Make it possible to apply the protections of multiple AS permissions over a single resource set at the RS #95
Comments
|
I think that this is a very valuable feature and I am in favour of discussing it. Also, you may want to take a look at some preliminary write up about this here (Section 2.4): http://www.cs.ncl.ac.uk/publications/trs/papers/1165.pdf (5 years old, though) |
|
I'm also in favor of discussing this. I'm personally more interested in an "OR" type of trust decision between the AS (e.g., only one of the AS that has registered the resource is needed for decision making) because this is interesting from the failover/contextual (e.g., one of the AS is not reachable) point of view, but I can also think about "AND" scenarios (e.g., the RS needs to evaluate trust based on all of the AS in which it is registered) |
|
We agreed on UMA telecon 2014-12-11 that this is not critical for V1.0. |
xmlgrrl
added
APIsec
|
Note that #260 is relevant to this issue. (I'm going to remove the "V1.1" label since we didn't publish a V1.1.) |
This is a desirable feature particularly in enterprise settings; Gluu has mentioned this as a potential benefit of UMA for the enterprise. However, it brings up questions of how to how to manage multiple "PATs' worth" of protection over a resource set, how to register a resource set in multiple locations, how to combine permissions deriving from multiple "bearer"-type RPTs, and eve how to combine multiple RPT types.
The text was updated successfully, but these errors were encountered: