...
The following diagram attempts to summarize the options for parties, as discussed below.
For our purposes in UMA 1.0, an authorizing user is always a natural person (a human being). We foresee use cases where the authorizing party could be a non-human, but our 1.0 scope sticks to human beings in this role to ensure that we think about how to craft the user experience for this person (who is the all-important "user" in UMA!). An authorizing user may set policies at the AM that end up legally binding him/her, depending on the claims coming from the requesting party in response.
A requesting party may be either a natural person or a legal person. Legal persons are symbolized in the diagram by "factories", evoking a company or other organization.
The AM and requester protocol endpoints, the software that implements them, and the services that deploy them are just tools to help the parties get to a desired result. However, the requesting party "behind" these tools is a party that may be held legally responsible for any claims made to the authorizing user. Thus, some legal person such as a company may operate the service that hosts or requests a resource, or offers authorization services.
Here are the choices for requesting party:
...