/Docs/G/Kantara/UMA-Text-CmA/0.md
Source views: Source JSON(ish) on GitHub (VSCode) Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray

(Title = Summary of Model Clauses and Supporting Terminology for Parties Serving in (UMA = UMA)
Roles)

(Terminology.Sec = (Terminology.Title = Terminology)
(Terminology.Text =
1. (Terminology.Terms.Sec = (Terminology.Terms.Title = Terms)
  
  (Terminology.Terms.Text = (Terminology.Terms.Introduction.sec = This framework uses the following terms. Where terms are used without capitalization and are not otherwise defined in the [UMAcore], they are used in their normal sense.)
  (Terminology.Terms.Individual.DT =
  (Terminology.Terms.Individual.Term = (Individual = Individual)
  )
  (Terminology.Terms.Individual.Definition = A natural person (that is, a human being) with the capacity to take on contractual duties and obligations as a participant in an (UMA = UMA)
  interaction. )
  )
  (Terminology.Terms.Legal_Person.DT =
  (Terminology.Terms.Legal_Person.Term = (Legal_Person = Legal Person)
  )
  (Terminology.Terms.Legal_Person.Definition = A legal entity to which the law ascribes the ability to contract, such as a corporation, partnership, agency or government.)
  )
  (Terminology.Terms.Person.DT =
  (Terminology.Terms.Person.Term = (Person = Person)
  )
  (Terminology.Terms.Person.Definition = An (Individual = Individual)
  or (Legal_Person = Legal Person)
  . (Persons = Persons)
  play various roles in achieving and seeking user-managed access, and the same (Person = Person)
  might serve in multiple contractual roles.)
  )
  (Terminology.Terms.Conformance.DT =
  (Terminology.Terms.Conformance.Term = (Conformance = Conformance)
  )
  (Terminology.Terms.Conformance.Definition = Claimed adherence of a running software program or service to the requirements of one or more of the roles "authorization server", "resource server", or "client", as defined in [UMAcore]. Software components play various roles in participating in the technical interactions necessary to achieve and seek user-managed access, and the same software component might serve in multiple technical roles. )
  )
  (Terminology.Terms.Resource_Subject.DT =
  (Terminology.Terms.Resource_Subject.Term = (Resource_Subject = Resource Subject)
  )
  (Terminology.Terms.Resource_Subject.Definition = The (Person = Person)
  to whom a digital data resource relates.)
  )
  (Terminology.Terms.Grantor.DT =
  (Terminology.Terms.Grantor.Term = (Grantor = Grantor)
  )
  (Terminology.Terms.Grantor.Definition = The (Person = Person)
  who manages access to a digital data resource, either as its (Resource_Subject = Resource Subject)
  or on that (Person = Person)
  's behalf.)
  )
  (Terminology.Terms.Authorization_Server.DT =
  (Terminology.Terms.Authorization_Server.Term = (Authorization_Server = Authorization Server)
  )
  (Terminology.Terms.Authorization_Server.Definition = A software service that fills the "authorization server" role as defined in [UMAcore]. )
  )
  (Terminology.Terms.Authorization_Server_Operator.DT =
  (Terminology.Terms.Authorization_Server_Operator.Term = (Authorization_Server_Operator = Authorization Server Operator)
  )
  (Terminology.Terms.Authorization_Server_Operator.Definition = A (Person = Person)
  responsible for running and operating an (Authorization_Server = Authorization Server)
  . )
  )
  (Terminology.Terms.Resource_Server.DT =
  (Terminology.Terms.Resource_Server.Term = (Resource_Server = Resource Server)
  )
  (Terminology.Terms.Resource_Server.Definition = A software service that fills the "resource server" role as defined in [UMAcore]. )
  )
  (Terminology.Terms.Resource_Server_Operator.DT =
  (Terminology.Terms.Resource_Server_Operator.Term = (Resource_Server_Operator = Resource Server Operator)
  )
  (Terminology.Terms.Resource_Server_Operator.Definition = A (Person = Person)
  responsible for running and operating a (Resource_Server = Resource Server)
  .)
  )
  (Terminology.Terms.Client.DT =
  (Terminology.Terms.Client.Term = (Client = Client)
  )
  (Terminology.Terms.Client.Definition = A software application or service that fills the "client" role as defined in [UMAcore]. )
  )
  (Terminology.Terms.Client_Operator.DT =
  (Terminology.Terms.Client_Operator.Term = (Client_Operator = Client Operator)
  )
  (Terminology.Terms.Client_Operator.Definition = A (Person = Person)
  responsible for running and operating a (Client = Client)
  . )
  )
  (Terminology.Terms.Requesting_Party.DT =
  (Terminology.Terms.Requesting_Party.Term = (Requesting_Party = Requesting Party)
  )
  (Terminology.Terms.Requesting_Party.Definition = A (Person = Person)
  that uses a (Client = Client)
  to seek access to a protected resource. This (Person = Person)
  may be an (Individual = Individual)
  or an (Legal_Person = Legal Person)
  . The (Requesting_Party = Requesting Party)
  and the (Grantor = Grantor)
  may be the same (Person = Person)
  or different (Persons = Persons)
  . )
  )
  (Terminology.Terms.Requesting_Party_Agent.DT =
  (Terminology.Terms.Requesting_Party_Agent.Term = (Requesting_Party_Agent = Requesting Party Agent)
  )
  (Terminology.Terms.Requesting_Party_Agent.Definition = A (Person = Person)
  using a (Client = Client)
  to seek access to a protected resource on behalf of a (Requesting_Party = Requesting Party)
  . Typically this (Person = Person)
  is an (Individual = Individual)
  acting on behalf of an (Legal_Person = Legal Person)
  . )
  )
  )
  )
2. (Terminology.Abbreviations.Sec = (Terminology.Abbreviations.Title = Abbreviations)
  
