Hi, In order to provide some input to the discussion for a clear and consistent OAuth terminology, I'm sending the terminology used in User-Managed Access (UMA). A more detailed description can be found at: http://kantarainitiative.org/confluence/display/uma/Lexicon
Authorizing User: A web user who configures an Authorization Manager with policies that control how it makes access decisions when a Requester attempts to access a Protected Resource at a Host. Authorization Manager (AM): An UMA-defined variant of a WRAP Authorization Server that carries out an Authorizing User's policies governing access to a Protected Resource. Protected Resource: A resource (at a Host) whose access is restricted. (Note that this differs from WRAP's definition of the same term.) Host: An UMA-defined variant of, respectively, a WRAP Protected Resource and WRAP Client, that enforces access to the Protected Resources it hosts, as decided by an Authorization Manager. Token Validation URL: The URL at an Authorization Manager that a Host uses to validate an access token. Claim: A statement (in the sense of [IDCclaim]). Claims are conveyed by a Requester on behalf of a Requesting Party to an Authorization Manager in an attempt to satisfy user policy. (Protected Resources may also contain Claims, but this is outside the view of the UMA protocol.) Requester: An UMA-defined variant of a WRAP Client that seeks access to a Protected Resource. Requesting Party: A web user, or a corporation (or other legal person), that uses a Requester to seek access to a Protected Resource. Cheers, Maciej -- Maciej Machulak PhD Student, Newcastle University http://www.trust-economics.org/maciejm _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
