Hi,
In order to provide some input to the discussion for a clear and
consistent OAuth terminology, I'm sending the terminology used in
User-Managed Access (UMA). A more detailed description can be found
at: http://kantarainitiative.org/confluence/display/uma/Lexicon
Authorizing User: A web user who configures an Authorization Manager
with policies that control how it makes access decisions when a
Requester attempts to access a Protected Resource at a Host.
Authorization Manager (AM): An UMA-defined variant of a WRAP
Authorization Server that carries out an Authorizing User's policies
governing access to a Protected Resource.
Protected Resource: A resource (at a Host) whose access is restricted.
(Note that this differs from WRAP's definition of the same term.)
Host: An UMA-defined variant of, respectively, a WRAP Protected
Resource and WRAP Client, that enforces access to the Protected
Resources it hosts, as decided by an Authorization Manager.
Token Validation URL: The URL at an Authorization Manager that a Host
uses to validate an access token.
Claim: A statement (in the sense of [IDCclaim]). Claims are conveyed
by a Requester on behalf of a Requesting Party to an Authorization
Manager in an attempt to satisfy user policy. (Protected Resources may
also contain Claims, but this is outside the view of the UMA
protocol.)
Requester: An UMA-defined variant of a WRAP Client that seeks access
to a Protected Resource.
Requesting Party: A web user, or a corporation (or other legal
person), that uses a Requester to seek access to a Protected Resource.
Cheers,
Maciej
--
Maciej Machulak
PhD Student, Newcastle University
http://www.trust-economics.org/maciejm
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
