<div dir="ltr"><div>In section 4.1 Discovery of <a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html">http://openid.bitbucket.org/HEART/openid-heart-oauth2.html</a>, we have the requirement for each AS to have a public key ( jwks_uri The fully qualified URI of the server's public key in <a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517">JWK Set</a> <cite title="NONE">[RFC7517]</cite> format
) This is good and clear.<br><br></div><div>Correspondingly, in the UMA profile <a href="http://openid.bitbucket.org/HEART/openid-heart-uma.html">http://openid.bitbucket.org/HEART/openid-heart-uma.html</a> I might expect a clearer reference to the resource registration aspects of UMA. As far as I can tell, this is mentioned in Section 2. Tokens as "It is RECOMMENDED that the PAT use a
user-delegated mechanism for issuance and the AAT use a non-delegated
method for issuance."<br><br></div><div>Does the HEART UMA profile require that a Resource Server MUST be capable of storing a separate AS public key (presumably the jwks_uri in OAuth 4.1) for every registered resource? If so, where is this stated and could it be made clearer?<br><br></div><div>Adrian<br></div><div><div><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"></span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:rgb(5,99,193)">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:rgb(31,73,125)"></span>
</div></div></div></div></div></div></div></div>
</div></div></div>