Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Lexicon

Following is a working lexicon, very much subject to change. Some or all of this lexicon may be added to the core protocol specification or other documents.

Issues:

  • Consider broadening authorizing user to authorizing party if we want not to preclude these use cases in future.



An authorizing user is a web user (a natural person) who uses a user agent (as defined in [HTTP]) to configure an AM with access authorization policies and terms, in order to instruct it how to make access decisions when a requester attempts to access a protected resource on a host. An authorizing user is the sole party capable of dictating access authorization terms to a requesting party in the context of an UMA-based interaction.

A protected resource is an access-restricted resource (as defined in [HTTP]) that can be obtained from a host with the authorization of an authorizing user as transmitted in an AM's resource access decision.

An authorization manager (or AM) is an endpoint in the UMA protocol that carries out an authorizing user's instructions governing access to a protected resource by interacting, in the role of an HTTP server (as defined in [HTTP]), with hosts in order to convey resource access decisions and with requesters in order to determine their suitability for access.

An AM application is software that implements an AM.

An AM service is an AM application that is deployed on a network. The legal or natural person(s) who run an AM service are intermediaries that are not involved in stating access authorization terms or making representations.

A representation is a statement of an affirmative or promissory nature that a requesting party makes during its process of seeking access to a protected resource. (See also claim.)

An access authorization term (or term) is a requirement for a requesting party to make a representation to an authorizing user as one condition for access to a protected resource. (See also claim request.)

A claim is the technical expression in the UMA protocol of a representation, conveyed by a requester to an AM.

A claim request is the technical expression in the UMA protocol of an access authorization term, conveyed by an AM to a requester.

An access authorization policy (or policy) is an instruction an authorizing user gives an AM that the AM is capable of applying without requiring a claim from the requester in granting authorization for protected resource access.

A host is an endpoint in the UMA protocol that interacts with AMs in the role of an HTTP client (as defined in [HTTP]) in order to receive and act on protected resource access decisions, and with requesters in the role of an HTTP server (also as defined in [HTTP]) in order to respond to access attempts.

A host application is software that implements a host.

A host service is a host application that is deployed on a network. The legal or natural person(s) who run a host service are intermediaries that are not involved in stating access authorization terms or making representations.

A primary resource user is a web user (a natural person) who uses a user agent (as defined in [HTTP]) to interact with a host service in order to use it for resource hosting. The primary resource user may be identical to the authorizing user of the same resource at that host, or they they may be different people.

A requester is an endpoint in the UMA protocol that interacts with hosts and AMs in the role of an HTTP client (as defined in [HTTP]) to attempt, and receive authorization for, access to a protected resource.

A requester application is software that implements a requester.

A requester service is a requester application that is deployed on a network. The legal or natural person(s) who deploy a requester service may be intermediaries that are not involved in stating access authorization terms or making representations; alternatively, one or them may be a requesting party.

A requesting party is either a legal person (such as a company running a requester service), or a natural person (a web user) who uses a user agent (as defined in [HTTP]) to interact with a requester service, in order to seek protected resource access on his/her/its own behalf. In either case, a requesting party is the sole party capable of making representations to an authorizing user in the context of an UMA-based interaction.

References

[HTTP]
Fielding, Gettys, Mogul, Frystyk, Masinter, Leach, Berners-Lee, "Hypertext Transfer Protocol

  • No labels