You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
xmlgrrl opened this issue
Jul 28, 2014
· 4 comments
Labels
APIsecRelated to API security use casescoreRelated to (original UMA1) core spec scope; may use obsolete languagefedauthzRelated to UMA2 Federated Authorization
This is a desirable feature particularly in enterprise settings; Gluu has mentioned this as a potential benefit of UMA for the enterprise. However, it brings up questions of how to how to manage multiple "PATs' worth" of protection over a resource set, how to register a resource set in multiple locations, how to combine permissions deriving from multiple "bearer"-type RPTs, and eve how to combine multiple RPT types.
The text was updated successfully, but these errors were encountered:
I think that this is a very valuable feature and I am in favour of discussing it. Also, you may want to take a look at some preliminary write up about this here (Section 2.4): http://www.cs.ncl.ac.uk/publications/trs/papers/1165.pdf (5 years old, though)
I'm also in favor of discussing this. I'm personally more interested in an "OR" type of trust decision between the AS (e.g., only one of the AS that has registered the resource is needed for decision making) because this is interesting from the failover/contextual (e.g., one of the AS is not reachable) point of view, but I can also think about "AND" scenarios (e.g., the RS needs to evaluate trust based on all of the AS in which it is registered)
APIsecRelated to API security use casescoreRelated to (original UMA1) core spec scope; may use obsolete languagefedauthzRelated to UMA2 Federated Authorization
This is a desirable feature particularly in enterprise settings; Gluu has mentioned this as a potential benefit of UMA for the enterprise. However, it brings up questions of how to how to manage multiple "PATs' worth" of protection over a resource set, how to register a resource set in multiple locations, how to combine permissions deriving from multiple "bearer"-type RPTs, and eve how to combine multiple RPT types.
The text was updated successfully, but these errors were encountered: