Документ взят из кэша поисковой машины. Адрес оригинального документа : http://mirror.msu.net/pub/rfc-editor/internet-drafts/draft-hardjono-oauth-umacore-14.txt Дата изменения: Tue Jan 26 22:27:33 2016 Дата индексирования: Sun Apr 10 07:12:20 2016 Кодировка:

Network Working Group T. Hardjono, Ed.
Internet-Draft MIT
Intended status: Informational E. Maler
Expires: July 29, 2016 ForgeRock
M. Machulak
Cloud Identity
D. Catalano
Oracle
January 26, 2016


User-Managed Access (UMA) Profile of OAuth 2.0
draft-hardjono-oauth-umacore-14

Abstract

User-Managed Access (UMA) is a profile of OAuth 2.0. UMA defines how
resource owners can control protected-resource access by clients
operated by arbitrary requesting parties, where the resources reside
on any number of resource servers, and where a centralized
authorization server governs access based on resource owner policies.

Status of This Memo

This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

This Internet-Draft will expire on July 29, 2016.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents



Hardjono, et al. Expires July 29, 2016 [Page 1]

Internet-Draft UMA Core January 2016


carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. References . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Normative References . . . . . . . . . . . . . . . . . . 3
2.2. Informative References . . . . . . . . . . . . . . . . . 3
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 3

1. Introduction

User-Managed Access (UMA) is a profile of OAuth 2.0 [OAuth2]. UMA
defines how resource owners can control protected-resource access by
clients operated by arbitrary requesting parties, where the resources
reside on any number of resource servers, and where a centralized
authorization server governs access based on resource owner policies.
Resource owners configure authorization servers with access policies
that serve as asynchronous authorization grants.

UMA serves numerous use cases where a resource owner uses a dedicated
service to manage authorization for access to their resources,
potentially even without the run-time presence of the resource owner.
A typical example is the following: a web user (an end-user resource
owner) can authorize a web or native app (a client) to gain one-time
or ongoing access to a protected resource containing his home address
stored at a "personal data store" service (a resource server), by
telling the resource server to respect access entitlements issued by
his chosen cloud-based authorization service (an authorization
server). The requesting party operating the client might be the
resource owner, where the app is run by an e-commerce company that
needs to know where to ship a purchased item, or the requesting party
might be resource owner's friend who is using an online address book
service to collect contact information, or the requesting party might
be a survey company that uses an autonomous web service to compile
population demographics. A variety of use cases can be found in
[UMA-usecases] and [UMA-casestudies].

Please see for the full UMA-Core 1.0 Specification for a complete
description of UMA Core.







Hardjono, et al. Expires July 29, 2016 [Page 2]

Internet-Draft UMA Core January 2016


2. References

2.1. Normative References

[OAuth2] Hardt, D., "The OAuth 2.0 Authorization Framework",
October 2012, .

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
.

[UMAcore] Hardjono, T., Maler, E., Machulak, M., and D. Catalano,
"User-Managed Access (UMA) Profile of OAuth 2.0 Version
1.0.1", December 2015,
v1_0_1.html>.

2.2. Informative References

[UMA-casestudies]
Maler, E., "UMA Case Studies", April 2014,
Case+Studies>.

[UMA-usecases]
Maler, E., "UMA Scenarios and Use Cases", October 2010,
UMA+Scenarios+and+Use+Cases>.

Authors' Addresses

Thomas Hardjono (editor)
MIT

Email: hardjono@mit.edu


Eve Maler
ForgeRock

Email: eve.maler@forgerock.com


Maciej Machulak
Cloud Identity

Email: maciej.machulak@cloudidentity.co.uk



Hardjono, et al. Expires July 29, 2016 [Page 3]

Internet-Draft UMA Core January 2016


Domenico Catalano
Oracle

Email: domenico.catalano@oracle.com















































Hardjono, et al. Expires July 29, 2016 [Page 4]