  (Terminology.Abbreviations.Text = (Terminology.Abbreviations.Introduction.sec = This framework uses the following abbreviations.)
  (Terminology.Abbreviations.UMA.DT =
  (Terminology.Abbreviations.UMA.Term = (UMA = UMA)
  )
  (Terminology.Abbreviations.UMA.Definition = User-Managed Access, the interoperability protocol defined by in [UMAcore] and the other specifications it includes normatively by reference. )
  )
  (Terminology.Abbreviations.API.DT =
  (Terminology.Abbreviations.API.Term = (API = API)
  )
  (Terminology.Abbreviations.API.Definition = Application programming interface. )
  )
  (Terminology.Abbreviations.PAT.DT =
  (Terminology.Abbreviations.PAT.Term = (PAT = PAT)
  )
  (Terminology.Abbreviations.PAT.Definition = Protection (API = API)
  token, as defined in [UMAcore]. )
  )
  (Terminology.Abbreviations.AAT.DT =
  (Terminology.Abbreviations.AAT.Term = (AAT = AAT)
  )
  (Terminology.Abbreviations.AAT.Definition = Authorization (API = API)
  token, as defined in [UMAcore]. )
  )
  (Terminology.Abbreviations.RPT.DT =
  (Terminology.Abbreviations.RPT.Term = (RPT = RPT)
  )
  (Terminology.Abbreviations.RPT.Definition = Requesting party token, as defined in [UMAcore]. )
  )
  )
  )
)
)
(RqP.Sec = (RqP.Title = Obligations of the (Requesting_Party = Requesting Party)
)
(RqP.Text =
1. (RqP.AP.Adhere-to-Terms.Sec = (RqP.AP.Adhere-to-Terms.Title = (Requesting_Party = Requesting Party)
  -(Authorizing_Party = (Grantor = Grantor)
  )
  : Adhere-to-Terms)
  
  (RqP.AP.Adhere-to-Terms.Text = (RqP.AP.Adhere-to-Terms.Condition = When the (Client = Client)
  successfully gains access from a (Resource_Server = Resource Server)
  to a protected resource by wielding a valid "bearer" (RPT = RPT)
  associated with at least one currently valid permission for the type of access sought)
  , (RqP.AP.Adhere-to-Terms.Parties = the (Requesting_Party = Requesting Party)
  using that (Client = Client)
  gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
  )
  )
  (RqP.AP.Adhere-to-Terms.Duty = (RqP.AP.Adhere-to-Terms.Duty.1 = to adhere to any terms it agreed to in order to gain the permission)
  )
  .)
  )
2. (RqP.ASO.Supply-Truthful-Claims.Sec = (RqP.ASO.Supply-Truthful-Claims.Title = (Requesting_Party = Requesting Party)
  -(Authorization_Server_Operator = Authorization Server Operator)
  : Supply-Truthful-Claims)
  
