/Docs/G/Kantara/UMA-Text-CmA/0.md
Source views: Source JSON(ish) on GitHub (VSCode) Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
(Title = Summary of Model Clauses and Supporting Terminology for Parties Serving in (UMA = UMA)
Roles)
- (Terminology.Sec = (Terminology.Title = Terminology)
(Terminology.Text = - (Terminology.Terms.Sec = (Terminology.Terms.Title = Terms)
(Terminology.Terms.Text = (Terminology.Terms.Introduction.sec = This framework uses the following terms. Where terms are used without capitalization and are not otherwise defined in the [UMAcore], they are used in their normal sense.)
(Terminology.Terms.Individual.DT = - (Terminology.Terms.Individual.Term = (Individual = Individual)
)
- (Terminology.Terms.Individual.Definition = A natural person (that is, a human being) with the capacity to take on contractual duties and obligations as a participant in an (UMA = UMA)
interaction. )
)
(Terminology.Terms.Legal_Person.DT = - (Terminology.Terms.Legal_Person.Term = (Legal_Person = Legal Person)
)
- (Terminology.Terms.Legal_Person.Definition = A legal entity to which the law ascribes the ability to contract, such as a corporation, partnership, agency or government.)
)
(Terminology.Terms.Person.DT = - (Terminology.Terms.Person.Term = (Person = Person)
)
- (Terminology.Terms.Person.Definition = An (Individual = Individual)
or (Legal_Person = Legal Person)
. (Persons = Persons)
play various roles in achieving and seeking user-managed access, and the same (Person = Person)
might serve in multiple contractual roles.)
)
(Terminology.Terms.Conformance.DT = - (Terminology.Terms.Conformance.Term = (Conformance = Conformance)
)
- (Terminology.Terms.Conformance.Definition = Claimed adherence of a running software program or service to the requirements of one or more of the roles "authorization server", "resource server", or "client", as defined in [UMAcore]. Software components play various roles in participating in the technical interactions necessary to achieve and seek user-managed access, and the same software component might serve in multiple technical roles. )
)
(Terminology.Terms.Resource_Subject.DT = - (Terminology.Terms.Resource_Subject.Term = (Resource_Subject = Resource Subject)
)
- (Terminology.Terms.Resource_Subject.Definition = The (Person = Person)
to whom a digital data resource relates.)
)
(Terminology.Terms.Grantor.DT = - (Terminology.Terms.Grantor.Term = (Grantor = Grantor)
)
- (Terminology.Terms.Grantor.Definition = The (Person = Person)
who manages access to a digital data resource, either as its (Resource_Subject = Resource Subject)
or on that (Person = Person)
's behalf.)
)
(Terminology.Terms.Authorization_Server.DT = - (Terminology.Terms.Authorization_Server.Term = (Authorization_Server = Authorization Server)
)
- (Terminology.Terms.Authorization_Server.Definition = A software service that fills the "authorization server" role as defined in [UMAcore]. )
)
(Terminology.Terms.Authorization_Server_Operator.DT = - (Terminology.Terms.Authorization_Server_Operator.Term = (Authorization_Server_Operator = Authorization Server Operator)
)
- (Terminology.Terms.Authorization_Server_Operator.Definition = A (Person = Person)
responsible for running and operating an (Authorization_Server = Authorization Server)
. )
)
(Terminology.Terms.Resource_Server.DT = - (Terminology.Terms.Resource_Server.Term = (Resource_Server = Resource Server)
)
- (Terminology.Terms.Resource_Server.Definition = A software service that fills the "resource server" role as defined in [UMAcore]. )
)
(Terminology.Terms.Resource_Server_Operator.DT = - (Terminology.Terms.Resource_Server_Operator.Term = (Resource_Server_Operator = Resource Server Operator)
)
- (Terminology.Terms.Resource_Server_Operator.Definition = A (Person = Person)
responsible for running and operating a (Resource_Server = Resource Server)
.)
)
(Terminology.Terms.Client.DT = - (Terminology.Terms.Client.Term = (Client = Client)
)
- (Terminology.Terms.Client.Definition = A software application or service that fills the "client" role as defined in [UMAcore]. )
)
(Terminology.Terms.Client_Operator.DT = - (Terminology.Terms.Client_Operator.Term = (Client_Operator = Client Operator)
)
- (Terminology.Terms.Client_Operator.Definition = A (Person = Person)
responsible for running and operating a (Client = Client)
. )
)
(Terminology.Terms.Requesting_Party.DT = - (Terminology.Terms.Requesting_Party.Term = (Requesting_Party = Requesting Party)
)
- (Terminology.Terms.Requesting_Party.Definition = A (Person = Person)
that uses a (Client = Client)
to seek access to a protected resource. This (Person = Person)
may be an (Individual = Individual)
or an (Legal_Person = Legal Person)
. The (Requesting_Party = Requesting Party)
and the (Grantor = Grantor)
may be the same (Person = Person)
or different (Persons = Persons)
. )
)
(Terminology.Terms.Requesting_Party_Agent.DT = - (Terminology.Terms.Requesting_Party_Agent.Term = (Requesting_Party_Agent = Requesting Party Agent)
)
- (Terminology.Terms.Requesting_Party_Agent.Definition = A (Person = Person)
using a (Client = Client)
to seek access to a protected resource on behalf of a (Requesting_Party = Requesting Party)
. Typically this (Person = Person)
is an (Individual = Individual)
acting on behalf of an (Legal_Person = Legal Person)
. )
)
)
)
- (Terminology.Abbreviations.Sec = (Terminology.Abbreviations.Title = Abbreviations)
(Terminology.Abbreviations.Text = (Terminology.Abbreviations.Introduction.sec = This framework uses the following abbreviations.)
(Terminology.Abbreviations.UMA.DT = - (Terminology.Abbreviations.UMA.Term = (UMA = UMA)
)
- (Terminology.Abbreviations.UMA.Definition = User-Managed Access, the interoperability protocol defined by in [UMAcore] and the other specifications it includes normatively by reference. )
)
(Terminology.Abbreviations.API.DT = - (Terminology.Abbreviations.API.Term = (API = API)
)
- (Terminology.Abbreviations.API.Definition = Application programming interface. )
)
(Terminology.Abbreviations.PAT.DT = - (Terminology.Abbreviations.PAT.Term = (PAT = PAT)
)
- (Terminology.Abbreviations.PAT.Definition = Protection (API = API)
token, as defined in [UMAcore]. )
)
(Terminology.Abbreviations.AAT.DT = - (Terminology.Abbreviations.AAT.Term = (AAT = AAT)
)
- (Terminology.Abbreviations.AAT.Definition = Authorization (API = API)
token, as defined in [UMAcore]. )
)
(Terminology.Abbreviations.RPT.DT = - (Terminology.Abbreviations.RPT.Term = (RPT = RPT)
)
- (Terminology.Abbreviations.RPT.Definition = Requesting party token, as defined in [UMAcore]. )
)
)
)
)
)
- (RqP.Sec = (RqP.Title = Obligations of the (Requesting_Party = Requesting Party)
)
(RqP.Text = - (RqP.AP.Adhere-to-Terms.Sec = (RqP.AP.Adhere-to-Terms.Title = (Requesting_Party = Requesting Party)
-(Authorizing_Party = (Grantor = Grantor)
)
: Adhere-to-Terms)
(RqP.AP.Adhere-to-Terms.Text = (RqP.AP.Adhere-to-Terms.Condition = When the (Client = Client)
successfully gains access from a (Resource_Server = Resource Server)
to a protected resource by wielding a valid "bearer" (RPT = RPT)
associated with at least one currently valid permission for the type of access sought)
, (RqP.AP.Adhere-to-Terms.Parties = the (Requesting_Party = Requesting Party)
using that (Client = Client)
gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
)
)
(RqP.AP.Adhere-to-Terms.Duty = (RqP.AP.Adhere-to-Terms.Duty.1 = to adhere to any terms it agreed to in order to gain the permission)
)
.)
