Page Comparison

...

One set of OAuth 2.0 URI endpoints for the host to use
One set of OAuth 2.0 URI endpoints for any requester to use
The location of the token verification API for the host to verify access tokens received from a requester in step 3.
(The format of the access tokens to use)
(The format of the claims formats the AM can generate)

Note

title	XRD vs. JRDTODOs

We might want to define that JRD can be used optionally, too.

The Property elements SHOULD be present in the hostmeta document:

Note

title	to be clarified later

Property type	Cardinality	Meaning of Property element value
http://kantarainitiative.org/confluence/display/uma/token_formats	One or more	Access token format produced by this AM. Options are (@@TBS).
http://kantarainitiative.org/confluence/display/uma/claim_formats	Zero or more	Claim format supported by this AM. Options are (@@TBS).

Link relationships for the OAuth 2.0 endpoints for the host:

Rel	Cardinality	HTTP Method(s)	Description
http://kantarainitiative.org/confluence/display/uma/host_user_uri	Required	As defined by OAuth	Supplies the OAuth user_uri endpoint hosts should use to gather the consent of the authorizing user for a host-AM relationship.
http://kantarainitiative.org/confluence/display/uma/host_token_uri	Required	As defined by OAuth	Supplies the OAuth token_uri endpoint hosts should use to ask for a host access token.	http://kantarainitiative.org/confluence/display/uma/host_resource_details_uri	Required	POST (with host access token)	Supplies the UMA endpoint hosts should use to provide details about the authorizing user's resources being protected at this host. MUST use HTTPS.
http://kantarainitiative.org/confluence/display/uma/host_token_validation_uri	Optional	POST (with host access token)	Supplies the UMA endpoint hosts should use to request validation of access tokens presented to them by requesters in Step 3. MUST use HTTPS.

Link relationships for the OAuth 2.0 endpoints for the requester:

Rel	Cardinality	HTTP Method(s)	Description
http://kantarainitiative.org/confluence/display/uma/req_user_uri	Required	As defined by OAuth	Supplies the OAuth user_uri endpoint requesters should use to gather the consent of the authorizing user for user delegation flows in synchronous person-to-service sharing scenarios.
http://kantarainitiative.org/confluence/display/uma/req_token_uri	Required	As defined by OAuth	Supplies the OAuth token_uri endpoint requesters should use to ask for an access token in Step 2.

Info

title

...

An example

...

Code Block

	xml
	xml


<!-- Applies to both hosts and requesters -->
<Property type="http://kantarainitiative.org/confluence/display/uma/token_formats">saml</Property>
<Property type="http://kantarainitiative.org/confluence/display/uma/claim_formats">json</Property>

<!-- Host "authorization API" -->
<Link rel="http://kantarainitiative.org/confluence/display/uma/host_token_uri"
      href="https://am.example.com/host/token_uri"></Link>
<Link rel="http://kantarainitiative.org/confluence/display/uma/host_user_uri"
      href="https://am.example.com/host/user

_uri"></Link> <Link rel="http://kantarainitiative.org/confluence/display/uma/host_resource_details_uri" href="https://am.example.com/host/resource_details

_uri"></Link>
<Link rel="http://kantarainitiative.org/confluence/display/uma/host_token_validation_uri"
      href="https://am.example.com/host/token_validation_uri"></Link>

<!-- Requester token-getting endpoints -->
<Link rel="http://kantarainitiative.org/confluence/display/uma/req_token_uri"
      href="https://am.example.com/requester/token_uri"></Link>
<Link rel="http://kantarainitiative.org/confluence/display/uma/req_user_uri"
      href="https://am.example.com/requester/user_uri"></Link>

Host obtains authorizing user's consent to trust AM for access decisions

...

Versions Compared

Old Version 1

New Version 2

Key

Host obtains authorizing user's consent to trust AM for access decisions