Versions Compared

Old Version 5

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 6

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UMA Release Notes

Abstract 

...

Previously, little was said about privacy implications of requesting party claims being transmitted to the AS. Now this section has been greatly expanded. (211) (Core Sec 8.2)

Changes Affecting Resource Server (+Client) Implementations

Following are specification changes in V1.0.1 that affect resource servers, and possibly clients that interact with them as well (denoted with (+Client) in the title).

...

Previously, the security considerations around accepting policy-setting context information from an incompletely trusted AS were not covered. Now they cover the user_access_policy_uri property, which is the only policy-setting context information passed from AS to RS. (185) (RSR Sec 4)

Specification Reorganizations

The specifications, particularly Core Sec 3, were reorganized in the fashion of OpenID Connect, with the goal of giving a subsection to every request and response message. Other notable changes include:

...

V1.0 sections (black) are presented in original Table of Contents order, mapped to their corresponding draft V1.0.1 sections (green). (links tbd)

 Core Specification Reorganization

...

8.2. Client Authentication (go)
7.2 Client Authentication (go)

8.3. JSON Usage (go)
7.3 JSON Usage (go)

8.4. Profiles, Binding Obligations, and Trust Establishment (go)
7.4 Profiles and Trust Establishment (go)

n/a
7.4.1 Requirements for Trust When Clients Push Claim Tokens (go)

9. Privacy Considerations (go)
8. Privacy Considerations (go)
8.1 Resource Set Information at the Authorization Server
8.2 Requesting Party Information at the Authorization Server
8.3 Profiles and Trust Establishment

10. IANA Considerations (go)
9. IANA Considerations (go)

10.1. JSON Web Token Claims Registration (go)
10.1.1. Registry Contents
9.1 JSON Web Token Claims Registration (go)
9.1.1 Registry Contents

n/a
9.2 OAuth Token Introspection Response Registration (go)
9.2.1 Registry Contents

10.2. Well-Known URI Registration (go)
10.2.1. Registry Contents
9.3 Well-Known URI Registration (go)
9.3.1 Registry Contents

11. Acknowledgments (go)
10. Acknowledgments (go)

12. References (go)
12.1. Normative References
12.2. Informative References
11. References (go)
11.1 Normative References
11.2 Informative References

RSR Specification Reorganization

Found in RSR V1.0 (go)
Find in RSR draft V1.0.1 (go)

1. Introduction (go)
1.1. Notational Conventions
1.2. Terminology
1.3. Authorization Server Configuration Data
1. Introduction (go)
1.1 Notational Conventions
1.2 Terminology
1.3 Authorization Server Configuration Data

2. Resource Set Registration (go)
2. Resource Set Registration (go)

2.1. Scope Descriptions (go)
2.1.1 Scope Descriptions (go)

n/a
2.1.2 Scope Interpretation (go)

2.2. Resource Set Descriptions (go)
2.1 Resource Set Descriptions

2.3. Resource Set Registration API (go)
2.3.1. Create Resource Set Description
2.3.2. Read Resource Set Description
2.3.3. Update Resource Set Description
2.3.4. Delete Resource Set Description
2.3.5. List Resource Set Descriptions
2.2 Resource Set Registration API (go)
2.2.1 Create Resource Set Description
2.2.2 Read Resource Set Description
2.2.3 Update Resource Set Description
2.2.4 Delete Resource Set Description
2.2.5 List Resource Set Descriptions

3. Error Messages (go)
4. Security Considerations
5. Privacy Considerations
6. IANA Considerations
7. Example of Registering Resource Sets
8. Acknowledgments
9. References
9.1. Normative References
9.2. Informative References
3. Error Messages (go)
4. Security Considerations
5. Privacy Considerations
6. IANA Considerations
7. Example of Registering Resource Sets
8. Acknowledgments
9. References
9.1 Normative References
9.2 Informative References


...