UMA Release Notes
Abstract
...
Previously, little was said about privacy implications of requesting party claims being transmitted to the AS. Now this section has been greatly expanded. (211) (Core Sec 8.2)
Changes Affecting Resource Server (+Client) Implementations
Following are specification changes in V1.0.1 that affect resource servers, and possibly clients that interact with them as well (denoted with (+Client) in the title).
...
Previously, the security considerations around accepting policy-setting context information from an incompletely trusted AS were not covered. Now they cover the user_access_policy_uri
property, which is the only policy-setting context information passed from AS to RS. (185) (RSR Sec 4)
Specification Reorganizations
The specifications, particularly Core Sec 3, were reorganized in the fashion of OpenID Connect, with the goal of giving a subsection to every request and response message. Other notable changes include:
...
V1.0 sections (black) are presented in original Table of Contents order, mapped to their corresponding draft V1.0.1 sections (green). (links tbd)
Core Specification Reorganization
...
8.2. Client Authentication (go)
7.2 Client Authentication (go)
8.3. JSON Usage (go)
7.3 JSON Usage (go)
8.4. Profiles, Binding Obligations, and Trust Establishment (go)
7.4 Profiles and Trust Establishment (go)
n/a
7.4.1 Requirements for Trust When Clients Push Claim Tokens (go)
9. Privacy Considerations (go)
8. Privacy Considerations (go)
8.1 Resource Set Information at the Authorization Server
8.2 Requesting Party Information at the Authorization Server
8.3 Profiles and Trust Establishment
10. IANA Considerations (go)
9. IANA Considerations (go)
10.1. JSON Web Token Claims Registration (go)
10.1.1. Registry Contents
9.1 JSON Web Token Claims Registration (go)
9.1.1 Registry Contents
n/a
9.2 OAuth Token Introspection Response Registration (go)
9.2.1 Registry Contents
10.2. Well-Known URI Registration (go)
10.2.1. Registry Contents
9.3 Well-Known URI Registration (go)
9.3.1 Registry Contents
11. Acknowledgments (go)
10. Acknowledgments (go)
12. References (go)
12.1. Normative References
12.2. Informative References
11. References (go)
11.1 Normative References
11.2 Informative References
RSR Specification Reorganization
Found in RSR V1.0 (go)
Find in RSR draft V1.0.1 (go)
1. Introduction (go)
1.1. Notational Conventions
1.2. Terminology
1.3. Authorization Server Configuration Data
1. Introduction (go)
1.1 Notational Conventions
1.2 Terminology
1.3 Authorization Server Configuration Data
2. Resource Set Registration (go)
2. Resource Set Registration (go)
2.1. Scope Descriptions (go)
2.1.1 Scope Descriptions (go)
n/a
2.1.2 Scope Interpretation (go)
2.2. Resource Set Descriptions (go)
2.1 Resource Set Descriptions
2.3. Resource Set Registration API (go)
2.3.1. Create Resource Set Description
2.3.2. Read Resource Set Description
2.3.3. Update Resource Set Description
2.3.4. Delete Resource Set Description
2.3.5. List Resource Set Descriptions
2.2 Resource Set Registration API (go)
2.2.1 Create Resource Set Description
2.2.2 Read Resource Set Description
2.2.3 Update Resource Set Description
2.2.4 Delete Resource Set Description
2.2.5 List Resource Set Descriptions
3. Error Messages (go)
4. Security Considerations
5. Privacy Considerations
6. IANA Considerations
7. Example of Registering Resource Sets
8. Acknowledgments
9. References
9.1. Normative References
9.2. Informative References
3. Error Messages (go)
4. Security Considerations
5. Privacy Considerations
6. IANA Considerations
7. Example of Registering Resource Sets
8. Acknowledgments
9. References
9.1 Normative References
9.2 Informative References
...