Hi Eve, Hi Adrian, Thanks for pointing me in the right direction. I finally identified a security triumvirate – the arrangement of Identity Provider, UMA Provider and Claims Provider. Now I know that we need a decentralized Claims Provider system to create a wide UMA-compliant ecosystem.
I designed a decentralized OAuth2-based Claims Provider system, which uses verifiable DKIM signatures without user involvement. This is related to UMA, so when the first draft is ready may I post it here?
Regards
-Igor