes produced by the User-Managed Access Work Group explaining how new versions of the UMA specifications differ from previous ones.
...
Resource Descriptions Lose uri Parameter
(?) tbs
Non-OAuth-Based Errors Removed Where Possible
(304) tbs
Enabled Requesting Multiple Permissions and Permissions With Zero Scopes
(317, ?) tbs
scopes Parameter in Resource Description Document Renamed to resource_scopes
(318) tbs
permissions Claim in Token Introspection Object Must Be Used
(322) If token introspection is used (see Options to Validate Token Locally Explicitly Allowed), the introspection object can no longer be extended to replace the permissions claim with an entirely different structure.
...
Previously, the security considerations around accepting policy-setting context information from an incompletely trusted AS were not covered. Now they cover the user_access_policy_uri property, which is the only policy-setting context information passed from AS to RS. (185) (RSR Sec 4)
Specification Reorganizations
The specifications, particularly Core Sec 3, were reorganized in the fashion of OpenID Connect, with the goal of giving a subsection to every request and response message. Other notable changes include:
...
| Anchor | ||||
|---|---|---|---|---|
|
Following is a catalog of notable changes to the specifications in the pre-V1.0 timeframe.
Core Changes
Internet-Draft Rev 11 to Rev 12
...