  (RqP.ASO.Supply-Truthful-Claims.Text = (RqP.ASO.Supply-Truthful-Claims.Condition = When the (Authorization_Server = Authorization Server)
  issues an (AAT = AAT)
  to a (Client = Client)
  and for as long as the (AAT = AAT)
  is valid)
  , (RqP.ASO.Supply-Truthful-Claims.Parties = the (Requesting_Party = Requesting Party)
  using that (Client = Client)
  gains an obligation to the (Authorization_Server_Operator = Authorization Server Operator)
  )
  (RqP.ASO.Supply-Truthful-Claims.Duty = (RqP.ASO.Supply-Truthful-Claims.Duty.1 = to supply or facilitate access to truthful claims required for access authorization at this (Authorization_Server = Authorization Server)
  , when it chooses to supply them, to the best of its knowledge at the time it supplies them)
  )
  .)
  )
3. (RqP.RSO.Is-Legitimate-Bearer.Sec = (RqP.RSO.Is-Legitimate-Bearer.Title = (Requesting_Party = Requesting Party)
  -(Resource_Server_Operator = Resource Server Operator)
  : Is-Legitimate-Bearer)
  
  (RqP.RSO.Is-Legitimate-Bearer.Text = (RqP.RSO.Is-Legitimate-Bearer.Condition = When the (Authorization_Server = Authorization Server)
  issues an (RPT = RPT)
  to a (Client = Client)
  and for as long as the (RPT = RPT)
  is valid)
  , (RqP.RSO.Is-Legitimate-Bearer.Parties = the (Requesting_Party = Requesting Party)
  using that (Client = Client)
  gains an obligation to the (Resource_Server_Operator = Resource Server Operator)
  )
  (RqP.RSO.Is-Legitimate-Bearer.Duty = (RqP.RSO.Is-Legitimate-Bearer.Duty.1 = to represent the legitimate bearer of the (RPT = RPT)
  or its authorized representative, and not to allow others to impersonate the (Requesting_Party = Requesting Party)
  )
  )
  .)
  )
)
)
(RSO.Sec = (RSO.Title = Obligations of the (Resource_Server_Operator = Resource Server Operator)
)
(RSO.Text =
1. (RSO.AP.Delegate-Protection.Sec = (RSO.AP.Delegate-Protection.Title = (Resource_Server_Operator = Resource Server Operator)
  -(Authorizing_Party = (Grantor = Grantor)
  )
  : Delegate-Protection)
  
  (RSO.AP.Delegate-Protection.Text = (RSO.AP.Delegate-Protection.Condition = For the period that the (Resource_Server_Operator = Resource Server Operator)
  and (Authorizing_Party = (Grantor = Grantor)
  )
  have mutually agreed to serve in these respective roles for each other)
  , (RSO.AP.Delegate-Protection.Parties = the (Resource_Server_Operator = Resource Server Operator)
  gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
  )
  )
  (RSO.AP.Delegate-Protection.Duty = (RSO.AP.Delegate-Protection.Duty.1 = to delegate protection services to the (Authorization_Server_Operator = Authorization Server Operator)
  for the set of protectable resources for which it represents this capability to the (Authorizing_Party = (Grantor = Grantor)
  )
  , and to respect the authorization data that the (Authorization_Server = Authorization Server)
  has associated with an (RPT = RPT)
  when the (Resource_Server = Resource Server)
  subsequently allows or disallows access by the (Client = Client)
  that presented that (RPT = RPT)
  )
  )
  .)
  )
2. (RSO.ASO.Register-Accurately-and-Timely.Sec = (RSO.ASO.Register-Accurately-and-Timely.Title = (Resource_Server_Operator = Resource Server Operator)
  to (Authorizing_Party = (Grantor = Grantor)
  )
  and (Authorization_Server_Operator = Authorization Server Operator)
  : Register-Accurately-and-Timely)
  
  (RSO.ASO.Register-Accurately-and-Timely.Text = (RSO.ASO.Register-Accurately-and-Timely.Condition = For the period that the (Resource_Server_Operator = Resource Server Operator)
  and (Authorizing_Party = (Grantor = Grantor)
  )
  have mutually agreed to serve in these respective roles for each other, in the context of a particular (Authorization_Server_Operator = Authorization Server Operator)
  )
  , (RSO.ASO.Register-Accurately-and-Timely.Parties = the (Resource_Server_Operator = Resource Server Operator)
  gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
  )
  and the (Authorization_Server_Operator = Authorization Server Operator)
  )
  (RSO.ASO.Register-Accurately-and-Timely.Duty = (RSO.ASO.Register-Accurately-and-Timely.Duty.1 = to register resource set descriptions accurately and timely and according to the (Authorizing_Party = (Grantor = Grantor)
  )
  ’s expressed instructions for protection if any)
  )
  .)
  )
3. (RSO.ASO.Respect-Permissions.Sec = (RSO.ASO.Respect-Permissions.Title = (Resource_Server_Operator = Resource Server Operator)
  -(Authorization_Server_Operator = Authorization Server Operator)
  : Respect-Permissions)
  
