Title: Obligations of the {Resource_Server_Operator}

Text:
  1. {Resource_Server_Operator}-{Authorizing_Party}: Delegate-Protection
    For the period that the {Resource_Server_Operator} and {Authorizing_Party} have mutually agreed to serve in these respective roles for each other, the {Resource_Server_Operator} gains an obligation to the {Authorizing_Party} to delegate protection services to the {Authorization_Server_Operator} for the set of protectable resources for which it represents this capability to the {Authorizing_Party}, and to respect the authorization data that the {Authorization_Server} has associated with an {RPT} when the {Resource_Server} subsequently allows or disallows access by the {Client} that presented that {RPT}.
  2. {Resource_Server_Operator} to {Authorizing_Party} and {Authorization_Server_Operator}: Register-Accurately-and-Timely
    For the period that the {Resource_Server_Operator} and {Authorizing_Party} have mutually agreed to serve in these respective roles for each other, in the context of a particular {Authorization_Server_Operator}, the {Resource_Server_Operator} gains an obligation to the {Authorizing_Party} and the {Authorization_Server_Operator} to register resource set descriptions accurately and timely and according to the {Authorizing_Party}’s expressed instructions for protection if any.
  3. {Resource_Server_Operator}-{Authorization_Server_Operator}: Respect-Permissions
    For the period that the {Resource_Server_Operator} and {Authorization_Server_Operator} have mutually agreed to serve in these respective roles for each other, the {Resource_Server_Operator} gains an obligation to the {Authorization_Server_Operator} to disallow access by a {Client} presenting an {RPT} in all cases where the authorization data associated by the {Authorization_Server} is insufficient for the access attempt..


Comments: None Signaled