)
- (RqP.ASO.Supply-Truthful-Claims.Sec = (RqP.ASO.Supply-Truthful-Claims.Title = (Requesting_Party = Requesting Party)
-(Authorization_Server_Operator = Authorization Server Operator)
: Supply-Truthful-Claims)
(RqP.ASO.Supply-Truthful-Claims.Text = (RqP.ASO.Supply-Truthful-Claims.Condition = When the (Authorization_Server = Authorization Server)
issues an (AAT = AAT)
to a (Client = Client)
and for as long as the (AAT = AAT)
is valid)
, (RqP.ASO.Supply-Truthful-Claims.Parties = the (Requesting_Party = Requesting Party)
using that (Client = Client)
gains an obligation to the (Authorization_Server_Operator = Authorization Server Operator)
)
(RqP.ASO.Supply-Truthful-Claims.Duty = (RqP.ASO.Supply-Truthful-Claims.Duty.1 = to supply or facilitate access to truthful claims required for access authorization at this (Authorization_Server = Authorization Server)
, when it chooses to supply them, to the best of its knowledge at the time it supplies them)
)
.)
)
- (RqP.RSO.Is-Legitimate-Bearer.Sec = (RqP.RSO.Is-Legitimate-Bearer.Title = (Requesting_Party = Requesting Party)
-(Resource_Server_Operator = Resource Server Operator)
: Is-Legitimate-Bearer)
(RqP.RSO.Is-Legitimate-Bearer.Text = (RqP.RSO.Is-Legitimate-Bearer.Condition = When the (Authorization_Server = Authorization Server)
issues an (RPT = RPT)
to a (Client = Client)
and for as long as the (RPT = RPT)
is valid)
, (RqP.RSO.Is-Legitimate-Bearer.Parties = the (Requesting_Party = Requesting Party)
using that (Client = Client)
gains an obligation to the (Resource_Server_Operator = Resource Server Operator)
)
(RqP.RSO.Is-Legitimate-Bearer.Duty = (RqP.RSO.Is-Legitimate-Bearer.Duty.1 = to represent the legitimate bearer of the (RPT = RPT)
or its authorized representative, and not to allow others to impersonate the (Requesting_Party = Requesting Party)
)
)
.)
)
)
)
- (RSO.Sec = (RSO.Title = Obligations of the (Resource_Server_Operator = Resource Server Operator)
)
(RSO.Text = - (RSO.AP.Delegate-Protection.Sec = (RSO.AP.Delegate-Protection.Title = (Resource_Server_Operator = Resource Server Operator)
-(Authorizing_Party = (Grantor = Grantor)
)
: Delegate-Protection)
(RSO.AP.Delegate-Protection.Text = (RSO.AP.Delegate-Protection.Condition = For the period that the (Resource_Server_Operator = Resource Server Operator)
and (Authorizing_Party = (Grantor = Grantor)
)
have mutually agreed to serve in these respective roles for each other)
, (RSO.AP.Delegate-Protection.Parties = the (Resource_Server_Operator = Resource Server Operator)
gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
)
)
(RSO.AP.Delegate-Protection.Duty = (RSO.AP.Delegate-Protection.Duty.1 = to delegate protection services to the (Authorization_Server_Operator = Authorization Server Operator)
for the set of protectable resources for which it represents this capability to the (Authorizing_Party = (Grantor = Grantor)
)
, and to respect the authorization data that the (Authorization_Server = Authorization Server)
has associated with an (RPT = RPT)
when the (Resource_Server = Resource Server)
subsequently allows or disallows access by the (Client = Client)
that presented that (RPT = RPT)
)
)
.)
)
- (RSO.ASO.Register-Accurately-and-Timely.Sec = (RSO.ASO.Register-Accurately-and-Timely.Title = (Resource_Server_Operator = Resource Server Operator)
to (Authorizing_Party = (Grantor = Grantor)
)
and (Authorization_Server_Operator = Authorization Server Operator)
: Register-Accurately-and-Timely)
(RSO.ASO.Register-Accurately-and-Timely.Text = (RSO.ASO.Register-Accurately-and-Timely.Condition = For the period that the (Resource_Server_Operator = Resource Server Operator)
and (Authorizing_Party = (Grantor = Grantor)
)
have mutually agreed to serve in these respective roles for each other, in the context of a particular (Authorization_Server_Operator = Authorization Server Operator)
)
, (RSO.ASO.Register-Accurately-and-Timely.Parties = the (Resource_Server_Operator = Resource Server Operator)
gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
)
and the (Authorization_Server_Operator = Authorization Server Operator)
)
(RSO.ASO.Register-Accurately-and-Timely.Duty = (RSO.ASO.Register-Accurately-and-Timely.Duty.1 = to register resource set descriptions accurately and timely and according to the (Authorizing_Party = (Grantor = Grantor)
)
’s expressed instructions for protection if any)
)
.)
)
- (RSO.ASO.Respect-Permissions.Sec = (RSO.ASO.Respect-Permissions.Title = (Resource_Server_Operator = Resource Server Operator)
-(Authorization_Server_Operator = Authorization Server Operator)
: Respect-Permissions)
(RSO.ASO.Respect-Permissions.Text = (RSO.ASO.Respect-Permissions.Condition = For the period that the (Resource_Server_Operator = Resource Server Operator)
and (Authorization_Server_Operator = Authorization Server Operator)
have mutually agreed to serve in these respective roles for each other)
, (RSO.ASO.Respect-Permissions.Parties = the (Resource_Server_Operator = Resource Server Operator)
gains an obligation to the (Authorization_Server_Operator = Authorization Server Operator)
)
(RSO.ASO.Respect-Permissions.Duty = (RSO.ASO.Respect-Permissions.Duty.1 = to disallow access by a (Client = Client)
presenting an (RPT = RPT)
in all cases where the authorization data associated by the (Authorization_Server = Authorization Server)
is insufficient for the access attempt.)
)
.)
)
)
)
- (ASO.Sec = (ASO.Title = Obligations of the (Authorization_Server_Operator = Authorization Server Operator)
)
(ASO.Text = - (ASO.AP.Follow-Policies-Accurately-and-Timely.Sec = (ASO.AP.Follow-Policies-Accurately-and-Timely.Title = (Authorization_Server_Operator = Authorization Server Operator)
-(Authorizing_Party = (Grantor = Grantor)
)
: Follow-Policies-Accurately-and-Timely)
(ASO.AP.Follow-Policies-Accurately-and-Timely.Text = (ASO.AP.Follow-Policies-Accurately-and-Timely.Condition = When the (Authorization_Server = Authorization Server)
issues a (PAT = PAT)
to a (Resource_Server = Resource Server)
and as long as the (PAT = PAT)
is valid)
, (ASO.AP.Follow-Policies-Accurately-and-Timely.Parties = the (Authorization_Server_Operator = Authorization Server Operator)
gains an obligation to the (Authorizing_Party = (Grantor = Grantor)
)
)
(ASO.AP.Follow-Policies-Accurately-and-Timely.Duty = (ASO.AP.Follow-Policies-Accurately-and-Timely.Duty.1 = to adhere to the (Authorizing_Party = (Grantor = Grantor)
)
's policies accurately and timely in granting permissions)
)
.)
)
- (ASO.RSO.Follow-Policies-Accurately-and-Timely.Sec = (ASO.RSO.Follow-Policies-Accurately-and-Timely.Title = (Authorization_Server_Operator = Authorization Server Operator)
-(Resource_Server_Operator = Resource Server Operator)
: Follow-Policies-Accurately-and-Timely)
(ASO.RSO.Follow-Policies-Accurately-and-Timely.Text = (ASO.RSO.Follow-Policies-Accurately-and-Timely.Condition = When the (Resource_Server = Resource Server)
registers a requested permission at the (Authorization_Server = Authorization Server)
)
, (ASO.RSO.Follow-Policies-Accurately-and-Timely.Parties = the (Authorization_Server_Operator = Authorization Server Operator)
gains an obligation to the (Resource_Server_Operator = Resource Server Operator)
)
(ASO.RSO.Follow-Policies-Accurately-and-Timely.Duty = (ASO.RSO.Follow-Policies-Accurately-and-Timely.Duty.1 = to adhere to the (Authorizing_Party = (Grantor = Grantor)
)
’s authorization policies accurately and timely in associating authorization data with (RPTs = RPTs)
presented with the registered permission's ticket)
)
.)
)
- (ASO.RqP.Request-Limited-Claims.Sec = (ASO.RqP.Request-Limited-Claims.Title = (Authorization_Server_Operator = Authorization Server Operator)
-(Requesting_Party = Requesting Party)
: Request-Limited-Claims)
(ASO.RqP.Request-Limited-Claims.Text = (ASO.RqP.Request-Limited-Claims.Condition = When the (Authorization_Server = Authorization Server)
issues an (AAT = AAT)
to a (Client = Client)
and as long as the (AAT = AAT)
is valid)
, (ASO.RqP.Request-Limited-Claims.Parties = the (Authorization_Server_Operator = Authorization Server Operator)
gains an obligation to the (Requesting_Party = Requesting Party)
)
(ASO.RqP.Request-Limited-Claims.Duty = (ASO.RqP.Request-Limited-Claims.Duty.1 = to request only claims that support the purpose of satisfying an (Authorizing_Party = (Grantor = Grantor)
)
's policy)
)
.)
)
)
)
- (AuthzP.Sec = (AuthzP.Title = Obligations of the (Authorizing_Party = (Grantor = Grantor)
)
)
(AuthzP.Text = - (AuthzP.RqP.Adhere-to-Terms.Sec = (AuthzP.RqP.Adhere-to-Terms.Title = (Authorizing_Party = (Grantor = Grantor)
)
-(Requesting_Party = Requesting Party)
: Adhere-to-Terms)
(AuthzP.RqP.Adhere-to-Terms.Text = (AuthzP.RqP.Adhere-to-Terms.Condition = When the (Authorization_Server = Authorization Server)
responds positively to a (Client = Client)
's request for authorization)
, (AuthzP.RqP.Adhere-to-Terms.Parties = the (Authorizing_Party = (Grantor = Grantor)
)
gains an obligation to the (Requesting_Party = Requesting Party)
using that (Client = Client)
)
(AuthzP.RqP.Adhere-to-Terms.Duty = (AuthzP.RqP.Adhere-to-Terms.Duty.1 = to adhere to the terms offered to and accepted by the (Requesting_Party = Requesting Party)
in the form of requests for claims driven by the (Authorizing_Party = (Grantor = Grantor)
)
's policy at the (Authorization_Server = Authorization Server)
)
)
.)
)
- (AuthzP.ASO.Introduce-Resource-Server.Sec = (AuthzP.ASO.Introduce-Resource-Server.Title = (Authorizing_Party = (Grantor = Grantor)
)
-(Authorization_Server_Operator = Authorization Server Operator)
: Introduce-Resource-Server)
(AuthzP.ASO.Introduce-Resource-Server.Text = (AuthzP.ASO.Introduce-Resource-Server.Condition = When the (Authorization_Server = Authorization Server)
issues a (PAT = PAT)
to a (Resource_Server = Resource Server)
and as long as the (PAT = PAT)
is valid)
, (AuthzP.ASO.Introduce-Resource-Server.Parties = the (Authorizing_Party = (Grantor = Grantor)
)
gains an obligation to the (Authorization_Server_Operator = Authorization Server Operator)
)
(AuthzP.ASO.Introduce-Resource-Server.Duty = (AuthzP.ASO.Introduce-Resource-Server.Duty.1 = to introduce the desired (Resource_Server = Resource Server)
to this (Authorization_Server = Authorization Server)
in outsourcing protection of this (Resource_Server = Resource Server)
's resources)
)
.)
)
- (AuthzP.RSO.Introduce-Authorization-Server.Sec = (AuthzP.RSO.Introduce-Authorization-Server.Title = (Authorizing_Party = (Grantor = Grantor)
)
-(Resource_Server_Operator = Resource Server Operator)
: Introduce-Authorization-Server)
(AuthzP.RSO.Introduce-Authorization-Server.Text = (AuthzP.RSO.Introduce-Authorization-Server.Condition = When the (Authorization_Server = Authorization Server)
issues a (PAT = PAT)
to a (Resource_Server = Resource Server)
and as long as the (PAT = PAT)
is valid)
, (AuthzP.RSO.Introduce-Authorization-Server.Parties = the (Authorizing_Party = (Grantor = Grantor)
)
gains an obligation to the (Resource_Server_Operator = Resource Server Operator)
)
(AuthzP.RSO.Introduce-Authorization-Server.Duty = (AuthzP.RSO.Introduce-Authorization-Server.Duty.1 = to introduce the desired (Authorization_Server = Authorization Server)
to this (Resource_Server = Resource Server)
in outsourcing protection of this (Resource_Server = Resource Server)
's resources)
)
.)
)
)
)