[Openid-specs-heart] Comments on Draft HEART Profile for UMA 1.0
Luis C. Maas III, M.D., Ph.D.
lcmaas at emrdirect.com
Mon Apr 10 20:10:55 UTC 2017
Hi All, a few comments on the current draft of the HEART Profile for UMA
1.0:
- Section 1.3: "A HEART-compliant UMA authorization server MAY also
provide HEART-compliant OAuth 2.0 authorization server functionality."
This conflicts with section 1 that states the this profile inherits all
requirements of the HEART profiles for OAuth 2.0 and OIDC 1.0. I see a
"where applicable" but since UMA endpoints are OAuth 2.0 protected
endpoints, and there are several MUST references to the HEART OAuth 2.0
profile, is there an example where the OAuth 2.0 requirements would not
be applicable?
- Section 3.1.2: Typo "...or their is another..."
- Section 4.1.1: Is this a typo? should this be Protection API endpoints
as per UMA Core Section 1.3.1 rather than RPT endpoint?
Luis
Luis C. Maas III, M.D., Ph.D.
CTO
EMR Direct
www.emrdirect.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170410/b9256b46/attachment.html>
More information about the Openid-specs-heart
mailing list