[WG-UMA] Correlated Authorization

8 views
Skip to first unread message

Igor Zboran

unread,
Sep 15, 2021, 7:00:33 AM9/15/21
to wg-uma@kantarainitiative.org WG
Hi all,

I have been thinking for a long time how to convey information about the user from an identity provider to an authorization server, especially across security domain boundaries. This is difficult to implement because OAuth2, OIDC and UMA are single-authority protocols. That's why I tried to extend the UMA protocol to a dual-authority protocol. Please find a short draft proposal here: https://github.com/uma-email/poc

I would be very interested to know if this is the right way to do it and what you think about this idea.

Disclaimer: Although I present the idea of the correlated authorization as a new protocol, if adopted and refined by the working group, it could be referred to as the UMA wide ecosystem.

Regards

-Igor
Reply all
Reply to author
Forward
0 new messages