  (RSO.ASO.Respect-Permissions.Text = (RSO.ASO.Respect-Permissions.Condition = For the period that the (Resource_Server_Operator = Resource Server Operator)
  and (Authorization_Server_Operator = Authorization Server Operator)
  have mutually agreed to serve in these respective roles for each other)
  , (RSO.ASO.Respect-Permissions.Parties = the (Resource_Server_Operator = Resource Server Operator)
  gains an obligation to the (Authorization_Server_Operator = Authorization Server Operator)
  )
  (RSO.ASO.Respect-Permissions.Duty = (RSO.ASO.Respect-Permissions.Duty.1 = to disallow access by a (Client = Client)
  presenting an (RPT = RPT)
  in all cases where the authorization data associated by the (Authorization_Server = Authorization Server)
  is insufficient for the access attempt.)
  )
  .)
  )
)
)
(ASO.Sec = (ASO.Title = Obligations of the (Authorization_Server_Operator = Authorization Server Operator)
)
(ASO.Text =
1. (ASO.AP.Follow-Policies-Accurately-and-Timely.Sec = (ASO.AP.Follow-Policies-Accurately-and-Timely.Title = (Authorization_Server_Operator = Authorization Server Operator)
  -(Authorizing_Party = (Grantor = Grantor)
  )
  : Follow-Policies-Accurately-and-Timely)
  
  (ASO.AP.Follow-Policies-Accurately-and-Timely.Text = (ASO.AP.Follow-Policies-Accurately-and-Timely.Condition = When the (Authorization_Server = Authorization Server)
  issues a (PAT = PAT)
  to a (Resource_Server = Resource Server)
  and as long as the (PAT = PAT)
  is valid)
  , (ASO.AP.Follow-Policies-Accurately-and-Timely.Parties = the (Authorization_Server_Operator = Authorization Server Operator)
  gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
  )
  )
  (ASO.AP.Follow-Policies-Accurately-and-Timely.Duty = (ASO.AP.Follow-Policies-Accurately-and-Timely.Duty.1 = to adhere to the (Authorizing_Party = (Grantor = Grantor)
  )
  's policies accurately and timely in granting permissions)
  )
  .)
  )
2. (ASO.RSO.Follow-Policies-Accurately-and-Timely.Sec = (ASO.RSO.Follow-Policies-Accurately-and-Timely.Title = (Authorization_Server_Operator = Authorization Server Operator)
  -(Resource_Server_Operator = Resource Server Operator)
  : Follow-Policies-Accurately-and-Timely)
  
  (ASO.RSO.Follow-Policies-Accurately-and-Timely.Text = (ASO.RSO.Follow-Policies-Accurately-and-Timely.Condition = When the (Resource_Server = Resource Server)
  registers a requested permission at the (Authorization_Server = Authorization Server)
  )
  , (ASO.RSO.Follow-Policies-Accurately-and-Timely.Parties = the (Authorization_Server_Operator = Authorization Server Operator)
  gains an obligation to the (Resource_Server_Operator = Resource Server Operator)
  )
  (ASO.RSO.Follow-Policies-Accurately-and-Timely.Duty = (ASO.RSO.Follow-Policies-Accurately-and-Timely.Duty.1 = to adhere to the (Authorizing_Party = (Grantor = Grantor)
  )
  ’s authorization policies accurately and timely in associating authorization data with (RPTs = RPTs)
  presented with the registered permission's ticket)
  )
  .)
  )
3. (ASO.RqP.Request-Limited-Claims.Sec = (ASO.RqP.Request-Limited-Claims.Title = (Authorization_Server_Operator = Authorization Server Operator)
  -(Requesting_Party = Requesting Party)
  : Request-Limited-Claims)
  
  (ASO.RqP.Request-Limited-Claims.Text = (ASO.RqP.Request-Limited-Claims.Condition = When the (Authorization_Server = Authorization Server)
  issues an (AAT = AAT)
  to a (Client = Client)
  and as long as the (AAT = AAT)
  is valid)
  , (ASO.RqP.Request-Limited-Claims.Parties = the (Authorization_Server_Operator = Authorization Server Operator)
  gains an obligation to the (Requesting_Party = Requesting Party)
  )
  (ASO.RqP.Request-Limited-Claims.Duty = (ASO.RqP.Request-Limited-Claims.Duty.1 = to request only claims that support the purpose of satisfying an (Authorizing_Party = (Grantor = Grantor)
  )
  's policy)
  )
  .)
  )
)
)
(AuthzP.Sec = (AuthzP.Title = Obligations of the (Authorizing_Party = (Grantor = Grantor)
)
)
(AuthzP.Text =
1. (AuthzP.RqP.Adhere-to-Terms.Sec = (AuthzP.RqP.Adhere-to-Terms.Title = (Authorizing_Party = (Grantor = Grantor)
  )
  -(Requesting_Party = Requesting Party)
  : Adhere-to-Terms)
  
  (AuthzP.RqP.Adhere-to-Terms.Text = (AuthzP.RqP.Adhere-to-Terms.Condition = When the (Authorization_Server = Authorization Server)
  responds positively to a (Client = Client)
  's request for authorization)
  , (AuthzP.RqP.Adhere-to-Terms.Parties = the (Authorizing_Party = (Grantor = Grantor)
  )
  gains an obligation to the (Requesting_Party = Requesting Party)
  using that (Client = Client)
  )
  (AuthzP.RqP.Adhere-to-Terms.Duty = (AuthzP.RqP.Adhere-to-Terms.Duty.1 = to adhere to the terms offered to and accepted by the (Requesting_Party = Requesting Party)
  in the form of requests for claims driven by the (Authorizing_Party = (Grantor = Grantor)
  )
  's policy at the (Authorization_Server = Authorization Server)
  )
  )
  .)
  )
2. (AuthzP.ASO.Introduce-Resource-Server.Sec = (AuthzP.ASO.Introduce-Resource-Server.Title = (Authorizing_Party = (Grantor = Grantor)
  )
  -(Authorization_Server_Operator = Authorization Server Operator)
  : Introduce-Resource-Server)
  
  (AuthzP.ASO.Introduce-Resource-Server.Text = (AuthzP.ASO.Introduce-Resource-Server.Condition = When the (Authorization_Server = Authorization Server)
  issues a (PAT = PAT)
  to a (Resource_Server = Resource Server)
  and as long as the (PAT = PAT)
  is valid)
  , (AuthzP.ASO.Introduce-Resource-Server.Parties = the (Authorizing_Party = (Grantor = Grantor)
  )
  gains an obligation to the (Authorization_Server_Operator = Authorization Server Operator)
  )
  (AuthzP.ASO.Introduce-Resource-Server.Duty = (AuthzP.ASO.Introduce-Resource-Server.Duty.1 = to introduce the desired (Resource_Server = Resource Server)
  to this (Authorization_Server = Authorization Server)
  in outsourcing protection of this (Resource_Server = Resource Server)
  's resources)
  )
  .)
  )
3. (AuthzP.RSO.Introduce-Authorization-Server.Sec = (AuthzP.RSO.Introduce-Authorization-Server.Title = (Authorizing_Party = (Grantor = Grantor)
  )
  -(Resource_Server_Operator = Resource Server Operator)
  : Introduce-Authorization-Server)
  
  (AuthzP.RSO.Introduce-Authorization-Server.Text = (AuthzP.RSO.Introduce-Authorization-Server.Condition = When the (Authorization_Server = Authorization Server)
  issues a (PAT = PAT)
  to a (Resource_Server = Resource Server)
  and as long as the (PAT = PAT)
  is valid)
  , (AuthzP.RSO.Introduce-Authorization-Server.Parties = the (Authorizing_Party = (Grantor = Grantor)
  )
  gains an obligation to the (Resource_Server_Operator = Resource Server Operator)
  )
  (AuthzP.RSO.Introduce-Authorization-Server.Duty = (AuthzP.RSO.Introduce-Authorization-Server.Duty.1 = to introduce the desired (Authorization_Server = Authorization Server)
  to this (Resource_Server = Resource Server)
  in outsourcing protection of this (Resource_Server = Resource Server)
  's resources)
  )
  .)
  )
)
)

(Title = Summary of Model Clauses and Supporting Terminology for Parties Serving in (UMA = UMA) Roles)

(Title = Summary of Model Clauses and Supporting Terminology for Parties Serving in (UMA = UMA)
Roles)