Thanks, Eve!
Igor
On 10/23/2012 7:36 PM, Eve Maler wrote:
Hi Igor-- If you mean enabling (um) Grandma Goldie to delegate child
pickup duties to Tom the Taxi Driver after having been herself
delegated to pick up the child by Peter Parent, then -- as long as
we're focusing on policy-based claims-tested authorization for
requesting party access, then UMA would likely treat both cases of
delegation as the normal course of business since the UMA host (RS)
doesn't care how the current authorizing user (RO) "won" its own
access in the first place.
If we're only talking about the realm of client app (UMA requester)
identities and not an actual legally liable third party, there are a
number of OAuth profiling tricks that can be, and seem to have been,
proposed...
For folks interested in the use cases with the legally liable parties,
you can find a passel of them here:
http://docs.kantarainitiative.org/uma/draft-uma-trust.html
(particularly the Use Cases section:
http://docs.kantarainitiative.org/uma/draft-uma-trust.html#anchor1)
http://kantarainitiative.org/confluence/download/attachments/62324760/UMA_Personal_Loan_v01.pdf
- explores RO-to-organization sharing in detail
These are, of course, in addition to the original (now pretty old) use
cases doc I've mentioned on this list before:
http://kantarainitiative.org/confluence/display/uma/UMA+Scenarios+and+Use+Cases
Eve
On 18 Oct 2012, at 9:53 AM, Igor Faynberg
<igor.faynb...@alcatel-lucent.com
<mailto:igor.faynb...@alcatel-lucent.com>> wrote:
Looks like a good description of a new use case to me!
Igor
On 10/17/2012 10:23 PM, zhou.suj...@zte.com.cn wrote:
Hi, Thomas,
Sorry for reply late. I somehow missed the emails from OAUTH list.
"What may not be clear up-front from reading the UMA core spec is that
there are 5 parties involved (AM, Alice/RO, Host, Bob (Requesting
Party) and Bob's portal/platform (Requester)).
Here's a more accurate picture:
- I deposit my Child at the Kindergarten.
- I delegate my old Grandmother to pick up the Child.
- My Grandmother takes a taxi.
- The taxi Driver acts as proxy to my old Grandmother who stays in the
taxi.
- The taxi Driver needs to show 2 forms of Delegation to the Teacher.
- The Taxi driver walks the Child to the taxi.
Bear in mind that my Grandmother now has to manage the delegation she
gave the taxi Driver (plus the Scopes involved)."
If I understand correctly, old Grandma means Bob the requesting Party,
the taxi driver means Bob the requester in UMA?
Not talking about UMA, Bob is not separate between roles in OAUTH,
so don't have to redelegate in OAUTH?
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
