UMA – Interop testing, ARP use case

From IIW

UMA: Interop Testing, ARP Use Case

Wednesday 5C

Convener: Roland Hedberg

Notes-taker(s): Roland Hedberg

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Roland described the UMA use case that he and his group are going to implement.

The setup is that we have Identity providers, IdP and AA for SAML and OP for OIDC, and there are service provider who wants information.

Which information is released to which service provider is governed by what is called attribute release policy.

This policy is set by at least two parties:

1) an administrator

2) the user who’s identity information is released

Right now this is mostly done within the identity provider we are looking at putting it outside such that all identity providers could be governed from one and the same authorization server. We also would like to use a standard protocol (UMA) for doing this.

After presenting this layout a discussion was held about:

  • what scopes really means,
  • what kind of information that can be handled by UMA,
  • the binding of several resource servers to one authorization server,
  • resource set naming

and so on…