[Openid-specs-heart] Alice's health resource set

Eve Maler eve.maler at forgerock.com
Tue Aug 2 16:04:10 UTC 2016


The UMA group's rationale for calling it "resource set" was that the
resource server is authoritative for any internal structure (or lack
thereof) and content of a digital resource that is under UMA protection;
whatever detail it *doesn't* register with an authorization server is
invisible to the authorization server, so the name is an acknowledgment
that the thing registered might represent multitudes (e.g., it could be a
"folder of photos" for which the resource server has chosen not to register
individual photos, or whatever).

We do, unfortunately, go back and forth a bit between "resource set" and
"protected resource" in the two UMA-related specs, and also issue this
caution in the RSR spec: *"Note carefully the similar but distinct senses
in which the word "resource" is used in this section. The resource set
descriptions are themselves managed as web resources at the authorization
server through this API."* Because the phrase "protected resource" is so
prevalent in the OAuth world, in our current work, we may consider doing
some terminology alignment.


*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
*ForgeRock Summits and UnSummits* are coming to
<http://summits.forgerock.com/> *Sydney, London, and Paris!*

On Tue, Aug 2, 2016 at 7:52 AM, Debbie Bucci <debbucci at gmail.com> wrote:

> Resource Set  - what purpose it might serve.
>
> Mind you - I don't know the thinking behind the UMA spec - but In the
> federated authentication environment when you are dealing with hundreds if
> not thousands for partners, a methods to group claims together has evolved
> to help ease the burden on the backend  for those having to configure
> release policies for each and every partner.   The ability for a RS to
> define resource sets that makes sense for their business - may have a
> similar effect.
>
>>
>>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160802/6337b6c8/attachment.html>


More information about the Openid-specs-heart mailing list