Hi Igor-- If you mean enabling (um) Grandma Goldie to delegate child pickup duties to Tom the Taxi Driver after having been herself delegated to pick up the child by Peter Parent, then -- as long as we're focusing on policy-based claims-tested authorization for requesting party access, then UMA would likely treat both cases of delegation as the normal course of business since the UMA host (RS) doesn't care how the current authorizing user (RO) "won" its own access in the first place.
If we're only talking about the realm of client app (UMA requester) identities and not an actual legally liable third party, there are a number of OAuth profiling tricks that can be, and seem to have been, proposed... For folks interested in the use cases with the legally liable parties, you can find a passel of them here: http://docs.kantarainitiative.org/uma/draft-uma-trust.html (particularly the Use Cases section: http://docs.kantarainitiative.org/uma/draft-uma-trust.html#anchor1) http://kantarainitiative.org/confluence/download/attachments/62324760/UMA_Personal_Loan_v01.pdf - explores RO-to-organization sharing in detail These are, of course, in addition to the original (now pretty old) use cases doc I've mentioned on this list before: http://kantarainitiative.org/confluence/display/uma/UMA+Scenarios+and+Use+Cases Eve On 18 Oct 2012, at 9:53 AM, Igor Faynberg <igor.faynb...@alcatel-lucent.com> wrote: > Looks like a good description of a new use case to me! > > Igor > > On 10/17/2012 10:23 PM, zhou.suj...@zte.com.cn wrote: >> >> >> Hi, Thomas, >> >> Sorry for reply late. I somehow missed the emails from OAUTH list. >> >> "What may not be clear up-front from reading the UMA core spec is that >> there are 5 parties involved (AM, Alice/RO, Host, Bob (Requesting >> Party) and Bob's portal/platform (Requester)). >> >> Here's a more accurate picture: >> >> - I deposit my Child at the Kindergarten. >> - I delegate my old Grandmother to pick up the Child. >> - My Grandmother takes a taxi. >> - The taxi Driver acts as proxy to my old Grandmother who stays in the >> taxi. >> - The taxi Driver needs to show 2 forms of Delegation to the Teacher. >> - The Taxi driver walks the Child to the taxi. >> >> Bear in mind that my Grandmother now has to manage the delegation she >> gave the taxi Driver (plus the Scopes involved)." >> >> >> If I understand correctly, old Grandma means Bob the requesting Party, >> the taxi driver means Bob the requester in UMA? >> Not talking about UMA, Bob is not separate between roles in OAUTH, >> so don't have to redelegate in OAUTH? >> >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth Eve Maler http://www.xmlgrrl.com/blog +1 425 345 6756 http://www.twitter.com/xmlgrrl
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
