...
Part of the UMA WG's work is overtly technical, and part of the work explores other layers of the BLT (business-legal-technical) sandwich. The documents here reflect work in these other areas, many produced by the ad hoc "legal subgroup" (subgroup notes are here). The overall goal of the subgroup: Accelerate adoption and reduce inhibitors in a business context.
(A few additional artifacts are available on the WG's GitHub wiki.)
Mission
The animating mission of the legal subgroup in 2015:
...
- RO-RqP: Can Alice trust Bob with access to her stuff? If she wants to impose "purpose of use limitations" using business-legal vs. (extra-UMA) technical methods, will they stand up?
- RS-AS: Can the host of sensitive information trust a service that promises to do the job of protecting that information? This is roughly akin to the challenges of federated authentication, only for authorization. A difference is that in circumstances in which the RO chooses their own AS, there are elements of this arrangement the RS can't protest about (but still some elements they can).
- RO-AS: Can Alice trust a service to do as she bids when it comes to protecting her stuff, if she didn't personally hand-code it? (Can consent receipts help?)
- AS-OAuth client apps: Last and potentially least in importance for now: Can the authorization server rely on the OAuth clients sufficiently to provision them with credentials? This includes both UMA RS's and UMA clients (see this diagram for an explication of how this works).
Model Text
The model text work is being encoded in the CommonAccord.org system. CommonAccord is:
"...an initiative to create global codes of legal transacting by codifying and automating legal documents, including contracts, permits, organizational documents, and consents. We anticipate that there will be codes for each jurisdiction, in each language. For international dealings and coordination, there will be at least one "global" code."
Here is the "alpha" draft model text.