[WG-UMA] Scope Registration Protocol

[Christian Scholz]

Hi everybody!

I did write together some quick idea of the Scope Registration Protocol
we talked about in friday's focus meeting.

You can find it here:

http://mrtopf.clprojects.net/uma/
http://mrtopf.clprojects.net/uma/draft-uma-scope-registration.html
(txt and xml available as well).

The basic idea:

- Only the host needs to know about actual resources as it knows anyway
and there can be a lot of them
- The host probably has grouped them together in various ways already to
make them manageable to the user
- Thus it can define scopes on these sets of resources and only
registers those scopes with the AM
- The AM can then let the user attach policies to those scopes.
- Scopes are simple strings, e.g. "family_photos" or
"tagged_with_something" or "tag:something".
- The host can make up those names but needs to provide a human readable
description as well
- The host sends those strings to the scope registration API of the AM.
- The host can also delete them again

The advantage: Registering is easy and if resources change on the Host
side, there doesn't need to be an update
directly to the AM. It also prevents the AM to actually mirror the whole
resource structure of the Host which can
be a lot given e.g. Twitter or Flickr. (and I don't see twitter only as
a service. Think of a twitter like service for corporate
use. There you want to be able to give certain rights on individual
posts I assume).

Now the next question is what will happen in step 2 and 3 of UMA when
only the scope is known. This is what I
will think about next ;-)

Also note that this is push only. As you know I don't like too many
mechanisms. There can always be some additional API
though for an AM to poke the Host to send it's scopes over already. I
also think though that the user will most of the time
use Hosts and not the AM. The AM might eventually though send an SMS to
ask for some permission which will result in wild
password memorization attempts on the user side.

cheers,

Christian

PS: lots of things are missing, this is mostly to give a rough idea. And
in case it needs to be scrapped again not too much is lost ;-)

_______________________________________________
WG-UMA mailing list
WG-...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma